enable aliases, but use localhost for upstream lookups
This commit is contained in:
parent
d899e98f32
commit
1cbbc6bb09
4 changed files with 5 additions and 11 deletions
|
|
@ -1,7 +1,7 @@
|
|||
nameservers:
|
||||
hosts:
|
||||
dns.janky.solutions:
|
||||
ansible_host: 10.5.1.156
|
||||
ansible_host: 10.5.1.30
|
||||
powerdns_admin: yes
|
||||
dns_wg_ip: 10.6.0.1
|
||||
dns_wg_pubkey: hYUM1LRSemvjcPfHHcH9sZOsE45xWRSkasXs8uEDJDo=
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
- name: install stuff from apt
|
||||
apt:
|
||||
name: [pdns-server, pdns-backend-pgsql, wireguard-tools, python3-psycopg2, postgresql]
|
||||
name: [pdns-server, pdns-backend-pgsql, wireguard-tools, python3-psycopg2, postgresql, systemd-resolved]
|
||||
|
||||
- name: configure wireguard tunnel
|
||||
template:
|
||||
|
|
@ -14,16 +14,10 @@
|
|||
name: wg-quick@wg0
|
||||
enabled: true
|
||||
|
||||
- name: check if resolved is installed
|
||||
stat:
|
||||
path: /etc/systemd/resolved.conf
|
||||
register: resolvedconf
|
||||
|
||||
- name: create resolved.conf.d
|
||||
file:
|
||||
path: /etc/systemd/resolved.conf.d
|
||||
state: directory
|
||||
when: resolvedconf.stat.exists
|
||||
|
||||
- name: disable systemd-resolved stub listener (its probably using port 53 and we need it)
|
||||
template:
|
||||
|
|
@ -31,7 +25,6 @@
|
|||
dest: /etc/systemd/resolved.conf.d/10-disable-stub-listener.conf
|
||||
notify:
|
||||
- restart systemd-resolved
|
||||
when: resolvedconf.stat.exists
|
||||
|
||||
- name: configure postgres for streaming replication
|
||||
template:
|
||||
|
|
|
|||
|
|
@ -6,6 +6,8 @@ gpgsql-user=pdns
|
|||
gpgsql-password={{ lookup('ansible.builtin.password', 'secrets/' + inventory_hostname + '/pg-pdns-password.txt', length=15) }}
|
||||
gpgsql-dnssec=yes
|
||||
default-soa-content=ns1.janky.zone dns-admin.@ 0 10800 3600 604800 3600
|
||||
resolver=127.0.0.1
|
||||
expand-alias=yes
|
||||
|
||||
{% if powerdns_admin | default(false) %}
|
||||
api=yes
|
||||
|
|
@ -13,4 +15,3 @@ api-key={{ lookup('ansible.builtin.password', 'secrets/' + inventory_hostname +
|
|||
webserver-address=10.88.0.1
|
||||
webserver-allow-from=10.88.0.0/24
|
||||
{% endif %}
|
||||
q
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ PrivateKey = {{ lookup('ansible.builtin.ini', 'private_key section=wireguard fil
|
|||
ListenPort = 51822
|
||||
Address = {{ dns_wg_ip }}
|
||||
|
||||
{% for host in hostvars %}
|
||||
{% for host in groups['nameservers'] %}
|
||||
{% if host != inventory_hostname %}
|
||||
# {{ host }}
|
||||
[Peer]
|
||||
|
|
|
|||
Loading…
Reference in a new issue