Add bind playbook
This commit is contained in:
parent
5d49f8ddac
commit
78bca0bd72
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
- name: Bind configuration
|
||||||
|
hosts: all
|
||||||
|
tasks:
|
||||||
|
- name: Install chrony
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name:
|
||||||
|
- bind9
|
||||||
|
|
||||||
|
- name: Install conf file
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: bind/conf
|
||||||
|
dest: /etc/bind/named.conf.local
|
||||||
|
owner: root # TODO check
|
||||||
|
mode: '0600' # TODO check
|
||||||
|
# directory_mode: '0700' # TODO check
|
||||||
|
|
||||||
|
- name: Install zone file
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: bind/zones
|
||||||
|
dest: /etc/bind/zones/db.golem.linux.it
|
||||||
|
owner: root # TODO check
|
||||||
|
mode: '0600' # TODO check
|
||||||
|
# directory_mode: '0700' # TODO check
|
||||||
|
|
||||||
|
- name: Restart bind to apply changes
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: bind9.service
|
||||||
|
state: restarted
|
|
@ -0,0 +1,11 @@
|
||||||
|
zone "golem.linux.it" {
|
||||||
|
type master;
|
||||||
|
file "/etc/bind/db.golem.linux.it";
|
||||||
|
allow-transfer {
|
||||||
|
213.254.12.144/28; // Tutta ILS
|
||||||
|
2001:1418:10:5::0/64; // Tutta (?) ILS IPv6 (?)
|
||||||
|
2001:4b78:2000::/48; // Tutto Marco d'Itri (BOFH)
|
||||||
|
85.94.204.144/28; // Tutto Marco d'Itri (BOFH)
|
||||||
|
2001:470:c844::/48; // GOLEM network
|
||||||
|
};
|
||||||
|
};
|
|
@ -0,0 +1,93 @@
|
||||||
|
; +================+
|
||||||
|
; BIND data file for | GOLEM.LINUX.IT |
|
||||||
|
; +================+
|
||||||
|
;
|
||||||
|
; IMPORTANT: Always remember to update the Serial number after any change,
|
||||||
|
; otherwise new records will not be retrieved by other DNS servers,
|
||||||
|
; and they will not propagate.
|
||||||
|
$TTL 3600
|
||||||
|
@ IN SOA vostok.giomba.it. info.golem.linux.it. (
|
||||||
|
2024032600 ; Serial
|
||||||
|
3600 ; Refresh
|
||||||
|
86400 ; Retry
|
||||||
|
86400 ; Expire
|
||||||
|
86400 ) ; Negative Cache TTL
|
||||||
|
|
||||||
|
; name servers - NS records
|
||||||
|
IN NS vostok.giomba.it.
|
||||||
|
IN NS ns.linux.it.
|
||||||
|
IN NS ns.giomba.it.
|
||||||
|
|
||||||
|
; dynamic name server for computers in Officina
|
||||||
|
andromeda.officina.golem.linux.it. IN AAAA 2001:470:c844:200:2e0:81ff:fed0:ec03
|
||||||
|
|
||||||
|
; mail -- mailbox.org
|
||||||
|
golem.linux.it. IN MX 10 mxext1.mailbox.org.
|
||||||
|
golem.linux.it. IN MX 10 mxext2.mailbox.org.
|
||||||
|
golem.linux.it. IN MX 20 mxext3.mailbox.org.
|
||||||
|
0c11bf06d09019ef480ae8d7a6a3ebe5c269405d.golem.linux.it. IN TXT 2593cd5dd048c3264223b52a5290fb9e0f6fedba
|
||||||
|
golem.linux.it. IN TXT "v=spf1 include:mailbox.org -all"
|
||||||
|
golem.linux.it. IN A 152.228.140.73
|
||||||
|
|
||||||
|
; hosts - A records
|
||||||
|
ns.golem.linux.it. IN A 152.228.140.73
|
||||||
|
ns.golem.linux.it. IN AAAA 2001:470:c844::2
|
||||||
|
|
||||||
|
; VPS
|
||||||
|
atena IN A 152.228.140.73
|
||||||
|
atena IN AAAA 2001:470:c844::11
|
||||||
|
ipv4.atena IN A 152.228.140.73
|
||||||
|
ipv6.atena IN AAAA 2001:41d0:404:200::947f
|
||||||
|
; use ipv4 or ipv6 to only get the ipv4 or ipv6 address -- needed for some buggy apps
|
||||||
|
ipv4.golem.linux.it. IN A 152.228.140.73
|
||||||
|
ipv6.golem.linux.it. IN AAAA 2001:470:c844::2
|
||||||
|
; "Gestionale dei soci", migrated on VPS
|
||||||
|
argento IN CNAME atena
|
||||||
|
|
||||||
|
; vital mnemonic services
|
||||||
|
ns6.golem.linux.it. IN CNAME ipv6.golem.linux.it.
|
||||||
|
www.golem.linux.it. IN CNAME golem.linux.it.
|
||||||
|
|
||||||
|
; Network equipment
|
||||||
|
porceddu.net IN AAAA 2001:470:c844:200::1
|
||||||
|
scatolotto.net IN AAAA 2001:470:c844::200
|
||||||
|
|
||||||
|
; VPN
|
||||||
|
vpn IN CNAME ipv4.atena
|
||||||
|
|
||||||
|
; web
|
||||||
|
archivio IN CNAME atena
|
||||||
|
blog IN CNAME atena
|
||||||
|
build IN CNAME atena
|
||||||
|
cgi IN CNAME atena
|
||||||
|
ci IN CNAME atena
|
||||||
|
cloud IN CNAME atena
|
||||||
|
digitalecivile IN CNAME atena
|
||||||
|
git IN CNAME atena
|
||||||
|
hub.docker IN CNAME atena
|
||||||
|
matrix IN CNAME atena
|
||||||
|
websdr IN CNAME atena
|
||||||
|
wiki IN CNAME atena
|
||||||
|
|
||||||
|
; servers in Officina
|
||||||
|
backupper IN AAAA 2001:470:c844:200:4c9a:3fff:fe98:663c
|
||||||
|
builder IN AAAA 2001:470:c844:200:b867:2ff:fe66:f76b
|
||||||
|
cassone IN AAAA 2001:470:c844:200:ec5b:2bff:febd:d71a
|
||||||
|
cerbero IN AAAA 2001:470:c844:200::1111:4242
|
||||||
|
screensy IN AAAA 2001:470:c844:200:1447:55ff:fe54:279e
|
||||||
|
; Dead servers, their services are moved
|
||||||
|
cassiopea IN CNAME cerbero
|
||||||
|
servirtualozzo.cassiopea IN CNAME cassone
|
||||||
|
vupiuesse.andromeda IN CNAME cassone
|
||||||
|
|
||||||
|
; workstations in Officina
|
||||||
|
stampante3d.officina IN AAAA 2001:470:c844:200:10ab:2782:dcdf:8ebb
|
||||||
|
golem-sala-corsi.officina IN AAAA 2001:470:c844:200:4c47:aaf:6c2d:a08c
|
||||||
|
laptopless.officina IN AAAA 2001:470:c844:200:2c0:9fff:fefc:123c
|
||||||
|
limortouch.officina IN AAAA 2001:470:c844:200:167e:8920:7567:a49b
|
||||||
|
|
||||||
|
; soci
|
||||||
|
spookyh-vm0.soci IN AAAA 2001:470:c844:200:3467:6bff:fe6b:1045
|
||||||
|
|
||||||
|
; tests
|
||||||
|
comment-0 IN TXT "There has been an error in the authoritative DNS for years and we only discover it now?"
|
Loading…
Reference in New Issue