From 1cbbc6bb09b415af6c1b2d8e3902cc0565b62ef4 Mon Sep 17 00:00:00 2001 From: Finn Date: Sun, 7 Apr 2024 17:54:12 -0700 Subject: [PATCH] enable aliases, but use localhost for upstream lookups --- inventory.yml | 2 +- roles/pdns/tasks/main.yml | 9 +-------- roles/pdns/templates/powerdns.conf | 3 ++- roles/pdns/templates/wireguard.conf | 2 +- 4 files changed, 5 insertions(+), 11 deletions(-) diff --git a/inventory.yml b/inventory.yml index 0539637..dc05319 100644 --- a/inventory.yml +++ b/inventory.yml @@ -1,7 +1,7 @@ nameservers: hosts: dns.janky.solutions: - ansible_host: 10.5.1.156 + ansible_host: 10.5.1.30 powerdns_admin: yes dns_wg_ip: 10.6.0.1 dns_wg_pubkey: hYUM1LRSemvjcPfHHcH9sZOsE45xWRSkasXs8uEDJDo= diff --git a/roles/pdns/tasks/main.yml b/roles/pdns/tasks/main.yml index 9cbb465..171b643 100644 --- a/roles/pdns/tasks/main.yml +++ b/roles/pdns/tasks/main.yml @@ -1,6 +1,6 @@ - name: install stuff from apt apt: - name: [pdns-server, pdns-backend-pgsql, wireguard-tools, python3-psycopg2, postgresql] + name: [pdns-server, pdns-backend-pgsql, wireguard-tools, python3-psycopg2, postgresql, systemd-resolved] - name: configure wireguard tunnel template: @@ -14,16 +14,10 @@ name: wg-quick@wg0 enabled: true -- name: check if resolved is installed - stat: - path: /etc/systemd/resolved.conf - register: resolvedconf - - name: create resolved.conf.d file: path: /etc/systemd/resolved.conf.d state: directory - when: resolvedconf.stat.exists - name: disable systemd-resolved stub listener (its probably using port 53 and we need it) template: @@ -31,7 +25,6 @@ dest: /etc/systemd/resolved.conf.d/10-disable-stub-listener.conf notify: - restart systemd-resolved - when: resolvedconf.stat.exists - name: configure postgres for streaming replication template: diff --git a/roles/pdns/templates/powerdns.conf b/roles/pdns/templates/powerdns.conf index 272c03e..c9cef92 100644 --- a/roles/pdns/templates/powerdns.conf +++ b/roles/pdns/templates/powerdns.conf @@ -6,6 +6,8 @@ gpgsql-user=pdns gpgsql-password={{ lookup('ansible.builtin.password', 'secrets/' + inventory_hostname + '/pg-pdns-password.txt', length=15) }} gpgsql-dnssec=yes default-soa-content=ns1.janky.zone dns-admin.@ 0 10800 3600 604800 3600 +resolver=127.0.0.1 +expand-alias=yes {% if powerdns_admin | default(false) %} api=yes @@ -13,4 +15,3 @@ api-key={{ lookup('ansible.builtin.password', 'secrets/' + inventory_hostname + webserver-address=10.88.0.1 webserver-allow-from=10.88.0.0/24 {% endif %} -q diff --git a/roles/pdns/templates/wireguard.conf b/roles/pdns/templates/wireguard.conf index 570d2a5..67bfb9b 100644 --- a/roles/pdns/templates/wireguard.conf +++ b/roles/pdns/templates/wireguard.conf @@ -3,7 +3,7 @@ PrivateKey = {{ lookup('ansible.builtin.ini', 'private_key section=wireguard fil ListenPort = 51822 Address = {{ dns_wg_ip }} -{% for host in hostvars %} +{% for host in groups['nameservers'] %} {% if host != inventory_hostname %} # {{ host }} [Peer]