ansible/playbooks/knotd.yml

72 lines
1.5 KiB
YAML
Executable file

#!/usr/bin/env ansible-playbook
---
- hosts: ns-master.int.infra.auro.re
roles:
- knotd
- hosts:
- ns-1.auro.re
- ns-2.auro.re
vars:
knotd__listen:
- address: 0.0.0.0
- address: "::"
knotd__keys:
xfr:
algorithm: hmac-sha512
secret: "{{ vault_knotd_xfr_key }}"
knotd__remotes:
xfr-master:
address: 10.128.0.110
key: xfr
knotd__acl:
notify-master:
address:
- 10.128.0.110
- 2a09:6840:128::110
key: xfr
action: notify
knotd__queryacl:
local:
addresses:
- 10.0.0.0/8
knotd__zones:
auro.re:
dnssec_validation: true
acl:
- notify-master
master: xfr-master
infra.auro.re:
dnssec_validation: true
acl:
- notify-master
#queryacl: local
master: xfr-master
108.66.45.in-addr.arpa:
dnssec_validation: false
acl:
- notify-master
master: xfr-master
109.66.45.in-addr.arpa:
dnssec_validation: false
acl:
- notify-master
master: xfr-master
110.66.45.in-addr.arpa:
dnssec_validation: false
acl:
- notify-master
master: xfr-master
111.66.45.in-addr.arpa:
dnssec_validation: false
acl:
- notify-master
master: xfr-master
0.4.8.6.9.0.a.2.ip6.arpa:
dnssec_validation: false
acl:
- notify-master
master: xfr-master
roles:
- knotd
...