enable aliases, but use localhost for upstream lookups
This commit is contained in:
parent
d899e98f32
commit
1cbbc6bb09
4 changed files with 5 additions and 11 deletions
|
|
@ -1,7 +1,7 @@
|
||||||
nameservers:
|
nameservers:
|
||||||
hosts:
|
hosts:
|
||||||
dns.janky.solutions:
|
dns.janky.solutions:
|
||||||
ansible_host: 10.5.1.156
|
ansible_host: 10.5.1.30
|
||||||
powerdns_admin: yes
|
powerdns_admin: yes
|
||||||
dns_wg_ip: 10.6.0.1
|
dns_wg_ip: 10.6.0.1
|
||||||
dns_wg_pubkey: hYUM1LRSemvjcPfHHcH9sZOsE45xWRSkasXs8uEDJDo=
|
dns_wg_pubkey: hYUM1LRSemvjcPfHHcH9sZOsE45xWRSkasXs8uEDJDo=
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
- name: install stuff from apt
|
- name: install stuff from apt
|
||||||
apt:
|
apt:
|
||||||
name: [pdns-server, pdns-backend-pgsql, wireguard-tools, python3-psycopg2, postgresql]
|
name: [pdns-server, pdns-backend-pgsql, wireguard-tools, python3-psycopg2, postgresql, systemd-resolved]
|
||||||
|
|
||||||
- name: configure wireguard tunnel
|
- name: configure wireguard tunnel
|
||||||
template:
|
template:
|
||||||
|
|
@ -14,16 +14,10 @@
|
||||||
name: wg-quick@wg0
|
name: wg-quick@wg0
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
- name: check if resolved is installed
|
|
||||||
stat:
|
|
||||||
path: /etc/systemd/resolved.conf
|
|
||||||
register: resolvedconf
|
|
||||||
|
|
||||||
- name: create resolved.conf.d
|
- name: create resolved.conf.d
|
||||||
file:
|
file:
|
||||||
path: /etc/systemd/resolved.conf.d
|
path: /etc/systemd/resolved.conf.d
|
||||||
state: directory
|
state: directory
|
||||||
when: resolvedconf.stat.exists
|
|
||||||
|
|
||||||
- name: disable systemd-resolved stub listener (its probably using port 53 and we need it)
|
- name: disable systemd-resolved stub listener (its probably using port 53 and we need it)
|
||||||
template:
|
template:
|
||||||
|
|
@ -31,7 +25,6 @@
|
||||||
dest: /etc/systemd/resolved.conf.d/10-disable-stub-listener.conf
|
dest: /etc/systemd/resolved.conf.d/10-disable-stub-listener.conf
|
||||||
notify:
|
notify:
|
||||||
- restart systemd-resolved
|
- restart systemd-resolved
|
||||||
when: resolvedconf.stat.exists
|
|
||||||
|
|
||||||
- name: configure postgres for streaming replication
|
- name: configure postgres for streaming replication
|
||||||
template:
|
template:
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ gpgsql-user=pdns
|
||||||
gpgsql-password={{ lookup('ansible.builtin.password', 'secrets/' + inventory_hostname + '/pg-pdns-password.txt', length=15) }}
|
gpgsql-password={{ lookup('ansible.builtin.password', 'secrets/' + inventory_hostname + '/pg-pdns-password.txt', length=15) }}
|
||||||
gpgsql-dnssec=yes
|
gpgsql-dnssec=yes
|
||||||
default-soa-content=ns1.janky.zone dns-admin.@ 0 10800 3600 604800 3600
|
default-soa-content=ns1.janky.zone dns-admin.@ 0 10800 3600 604800 3600
|
||||||
|
resolver=127.0.0.1
|
||||||
|
expand-alias=yes
|
||||||
|
|
||||||
{% if powerdns_admin | default(false) %}
|
{% if powerdns_admin | default(false) %}
|
||||||
api=yes
|
api=yes
|
||||||
|
|
@ -13,4 +15,3 @@ api-key={{ lookup('ansible.builtin.password', 'secrets/' + inventory_hostname +
|
||||||
webserver-address=10.88.0.1
|
webserver-address=10.88.0.1
|
||||||
webserver-allow-from=10.88.0.0/24
|
webserver-allow-from=10.88.0.0/24
|
||||||
{% endif %}
|
{% endif %}
|
||||||
q
|
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@ PrivateKey = {{ lookup('ansible.builtin.ini', 'private_key section=wireguard fil
|
||||||
ListenPort = 51822
|
ListenPort = 51822
|
||||||
Address = {{ dns_wg_ip }}
|
Address = {{ dns_wg_ip }}
|
||||||
|
|
||||||
{% for host in hostvars %}
|
{% for host in groups['nameservers'] %}
|
||||||
{% if host != inventory_hostname %}
|
{% if host != inventory_hostname %}
|
||||||
# {{ host }}
|
# {{ host }}
|
||||||
[Peer]
|
[Peer]
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue