{{ ansible_managed | comment }} server: rundir: "{{ knotd__run_dir }}" user: {{ knotd__user }}:{{ knotd__group }} {% for listen in knotd__listen %} listen: {{ listen.address }}@{{ listen.port | default(knotd__port) }} {% endfor %} log: - target: syslog any: info database: storage: "{{ knotd__database_dir }}" {% if knotd__keys %} key: {% for id, key in knotd__keys.items() %} - id: {{ id }} algorithm: {{ key.algorithm }} secret: {{ key.secret }} {% endfor %} {% endif %} {% if knotd__remotes %} remote: {% for id, remote in knotd__remotes.items() %} - id: {{ id }} address: {{ remote.address }} {% if remote.key is defined %} key: {{ remote.key }} {% endif %} {% endfor %} {% endif %} {% if knotd__submissions %} submission: {% for id, submission in knotd__submissions.items() %} - id: {{ id }} parent: {{ submission.parent }} {% endfor %} {% endif %} {% if knotd__policies %} policy: {% for id, policy in knotd__policies.items() %} - id: {{ id }} algorithm: {{ policy.algorithm }} {% if policy.algorithm.startswith("ECDSA") %} reproducible-signing: {{ policy.reproducible_signing | default(knotd__reproducible_signing) | ternary("on", "off") }} {% endif %} ksk-lifetime: {{ policy.ksk_lifetime }} zsk-lifetime: {{ policy.zsk_lifetime }} nsec3: {{ policy.nsec3 | default(knotd__nsec3) | ternary("on", "off") }} {% if policy.ds_push is defined %} ds-push: {{ policy.ds_push }} {% endif %} cds-cdnskey-publish: {{ policy.cds_cdnskey_publish | default(knotd__cds_cdnskey_publish) }} {% if policy.ksk_submission is defined %} ksk-submission: {{ policy.ksk_submission }} {% endif %} {% endfor %} {% endif %} {% if knotd__acl %} acl: {% for id, acl in knotd__acl.items() %} - id: {{ id }} {% if acl.addresses is defined %} address: [ {{ acl.addresses | join(", ") }} ] {% endif %} action: {{ acl.action }} {% if acl.action == "update" %} update-type: [ {{ acl.update_types | join(", ") }} ] update-owner: {{ acl.update_owner | default(knotd__acl_update_owner) }} update-owner-match: {{ acl.update_owner_match | default(knotd__acl_update_owner_match) }} update-owner-name: [ {{ acl.update_owner_name | join(", ") }} ] {% endif %} {% if acl.key is defined %} key: {{ acl.key }} {% endif %} {% endfor %} {% endif %} {% if knotd__queryacl.items() %} mod-queryacl: {% for id, acl in knotd__queryacl.items() %} - id: {{ id }} address: [ {{ acl.addresses | join(", ") }} ] {% endfor %} {% endif %} template: - id: default storage: "{{ knotd__zones_dir }}" file: "%s.zone" semantic-checks: {{ knotd__semantic_checks | ternary("on", "off") }} zonefile-sync: -1 zonefile-load: difference-no-serial journal-content: changes journal-content: all serial-policy: {{ knotd__serial_policy }} {% if knotd__zones %} zone: {% for domain, zone in knotd__zones.items() %} {% if zone.enabled | default(true) %} - domain: {{ domain }} {% if zone.notify is defined %} notify: [ {{ zone.notify | join(", ") }} ] {% endif %} {% if zone.acl is defined %} acl: [ {{ zone.acl | join(", ") }} ] {% endif %} {% if zone.queryacl is defined %} module: mod-queryacl/{{ zone.queryacl }} {% endif %} {% if zone.master is defined %} master: {{ zone.master }} {% endif %} {% if zone.dnssec_policy is defined %} dnssec-policy: {{ zone.dnssec_policy }} dnssec-signing: on {% else %} dnssec-validation: {{ zone.dnssec_validation | default(knotd__dnssec_validation) | ternary("on", "off") }} {% endif %} {% endif %} {% endfor %} {% endif %}