ansible/roles/knotd/templates/knot.conf.j2

server:
  rundir: "{{ knotd__run_dir }}"
  user: {{ knotd__user }}:{{ knotd__group }}
{% for listen in knotd__listen %}
  listen: {{ listen.address }}@{{ listen.port | default(knotd__port) }}
{% endfor %}

log:
  - target: syslog
    any: info

database:
  storage: "{{ knotd__database_dir }}"

{% if knotd__keys %}
key:
{% for id, key in knotd__keys.items() %}
  - id: {{ id }}
    algorithm: {{ key.algorithm }}
    secret: {{ key.secret }}
{% endfor %}
{% endif %}

{% if knotd__remotes %}
remote:
{% for id, remote in knotd__remotes.items() %}
  - id: {{ id }}
    address: {{ remote.address }}
{% if "key" in remote %}
    key: {{ remote.key }}
{% endif %}
{% endfor %}
{% endif %}

{% if knotd__submissions %}
submission:
{% for id, submission in knotd__submissions.items() %}
  - id: {{ id }}
    parent: {{ submission.parent }}
{% endfor %}
{% endif %}

{% if knotd__policies %}
policy:
{% for id, policy in knotd__policies.items() %}
  - id: {{ id }}
    algorithm: {{ policy.algorithm }}
{% if policy.algorithm.startswith("ECDSA") %}
    reproducible-signing: {{ policy.reproducible_signing
                             | default(knotd__reproducible_signing)
                             | ternary("on", "off") }}
{% endif %}
    ksk-lifetime: {{ policy.ksk_lifetime }}
    zsk-lifetime: {{ policy.zsk_lifetime }}
    nsec3: {{ policy.nsec3
              | default(knotd__nsec3)
              | ternary("on", "off") }}
{% if "ds_push" in policy %}
    ds-push: {{ policy.ds_push }}
{% endif %}
    cds-cdnskey-publish: {{ policy.cds_cdnskey_publish
                            | default(knotd__cds_cdnskey_publish) }}
{% if "ksk_submission" in policy %}
    ksk-submission: {{ policy.ksk_submission }}
{% endif %}
{% endfor %}
{% endif %}

{% if knotd__acl %}
acl:
{% for id, acl in knotd__acl.items() %}
  - id: {{ id }}
{% if "addresses" in acl %}
    address: [ {{ acl.addresses | join(", ") }} ]
{% endif %}
    action: {{ acl.action }}
{% if acl.action == "update" %}
    update-type: [ {{ acl.update_types | join(", ") }} ]
    update-owner: {{ acl.update_owner
                     | default(knotd__acl_update_owner) }}
    update-owner-match: {{ acl.update_owner_match
                           | default(knotd__acl_update_owner_match) }}
    update-owner-name: [ {{ acl.update_owner_name | join(", ") }} ]
{% endif %}
{% if "key" in acl %}
    key: {{ acl.key }}
{% endif %}
{% endfor %}
{% endif %}

template:
  - id: default
    storage: "{{ knotd__zones_dir }}"
    file: "%s.zone"
    semantic-checks: {{ knotd__semantic_checks
                        | ternary("on", "off") }}
    zonefile-sync: -1
    zonefile-load: difference-no-serial
    journal-content: changes
    journal-content: all
    serial-policy: {{ knotd__serial_policy }}

{% if knotd__zones %}
zone:
{% for domain, zone in knotd__zones.items() %}
{% if zone.enabled | default(true) %}
  - domain: {{ domain }}
{% if "notify" in zone %}
    notify: [ {{ zone.notify | join(", ") }} ]
{% endif %}
{% if "acl" in zone %}
    acl: [ {{ zone.acl | join(", ") }} ]
{% endif %}
{% if "master" in zone %}
    master: {{ zone.master }}
{% endif %}
{% if "dnssec_policy" in zone %}
    dnssec-policy: {{ zone.dnssec_policy }}
    dnssec-signing: on
{% else %}
    dnssec-validation: {{ zone.dnssec_validation
                          | default(knotd__dnssec_validation)
                          | ternary("on", "off") }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
Add knotd role 2022-08-17 19:00:07 +02:00			`server:`
			`rundir: "{{ knotd__run_dir }}"`
			`user: {{ knotd__user }}:{{ knotd__group }}`
			`{% for listen in knotd__listen %}`
			`listen: {{ listen.address }}@{{ listen.port \| default(knotd__port) }}`
			`{% endfor %}`

			`log:`
			`- target: syslog`
			`any: info`

			`database:`
			`storage: "{{ knotd__database_dir }}"`

			`{% if knotd__keys %}`
			`key:`
			`{% for id, key in knotd__keys.items() %}`
			`- id: {{ id }}`
			`algorithm: {{ key.algorithm }}`
			`secret: {{ key.secret }}`
			`{% endfor %}`
			`{% endif %}`

			`{% if knotd__remotes %}`
			`remote:`
			`{% for id, remote in knotd__remotes.items() %}`
			`- id: {{ id }}`
			`address: {{ remote.address }}`
			`{% if "key" in remote %}`
			`key: {{ remote.key }}`
			`{% endif %}`
			`{% endfor %}`
			`{% endif %}`

			`{% if knotd__submissions %}`
			`submission:`
			`{% for id, submission in knotd__submissions.items() %}`
			`- id: {{ id }}`
			`parent: {{ submission.parent }}`
			`{% endfor %}`
			`{% endif %}`

			`{% if knotd__policies %}`
			`policy:`
			`{% for id, policy in knotd__policies.items() %}`
			`- id: {{ id }}`
			`algorithm: {{ policy.algorithm }}`
			`{% if policy.algorithm.startswith("ECDSA") %}`
			`reproducible-signing: {{ policy.reproducible_signing`
			`\| default(knotd__reproducible_signing)`
			`\| ternary("on", "off") }}`
			`{% endif %}`
			`ksk-lifetime: {{ policy.ksk_lifetime }}`
			`zsk-lifetime: {{ policy.zsk_lifetime }}`
			`nsec3: {{ policy.nsec3`
			`\| default(knotd__nsec3)`
			`\| ternary("on", "off") }}`
			`{% if "ds_push" in policy %}`
			`ds-push: {{ policy.ds_push }}`
			`{% endif %}`
			`cds-cdnskey-publish: {{ policy.cds_cdnskey_publish`
			`\| default(knotd__cds_cdnskey_publish) }}`
			`{% if "ksk_submission" in policy %}`
			`ksk-submission: {{ policy.ksk_submission }}`
			`{% endif %}`
			`{% endfor %}`
			`{% endif %}`

			`{% if knotd__acl %}`
			`acl:`
			`{% for id, acl in knotd__acl.items() %}`
			`- id: {{ id }}`
			`{% if "addresses" in acl %}`
			`address: [ {{ acl.addresses \| join(", ") }} ]`
			`{% endif %}`
			`action: {{ acl.action }}`
			`{% if acl.action == "update" %}`
			`update-type: [ {{ acl.update_types \| join(", ") }} ]`
			`update-owner: {{ acl.update_owner`
			`\| default(knotd__acl_update_owner) }}`
			`update-owner-match: {{ acl.update_owner_match`
			`\| default(knotd__acl_update_owner_match) }}`
			`update-owner-name: [ {{ acl.update_owner_name \| join(", ") }} ]`
			`{% endif %}`
			`{% if "key" in acl %}`
			`key: {{ acl.key }}`
			`{% endif %}`
			`{% endfor %}`
			`{% endif %}`

			`template:`
			`- id: default`
			`storage: "{{ knotd__zones_dir }}"`
			`file: "%s.zone"`
			`semantic-checks: {{ knotd__semantic_checks`
			`\| ternary("on", "off") }}`
			`zonefile-sync: -1`
			`zonefile-load: difference-no-serial`
			`journal-content: changes`
			`journal-content: all`
			`serial-policy: {{ knotd__serial_policy }}`

			`{% if knotd__zones %}`
			`zone:`
			`{% for domain, zone in knotd__zones.items() %}`
			`{% if zone.enabled \| default(true) %}`
			`- domain: {{ domain }}`
			`{% if "notify" in zone %}`
			`notify: [ {{ zone.notify \| join(", ") }} ]`
			`{% endif %}`
			`{% if "acl" in zone %}`
			`acl: [ {{ zone.acl \| join(", ") }} ]`
			`{% endif %}`
			`{% if "master" in zone %}`
			`master: {{ zone.master }}`
			`{% endif %}`
			`{% if "dnssec_policy" in zone %}`
			`dnssec-policy: {{ zone.dnssec_policy }}`
			`dnssec-signing: on`
			`{% else %}`
			`dnssec-validation: {{ zone.dnssec_validation`
			`\| default(knotd__dnssec_validation)`
			`\| ternary("on", "off") }}`
			`{% endif %}`
			`{% endif %}`
			`{% endfor %}`
			`{% endif %}`