diff --git a/playbooks/knotd.yml b/playbooks/knotd.yml index e28f686..ddb3728 100755 --- a/playbooks/knotd.yml +++ b/playbooks/knotd.yml @@ -145,6 +145,60 @@ portail-gs: - 10.53.0.247 - 2a09:6840:53::247 + adh.auro.re: + hoffman: + - 45.66.110.1 + - 2a09:6840:110:0:2d8:61ff:fe56:d7eb + hindley: + - 45.66.110.3 + - 2a09:6840:110:0:a6ba:dbff:fe03:1f36 + yberreby: + - 45.66.110.5 + - 2a09:6840:110:0:d896:1dff:fe59:8381 + paon: + - 45.66.110.10 + - 2a09:6840:110:0:231:92ff:fe1b:ae22 + lovelace: + - 45.66.110.45 + - 2a09:6840:110:0:c634:6bff:feb5:7bcc + switch-leo: + - 45.66.110.103 + - 2a09:6840:110:0:82cc:9cff:fe82:ca3e + haskell: + - 45.66.110.112 + - 2a09:6840:110:0:f4ac:cbff:fe81:7f48 + lyshyga0: + - 45.66.110.113 + - 2a09:6840:110:0:6af7:28ff:fe91:e8d9 + pz28910: + - 45.66.110.114 + vinsing0: + - 45.66.110.123 + - 2a09:6840:110:0:1e1b:dff:fe90:7d81 + osc-routeur: + - 45.66.110.125 + - 2a09:6840:110:0:ba27:ebff:fe2d:c1a1 + odroid: + - 45.66.110.154 + - 2a09:6840:110:0:21e:6ff:fe49:e00 + amau0: + - 45.66.110.164 + - 2a09:6840:110:0:3e7c:3fff:fec3:27d1 + regulus: + - 45.66.110.180 + - 2a09:6840:110:0:2ef0:5dff:fe2a:1530 + toaster: + - 45.66.110.188 + - 2a09:6840:110:0:5246:5dff:fe9a:f70 + rpijutax: + - 45.66.110.190 + - 2a09:6840:110:0:ba27:ebff:fe76:a9bc + lafeychine: + - 45.66.110.200 + - 2a09:6840:110:0:46a5:6eff:fe71:1 + polaris: + - 45.66.110.245 + - 2a09:6840:110:0:dea6:32ff:feb4:d033 knotd__zones: auro.re: dnssec_policy: public @@ -222,7 +276,18 @@ - smtp - imap target: mail - hosts: "{{ knotd__hosts['auro.re'] }}" + - name: + - prometheus-paul.adh + - pma-paul.adh + - nextcloud-paul.adh + - grafana-paul.adh + - jellyfin-paul.adh + - monitoring.adh + - beta-mpp.adh + target: pz28910.adh + hosts: "{{ knotd__hosts['auro.re'] + | combine(knotd__hosts['adh.auro.re'] + | add_origin_keys('adh.auro.re.')) }}" infra.auro.re: dnssec_policy: infra notify: @@ -295,6 +360,9 @@ - target: - ns-1.auro.re. - ns-2.auro.re. + reverse_hosts: "{{ knotd__hosts['adh.auro.re'] + | ip_filter(['45.66.110.0/24']) + | add_origin_keys('adh.auro.re.') }}" 111.66.45.in-addr.arpa: dnssec_policy: ripe notify: @@ -308,15 +376,10 @@ - target: - ns-1.auro.re. - ns-2.auro.re. - ptr: - - name: "1" - target: x.auro.re. - - name: "2" - target: y.auro.re. reverse_hosts: "{{ knotd__hosts['auro.re'] | ip_filter(['45.66.111.0/24']) | add_origin_keys('auro.re.') }}" - 4.8.6.9.0.a.2.ip6.arpa: + 0.4.8.6.9.0.a.2.ip6.arpa: dnssec_policy: ripe notify: - xfr-ns-1 @@ -329,6 +392,12 @@ - target: - ns-1.auro.re. - ns-2.auro.re. + reverse_hosts: "{{ knotd__hosts['auro.re'] + | ip_filter(['2a09:6840::/32']) + | add_origin_keys('auro.re.') + | combine(knotd__hosts['adh.auro.re'] + | ip_filter(['2a09:6840::/32']) + | add_origin_keys('adh.auro.re.')) }}" #reverse: "{{ nb_dns_reverse(ranges={'45.66.108.0/24'}, # vlan_suffixes=nb__dns_vlan_suffixes) }}" #hosts: "{{ nb_dns_hosts(vlans={'int', 'ceph', 'ext', 'bmc'}, @@ -374,12 +443,12 @@ - 10.0.0.0/8 knotd__zones: auro.re: - dnssec_validation: false + dnssec_validation: true acl: - notify-master master: xfr-master infra.auro.re: - dnssec_validation: false + dnssec_validation: true acl: - notify-master #queryacl: local @@ -404,7 +473,7 @@ acl: - notify-master master: xfr-master - 4.8.6.9.0.a.2.ip6.arpa: + 0.4.8.6.9.0.a.2.ip6.arpa: dnssec_validation: false acl: - notify-master