ansible/roles/knotd/templates/knot.conf.j2

145 lines
3.8 KiB
Text
Raw Permalink Normal View History

2022-08-18 01:35:12 +02:00
{{ ansible_managed | comment }}
2022-08-17 19:00:07 +02:00
server:
rundir: "{{ knotd__run_dir }}"
user: {{ knotd__user }}:{{ knotd__group }}
{% for listen in knotd__listen %}
listen: {{ listen.address }}@{{ listen.port | default(knotd__port) }}
{% endfor %}
2022-08-18 21:24:12 +02:00
version: ""
identity: ""
2022-08-17 19:00:07 +02:00
log:
- target: syslog
any: info
database:
storage: "{{ knotd__database_dir }}"
{% if knotd__keys %}
key:
{% for id, key in knotd__keys.items() %}
- id: {{ id }}
algorithm: {{ key.algorithm }}
secret: {{ key.secret }}
{% endfor %}
{% endif %}
{% if knotd__remotes %}
remote:
{% for id, remote in knotd__remotes.items() %}
- id: {{ id }}
address: {{ remote.address }}
2022-08-18 01:35:12 +02:00
{% if remote.key is defined %}
2022-08-17 19:00:07 +02:00
key: {{ remote.key }}
{% endif %}
{% endfor %}
{% endif %}
{% if knotd__submissions %}
submission:
{% for id, submission in knotd__submissions.items() %}
- id: {{ id }}
parent: {{ submission.parent }}
{% endfor %}
{% endif %}
{% if knotd__policies %}
policy:
{% for id, policy in knotd__policies.items() %}
- id: {{ id }}
algorithm: {{ policy.algorithm }}
{% if policy.algorithm.startswith("ECDSA") %}
reproducible-signing: {{ policy.reproducible_signing
| default(knotd__reproducible_signing)
| ternary("on", "off") }}
{% endif %}
ksk-lifetime: {{ policy.ksk_lifetime }}
zsk-lifetime: {{ policy.zsk_lifetime }}
nsec3: {{ policy.nsec3
| default(knotd__nsec3)
| ternary("on", "off") }}
2022-08-18 01:35:12 +02:00
{% if policy.ds_push is defined %}
2022-08-17 19:00:07 +02:00
ds-push: {{ policy.ds_push }}
{% endif %}
cds-cdnskey-publish: {{ policy.cds_cdnskey_publish
| default(knotd__cds_cdnskey_publish) }}
2022-08-18 01:35:12 +02:00
{% if policy.ksk_submission is defined %}
2022-08-17 19:00:07 +02:00
ksk-submission: {{ policy.ksk_submission }}
{% endif %}
{% endfor %}
{% endif %}
{% if knotd__acl %}
acl:
{% for id, acl in knotd__acl.items() %}
- id: {{ id }}
2022-08-18 01:35:12 +02:00
{% if acl.addresses is defined %}
2022-08-17 19:00:07 +02:00
address: [ {{ acl.addresses | join(", ") }} ]
{% endif %}
action: {{ acl.action }}
{% if acl.action == "update" %}
update-type: [ {{ acl.update_types | join(", ") }} ]
update-owner: {{ acl.update_owner
| default(knotd__acl_update_owner) }}
update-owner-match: {{ acl.update_owner_match
| default(knotd__acl_update_owner_match) }}
update-owner-name: [ {{ acl.update_owner_name | join(", ") }} ]
{% endif %}
2022-08-18 01:35:12 +02:00
{% if acl.key is defined %}
2022-08-17 19:00:07 +02:00
key: {{ acl.key }}
{% endif %}
{% endfor %}
{% endif %}
2022-08-18 19:50:35 +02:00
{% if knotd__queryacl %}
2022-08-18 01:35:12 +02:00
mod-queryacl:
{% for id, acl in knotd__queryacl.items() %}
- id: {{ id }}
address: [ {{ acl.addresses | join(", ") }} ]
{% endfor %}
{% endif %}
2022-08-17 19:00:07 +02:00
template:
- id: default
storage: "{{ knotd__zones_dir }}"
file: "%s.zone"
zonefile-sync: -1
journal-content: changes
journal-content: all
serial-policy: {{ knotd__serial_policy }}
{% if knotd__zones %}
zone:
{% for domain, zone in knotd__zones.items() %}
{% if zone.enabled | default(true) %}
- domain: {{ domain }}
2022-08-18 01:35:12 +02:00
{% if zone.notify is defined %}
2022-08-17 19:00:07 +02:00
notify: [ {{ zone.notify | join(", ") }} ]
{% endif %}
2022-08-18 01:35:12 +02:00
{% if zone.acl is defined %}
2022-08-17 19:00:07 +02:00
acl: [ {{ zone.acl | join(", ") }} ]
{% endif %}
2022-08-18 01:35:12 +02:00
{% if zone.queryacl is defined %}
module: mod-queryacl/{{ zone.queryacl }}
{% endif %}
{% if zone.master is defined %}
2022-08-17 19:00:07 +02:00
master: {{ zone.master }}
zonefile-load: none
{% else %}
zonefile-load: difference-no-serial
semantic-checks: {{ knotd__semantic_checks
| ternary("on", "off") }}
2022-08-17 19:00:07 +02:00
{% endif %}
2022-08-18 01:35:12 +02:00
{% if zone.dnssec_policy is defined %}
2022-08-17 19:00:07 +02:00
dnssec-policy: {{ zone.dnssec_policy }}
dnssec-signing: on
{% else %}
dnssec-validation: {{ zone.dnssec_validation
| default(knotd__dnssec_validation)
| ternary("on", "off") }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}