diff --git a/group_vars/infra/firewall.yml b/group_vars/infra/firewall.yml index 19866f1..7e85497 100644 --- a/group_vars/infra/firewall.yml +++ b/group_vars/infra/firewall.yml @@ -102,6 +102,10 @@ firewall__zones: addrs: - 2a09:6840:128::150 - 10.128.0.150 + mx.test: + addrs: + - 2a09:6840:211::1:5 + - 45.66.111.205 firewall__input: - iif: @@ -146,6 +150,18 @@ firewall__forward: protocols: icmp: true verdict: accept + - dst: mx.test + protocols: + icmp: true + verdict: accept + - dst: mx.test + protocols: + tcp: + dport: + - 25 + - 465 + - 993 + verdict: accept # SNMP - src: monit dst: diff --git a/host_vars/mx.test.infra.auro.re.yml b/host_vars/mx.test.infra.auro.re.yml new file mode 100644 index 0000000..b9c596e --- /dev/null +++ b/host_vars/mx.test.infra.auro.re.yml @@ -0,0 +1,12 @@ +--- +systemd_link__links: + ext0: ae:ae:ae:1d:c8:b2 + +ifupdown2__interfaces: + ext0: + addresses: + - 2a09:6840:211::1:5/64 + - 10.211.1.5/16 + - 45.66.111.205/30 + gateways: "{{ ifupdown2__gateways.ext }}" +... diff --git a/host_vars/ns-master.int.infra.auro.re/knotd.yml b/host_vars/ns-master.int.infra.auro.re/knotd.yml index bf3879b..940a4f2 100644 --- a/host_vars/ns-master.int.infra.auro.re/knotd.yml +++ b/host_vars/ns-master.int.infra.auro.re/knotd.yml @@ -225,6 +225,10 @@ knotd__zones: target: - ns-1 - ns-2 + - name: test + target: + - ns-1 + - ns-2 - name: adm target: - serge @@ -246,7 +250,7 @@ knotd__zones: preference: 5 - exchange: proxy-ovh preference: 10 - spf: + txt: - data: v=spf1 mx -all a: - address: 92.222.211.195 @@ -309,6 +313,31 @@ knotd__zones: | combine(knotd__hosts['adh.auro.re'] | add_origin_keys('adh.auro.re.')) }}" + test.auro.re: + dnssec_policy: public + notify: + - xfr-ns-1 + - xfr-ns-2 + acl: + - xfr + soa: + mname: ns-master.int.infra.auro.re. + txt: + - data: v=spf1 mx -all + - name: _dmarc + data: v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@test.auro.re;ruf=mailto:postmaster@test.auro.re + ns: + - target: + - ns-1.auro.re. + - ns-2.auro.re. + mx: + - exchange: mx + preference: 5 + hosts: + mx: + - 2a09:6840:211::1:5 + - 45.66.111.205 + infra.auro.re: dnssec_policy: infra notify: @@ -444,6 +473,9 @@ knotd__zones: ec-1.ups: - 2a09:6840:201::3:2 - 10.201.3.2 + mx.test: + - 2a09:6840:211::1:5 + - 10.211.1.5 108.66.45.in-addr.arpa: dnssec_policy: ripe diff --git a/hosts b/hosts index de1876a..378ccf7 100644 --- a/hosts +++ b/hosts @@ -1,5 +1,8 @@ # Aurore servers inventory +[vm_test] +mx.test.infra.auro.re + [aruba] eb-1.acs.sw.infra.auro.re diff --git a/playbooks/base.yml b/playbooks/base.yml index 3c81038..6da6f40 100755 --- a/playbooks/base.yml +++ b/playbooks/base.yml @@ -2,6 +2,7 @@ --- - hosts: - pve_network + - vm_test - vm_network roles: - base_utils diff --git a/playbooks/ifupdown2.yml b/playbooks/ifupdown2.yml index 42a4841..00b9e6e 100755 --- a/playbooks/ifupdown2.yml +++ b/playbooks/ifupdown2.yml @@ -1,6 +1,7 @@ #!/usr/bin/env ansible-playbook --- - hosts: + - vm_test - vm_network roles: - ifupdown2 diff --git a/playbooks/knotd.yml b/playbooks/knotd.yml index a74c40a..3eaf3cd 100755 --- a/playbooks/knotd.yml +++ b/playbooks/knotd.yml @@ -36,6 +36,11 @@ acl: - notify-master master: xfr-master + test.auro.re: + dnssec_validation: true + acl: + - notify-master + master: xfr-master infra.auro.re: dnssec_validation: true acl: diff --git a/playbooks/openssh.yml b/playbooks/openssh.yml index 064ec01..2554047 100755 --- a/playbooks/openssh.yml +++ b/playbooks/openssh.yml @@ -2,6 +2,7 @@ --- - hosts: - pve_network + - vm_test - vm_network roles: - openssh_server diff --git a/playbooks/qemu_guest.yml b/playbooks/qemu_guest.yml index 12dc5ec..7048575 100755 --- a/playbooks/qemu_guest.yml +++ b/playbooks/qemu_guest.yml @@ -2,6 +2,7 @@ --- - hosts: - vm_network + - vm_test roles: - qemu_guest ... diff --git a/playbooks/resolvconf.yml b/playbooks/resolvconf.yml index af74db2..fd21051 100755 --- a/playbooks/resolvconf.yml +++ b/playbooks/resolvconf.yml @@ -2,6 +2,7 @@ --- - hosts: - vm_network + - vm_test - pve_network roles: - resolvconf diff --git a/playbooks/root.yml b/playbooks/root.yml index c8a8ac7..a63f1b9 100755 --- a/playbooks/root.yml +++ b/playbooks/root.yml @@ -2,6 +2,7 @@ --- - hosts: - vm_network + - vm_test - pve_network roles: - root_account diff --git a/playbooks/systemd_link.yml b/playbooks/systemd_link.yml index c0c40fd..6afa616 100755 --- a/playbooks/systemd_link.yml +++ b/playbooks/systemd_link.yml @@ -11,6 +11,7 @@ - ldap - isp - vpn + - vm_test roles: - systemd_link ...