dns server now fully managed using rex

author: Paul Buetow <paul@buetow.org> 2022-04-17 21:58:12 +0100
committer: Paul Buetow <paul@buetow.org> 2022-04-17 21:58:12 +0100
commit: 78727edd46ff39754824bcb5c70606054a2763c2 (patch)
tree: 5fa152ffa9300c72dca1bb5903da7c056659c79a /openbsd/frontends
parent: 37a3925d98c39ee6b0e936bc4aac67d2984dff0e (diff)
13 files changed, 57 insertions, 104 deletions
diff --git a/openbsd/frontends/Rexfile b/openbsd/frontends/Rexfile
index 4985c47..be6eb24 100644
--- a/openbsd/frontends/Rexfile
+++ b/openbsd/frontends/Rexfile
@@ -20,6 +20,8 @@ our $ipv6address = sub {
   return '::1';
 };
 
+our @dns_zones = qw/buetow.org dtail.dev foo.surf foo.zone irregular.ninja sidewalk.ninja snonux.de snonux.me/;
+
 sub secret {
   my $secret = shift;
   read_file($ENV{HOME} . '/.rexsecrets/' . $secret);
@@ -140,7 +142,8 @@ task 'dnsmaster', group => 'dnsmaster',
       };
 
     file '/var/nsd/etc/nsd.conf',
-      content => template('./var/nsd/etc/nsd.conf.master.tpl'),
+      content => template('./var/nsd/etc/nsd.conf.master.tpl',
+          dns_zones => \@dns_zones),
       owner => 'root',
       group => '_nsd',
       mode => '640',
@@ -148,11 +151,9 @@ task 'dnsmaster', group => 'dnsmaster',
         $restart = TRUE;
       };
 
-    for my $tpl (<./var/nsd/zones/master/*.zone.tpl>) {
-      my $zone = $tpl;
-      $zone =~ s/\.tpl$//;
-      file $zone,
-        content => template($tpl),
+    for my $zone (@dns_zones) {
+      file "/var/nsd/zones/master/$zone.zone",
+        content => template("./var/nsd/zones/master/$zone.zone.tpl"),
         owner => 'root',
         group => 'wheel',
         mode => '644',
@@ -165,6 +166,35 @@ task 'dnsmaster', group => 'dnsmaster',
     service 'nsd', ensure => 'started';
   };
 
+desc 'Setup DNS slaves';
+task 'dnsslaves', group => 'dnsslaves',
+  sub {
+    my $restart = FALSE;
+
+    file '/var/nsd/etc/key.conf',
+      content => template('./var/nsd/etc/key.conf.tpl',
+          nsd_secret => secret('nsd_secret')),
+      owner => 'root',
+      group => '_nsd',
+      mode => '640',
+      on_change => sub {
+        $restart = TRUE;
+      };
+
+    file '/var/nsd/etc/nsd.conf',
+      content => template('./var/nsd/etc/nsd.conf.slave.tpl',
+          dns_zones => \@dns_zones),
+      owner => 'root',
+      group => '_nsd',
+      mode => '640',
+      on_change => sub {
+        $restart = TRUE;
+      };
+
+    service 'nsd' => 'restart' if $restart;
+    service 'nsd', ensure => 'started';
+  };
+
 desc 'Setup HA';
 task 'ha', group => 'frontends',
   sub {
diff --git a/openbsd/frontends/var/nsd/etc/nsd.conf.master.tpl b/openbsd/frontends/var/nsd/etc/nsd.conf.master.tpl
index 535acea..310550a 100644
--- a/openbsd/frontends/var/nsd/etc/nsd.conf.master.tpl
+++ b/openbsd/frontends/var/nsd/etc/nsd.conf.master.tpl
@@ -10,50 +10,10 @@ remote-control:
 	control-enable: yes
 	control-interface: /var/run/nsd.sock
 
+<% for my $zone (@$dns_zones) { %>
 zone:
-	name: "buetow.org"
-	zonefile: "master/buetow.org.zone"
-	notify: 108.160.134.135 blowfish.buetow.org
-	provide-xfr: 108.160.134.135 blowfish.buetow.org
-
-zone:
-	name: "dtail.dev"
-	zonefile: "master/dtail.dev.zone"
-	notify: 108.160.134.135 blowfish.buetow.org
-	provide-xfr: 108.160.134.135 blowfish.buetow.org
-
-zone:
-	name: "foo.zone"
-	zonefile: "master/foo.zone.zone"
-	notify: 108.160.134.135 blowfish.buetow.org
-	provide-xfr: 108.160.134.135 blowfish.buetow.org
-
-zone:
-	name: "foo.surf"
-	zonefile: "master/foo.surf.zone"
-	notify: 108.160.134.135 blowfish.buetow.org
-	provide-xfr: 108.160.134.135 blowfish.buetow.org
-
-zone:
-	name: "snonux.de"
-	zonefile: "master/snonux.de.zone"
-	notify: 108.160.134.135 blowfish.buetow.org
-	provide-xfr: 108.160.134.135 blowfish.buetow.org
-
-zone:
-	name: "irregular.ninja"
-	zonefile: "master/irregular.ninja.zone"
-	notify: 108.160.134.135 blowfish.buetow.org
-	provide-xfr: 108.160.134.135 blowfish.buetow.org
-
-zone:
-	name: "sidewalk.ninja"
-	zonefile: "master/sidewalk.ninja.zone"
-	notify: 108.160.134.135 blowfish.buetow.org
-	provide-xfr: 108.160.134.135 blowfish.buetow.org
-
-zone:
-	name: "snonux.me"
-	zonefile: "master/snonux.me.zone"
+	name: "<%= $zone %>"
+	zonefile: "master/<%= $zone %>.zone"
 	notify: 108.160.134.135 blowfish.buetow.org
 	provide-xfr: 108.160.134.135 blowfish.buetow.org
+<% } %>
diff --git a/openbsd/frontends/var/nsd/etc/nsd.conf.slave.tpl b/openbsd/frontends/var/nsd/etc/nsd.conf.slave.tpl
new file mode 100644
index 0000000..d9d93fe
--- /dev/null
+++ b/openbsd/frontends/var/nsd/etc/nsd.conf.slave.tpl
@@ -0,0 +1,17 @@
+include: "/var/nsd/etc/key.conf"
+
+server:
+	hide-version: yes
+	verbosity: 1
+	database: "" # disable database
+
+remote-control:
+	control-enable: yes
+	control-interface: /var/run/nsd.sock
+
+<% for my $zone (@$dns_zones) { %>
+zone:
+	name: "<%= $zone %>"
+	allow-notify: 23.88.35.144 blowfish.buetow.org
+	request-xfr: 23.88.35.144 blowfish.buetow.org
+<% } %>
diff --git a/openbsd/frontends/var/nsd/zones.master/buetow.org.zone.tpl b/openbsd/frontends/var/nsd/zones/master/buetow.org.zone.tpl
index 42bff2d..42bff2d 100644
--- a/openbsd/frontends/var/nsd/zones.master/buetow.org.zone.tpl
+++ b/openbsd/frontends/var/nsd/zones/master/buetow.org.zone.tpl
diff --git a/openbsd/frontends/var/nsd/zones.master/dtail.dev.zone.tpl b/openbsd/frontends/var/nsd/zones/master/dtail.dev.zone.tpl
index 0d67272..0d67272 100644
--- a/openbsd/frontends/var/nsd/zones.master/dtail.dev.zone.tpl
+++ b/openbsd/frontends/var/nsd/zones/master/dtail.dev.zone.tpl
diff --git a/openbsd/frontends/var/nsd/zones.master/foo.surf.zone.tpl b/openbsd/frontends/var/nsd/zones/master/foo.surf.zone.tpl
index e92b881..e92b881 100644
--- a/openbsd/frontends/var/nsd/zones.master/foo.surf.zone.tpl
+++ b/openbsd/frontends/var/nsd/zones/master/foo.surf.zone.tpl
diff --git a/openbsd/frontends/var/nsd/zones.master/foo.zone.zone.tpl b/openbsd/frontends/var/nsd/zones/master/foo.zone.zone.tpl
index 4efbf3d..4efbf3d 100644
--- a/openbsd/frontends/var/nsd/zones.master/foo.zone.zone.tpl
+++ b/openbsd/frontends/var/nsd/zones/master/foo.zone.zone.tpl
diff --git a/openbsd/frontends/var/nsd/zones.master/irregular.ninja.zone.tpl b/openbsd/frontends/var/nsd/zones/master/irregular.ninja.zone.tpl
index d3c55e5..d3c55e5 100644
--- a/openbsd/frontends/var/nsd/zones.master/irregular.ninja.zone.tpl
+++ b/openbsd/frontends/var/nsd/zones/master/irregular.ninja.zone.tpl
diff --git a/openbsd/frontends/var/nsd/zones.master/sidewalk.ninja.zone.tpl b/openbsd/frontends/var/nsd/zones/master/sidewalk.ninja.zone.tpl
index 42b1db7..42b1db7 100644
--- a/openbsd/frontends/var/nsd/zones.master/sidewalk.ninja.zone.tpl
+++ b/openbsd/frontends/var/nsd/zones/master/sidewalk.ninja.zone.tpl
diff --git a/openbsd/frontends/var/nsd/zones.master/snonux.de.zone.tpl b/openbsd/frontends/var/nsd/zones/master/snonux.de.zone.tpl
index cc530b6..cc530b6 100644
--- a/openbsd/frontends/var/nsd/zones.master/snonux.de.zone.tpl
+++ b/openbsd/frontends/var/nsd/zones/master/snonux.de.zone.tpl
diff --git a/openbsd/frontends/var/nsd/zones.master/snonux.me.zone.tpl b/openbsd/frontends/var/nsd/zones/master/snonux.me.zone.tpl
index e756998..e756998 100644
--- a/openbsd/frontends/var/nsd/zones.master/snonux.me.zone.tpl
+++ b/openbsd/frontends/var/nsd/zones/master/snonux.me.zone.tpl
diff --git a/openbsd/frontends/var/nsd:blowfish/etc/key.conf.templ b/openbsd/frontends/var/nsd:blowfish/etc/key.conf.templ
deleted file mode 100644
index 36e855f..0000000
--- a/openbsd/frontends/var/nsd:blowfish/etc/key.conf.templ
+++ /dev/null
@@ -1,4 +0,0 @@
-key:
-        name: blowfish.buetow.org
-        algorithm: hmac-sha256
-	secret: %%ADDSECRETHEREIN"MARKS%%
diff --git a/openbsd/frontends/var/nsd:twofish/etc/nsd.conf b/openbsd/frontends/var/nsd:twofish/etc/nsd.conf
deleted file mode 100644
index 0727d89..0000000
--- a/openbsd/frontends/var/nsd:twofish/etc/nsd.conf
+++ /dev/null
@@ -1,50 +0,0 @@
-include: "/var/nsd/etc/key.conf"
-
-server:
-	hide-version: yes
-	verbosity: 1
-	database: "" # disable database
-
-remote-control:
-	control-enable: yes
-	control-interface: /var/run/nsd.sock
-
-zone:
-	name: "buetow.org"
-	allow-notify: 23.88.35.144 blowfish.buetow.org
-	request-xfr: 23.88.35.144 blowfish.buetow.org
-
-zone:
-	name: "dtail.dev"
-	allow-notify: 23.88.35.144 blowfish.buetow.org
-	request-xfr: 23.88.35.144 blowfish.buetow.org
-
-zone:
-	name: "foo.zone"
-	allow-notify: 23.88.35.144 blowfish.buetow.org
-	request-xfr: 23.88.35.144 blowfish.buetow.org
-
-zone:
-	name: "foo.surf"
-	allow-notify: 23.88.35.144 blowfish.buetow.org
-	request-xfr: 23.88.35.144 blowfish.buetow.org
-
-zone:
-	name: "snonux.de"
-	allow-notify: 23.88.35.144 blowfish.buetow.org
-	request-xfr: 23.88.35.144 blowfish.buetow.org
-
-zone:
-	name: "irregular.ninja"
-	allow-notify: 23.88.35.144 blowfish.buetow.org
-	request-xfr: 23.88.35.144 blowfish.buetow.org
-
-zone:
-	name: "sidewalk.ninja"
-	allow-notify: 23.88.35.144 blowfish.buetow.org
-	request-xfr: 23.88.35.144 blowfish.buetow.org
-
-zone:
-	name: "snonux.me"
-	allow-notify: 23.88.35.144 blowfish.buetow.org
-	request-xfr: 23.88.35.144 blowfish.buetow.org
author	Paul Buetow <paul@buetow.org>	2022-04-17 21:58:12 +0100
committer	Paul Buetow <paul@buetow.org>	2022-04-17 21:58:12 +0100
commit	78727edd46ff39754824bcb5c70606054a2763c2 (patch)
tree	5fa152ffa9300c72dca1bb5903da7c056659c79a /openbsd/frontends
parent	37a3925d98c39ee6b0e936bc4aac67d2984dff0e (diff)