diff options
| author | Paul Buetow <paul@buetow.org> | 2022-04-17 21:34:13 +0100 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2022-04-17 21:34:13 +0100 |
| commit | 37a3925d98c39ee6b0e936bc4aac67d2984dff0e (patch) | |
| tree | 950310eb06e311b174f57046dd6bbf106d90f70b | |
| parent | 5f2668d6e94da47a873987d89c984241246cc9d5 (diff) | |
initial dns master via Rex
| -rw-r--r-- | openbsd/frontends/Rexfile | 46 | ||||
| -rw-r--r-- | openbsd/frontends/var/nsd/etc/key.conf.tpl (renamed from openbsd/frontends/var/nsd:twofish/etc/key.conf.templ) | 2 | ||||
| -rw-r--r-- | openbsd/frontends/var/nsd/etc/nsd.conf.master.tpl (renamed from openbsd/frontends/var/nsd:blowfish/etc/nsd.conf) | 0 | ||||
| -rw-r--r-- | openbsd/frontends/var/nsd/zones.master/buetow.org.zone.tpl (renamed from openbsd/frontends/var/nsd:blowfish/zones/master/buetow.org.zone) | 2 | ||||
| -rw-r--r-- | openbsd/frontends/var/nsd/zones.master/dtail.dev.zone.tpl (renamed from openbsd/frontends/var/nsd:blowfish/zones/master/dtail.dev.zone) | 2 | ||||
| -rw-r--r-- | openbsd/frontends/var/nsd/zones.master/foo.surf.zone.tpl (renamed from openbsd/frontends/var/nsd:blowfish/zones/master/foo.surf.zone) | 2 | ||||
| -rw-r--r-- | openbsd/frontends/var/nsd/zones.master/foo.zone.zone.tpl (renamed from openbsd/frontends/var/nsd:blowfish/zones/master/foo.zone.zone) | 2 | ||||
| -rw-r--r-- | openbsd/frontends/var/nsd/zones.master/irregular.ninja.zone.tpl (renamed from openbsd/frontends/var/nsd:blowfish/zones/master/irregular.ninja.zone) | 2 | ||||
| -rw-r--r-- | openbsd/frontends/var/nsd/zones.master/sidewalk.ninja.zone.tpl (renamed from openbsd/frontends/var/nsd:blowfish/zones/master/sidewalk.ninja.zone) | 2 | ||||
| -rw-r--r-- | openbsd/frontends/var/nsd/zones.master/snonux.de.zone.tpl (renamed from openbsd/frontends/var/nsd:blowfish/zones/master/snonux.de.zone) | 2 | ||||
| -rw-r--r-- | openbsd/frontends/var/nsd/zones.master/snonux.me.zone.tpl (renamed from openbsd/frontends/var/nsd:blowfish/zones/master/snonux.me.zone) | 2 |
11 files changed, 55 insertions, 9 deletions
diff --git a/openbsd/frontends/Rexfile b/openbsd/frontends/Rexfile index cd5a6eb..4985c47 100644 --- a/openbsd/frontends/Rexfile +++ b/openbsd/frontends/Rexfile @@ -20,6 +20,11 @@ our $ipv6address = sub { return '::1'; }; +sub secret { + my $secret = shift; + read_file($ENV{HOME} . '/.rexsecrets/' . $secret); +} + desc 'Install various packages'; task 'packages', group => 'frontends', sub { @@ -119,6 +124,47 @@ task 'smtpd', group => 'frontends', service 'smtpd', ensure => 'started'; }; +desc 'Setup DNS master'; +task 'dnsmaster', group => 'dnsmaster', + sub { + my $restart = FALSE; + + file '/var/nsd/etc/key.conf', + content => template('./var/nsd/etc/key.conf.tpl', + nsd_secret => secret('nsd_secret')), + owner => 'root', + group => '_nsd', + mode => '640', + on_change => sub { + $restart = TRUE; + }; + + file '/var/nsd/etc/nsd.conf', + content => template('./var/nsd/etc/nsd.conf.master.tpl'), + owner => 'root', + group => '_nsd', + mode => '640', + on_change => sub { + $restart = TRUE; + }; + + for my $tpl (<./var/nsd/zones/master/*.zone.tpl>) { + my $zone = $tpl; + $zone =~ s/\.tpl$//; + file $zone, + content => template($tpl), + owner => 'root', + group => 'wheel', + mode => '644', + on_change => sub { + $restart = TRUE; + }; + } + + service 'nsd' => 'restart' if $restart; + service 'nsd', ensure => 'started'; + }; + desc 'Setup HA'; task 'ha', group => 'frontends', sub { diff --git a/openbsd/frontends/var/nsd:twofish/etc/key.conf.templ b/openbsd/frontends/var/nsd/etc/key.conf.tpl index 36e855f..976661a 100644 --- a/openbsd/frontends/var/nsd:twofish/etc/key.conf.templ +++ b/openbsd/frontends/var/nsd/etc/key.conf.tpl @@ -1,4 +1,4 @@ key: name: blowfish.buetow.org algorithm: hmac-sha256 - secret: %%ADDSECRETHEREIN"MARKS%% + secret: "<%= $nsd_secret %>" diff --git a/openbsd/frontends/var/nsd:blowfish/etc/nsd.conf b/openbsd/frontends/var/nsd/etc/nsd.conf.master.tpl index 535acea..535acea 100644 --- a/openbsd/frontends/var/nsd:blowfish/etc/nsd.conf +++ b/openbsd/frontends/var/nsd/etc/nsd.conf.master.tpl diff --git a/openbsd/frontends/var/nsd:blowfish/zones/master/buetow.org.zone b/openbsd/frontends/var/nsd/zones.master/buetow.org.zone.tpl index 6e6d925..42bff2d 100644 --- a/openbsd/frontends/var/nsd:blowfish/zones/master/buetow.org.zone +++ b/openbsd/frontends/var/nsd/zones.master/buetow.org.zone.tpl @@ -1,7 +1,7 @@ $ORIGIN buetow.org. $TTL 4h @ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - 2022031701 ; serial + <%= time() %> ; serial 1h ; refresh 30m ; retry 7d ; expire diff --git a/openbsd/frontends/var/nsd:blowfish/zones/master/dtail.dev.zone b/openbsd/frontends/var/nsd/zones.master/dtail.dev.zone.tpl index 09018a4..0d67272 100644 --- a/openbsd/frontends/var/nsd:blowfish/zones/master/dtail.dev.zone +++ b/openbsd/frontends/var/nsd/zones.master/dtail.dev.zone.tpl @@ -1,7 +1,7 @@ $ORIGIN dtail.dev. $TTL 4h @ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - 2022011708 ; serial + <%= time() %> ; serial 1h ; refresh 30m ; retry 7d ; expire diff --git a/openbsd/frontends/var/nsd:blowfish/zones/master/foo.surf.zone b/openbsd/frontends/var/nsd/zones.master/foo.surf.zone.tpl index a08cf19..e92b881 100644 --- a/openbsd/frontends/var/nsd:blowfish/zones/master/foo.surf.zone +++ b/openbsd/frontends/var/nsd/zones.master/foo.surf.zone.tpl @@ -1,7 +1,7 @@ $ORIGIN foo.surf. $TTL 4h @ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - 2022013001 ; serial + <%= time() %> ; serial 1h ; refresh 30m ; retry 7d ; expire diff --git a/openbsd/frontends/var/nsd:blowfish/zones/master/foo.zone.zone b/openbsd/frontends/var/nsd/zones.master/foo.zone.zone.tpl index 4bfa771..4efbf3d 100644 --- a/openbsd/frontends/var/nsd:blowfish/zones/master/foo.zone.zone +++ b/openbsd/frontends/var/nsd/zones.master/foo.zone.zone.tpl @@ -1,7 +1,7 @@ $ORIGIN foo.zone. $TTL 4h @ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - 2022011708 ; serial + <%= time() %> ; serial 1h ; refresh 30m ; retry 7d ; expire diff --git a/openbsd/frontends/var/nsd:blowfish/zones/master/irregular.ninja.zone b/openbsd/frontends/var/nsd/zones.master/irregular.ninja.zone.tpl index 1bd851a..d3c55e5 100644 --- a/openbsd/frontends/var/nsd:blowfish/zones/master/irregular.ninja.zone +++ b/openbsd/frontends/var/nsd/zones.master/irregular.ninja.zone.tpl @@ -1,7 +1,7 @@ $ORIGIN irregular.ninja. $TTL 4h @ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - 2022011707 ; serial + <%= time() %> ; serial 1h ; refresh 30m ; retry 7d ; expire diff --git a/openbsd/frontends/var/nsd:blowfish/zones/master/sidewalk.ninja.zone b/openbsd/frontends/var/nsd/zones.master/sidewalk.ninja.zone.tpl index 97174a8..42b1db7 100644 --- a/openbsd/frontends/var/nsd:blowfish/zones/master/sidewalk.ninja.zone +++ b/openbsd/frontends/var/nsd/zones.master/sidewalk.ninja.zone.tpl @@ -1,7 +1,7 @@ $ORIGIN sidewalk.ninja. $TTL 4h @ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - 2022011707 ; serial + <%= time() %> ; serial 1h ; refresh 30m ; retry 7d ; expire diff --git a/openbsd/frontends/var/nsd:blowfish/zones/master/snonux.de.zone b/openbsd/frontends/var/nsd/zones.master/snonux.de.zone.tpl index c30b87c..cc530b6 100644 --- a/openbsd/frontends/var/nsd:blowfish/zones/master/snonux.de.zone +++ b/openbsd/frontends/var/nsd/zones.master/snonux.de.zone.tpl @@ -1,7 +1,7 @@ $ORIGIN snonux.de. $TTL 4h @ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - 2022011708 ; serial + <%= time() %> ; serial 1h ; refresh 30m ; retry 7d ; expire diff --git a/openbsd/frontends/var/nsd:blowfish/zones/master/snonux.me.zone b/openbsd/frontends/var/nsd/zones.master/snonux.me.zone.tpl index 82ce20c..e756998 100644 --- a/openbsd/frontends/var/nsd:blowfish/zones/master/snonux.me.zone +++ b/openbsd/frontends/var/nsd/zones.master/snonux.me.zone.tpl @@ -1,7 +1,7 @@ $ORIGIN snonux.me. $TTL 4h @ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - 2022011707 ; serial + <%= time() %> ; serial 1h ; refresh 30m ; retry 7d ; expire |