initial dns master via Rex

author: Paul Buetow <paul@buetow.org> 2022-04-17 21:34:13 +0100
committer: Paul Buetow <paul@buetow.org> 2022-04-17 21:34:13 +0100
commit: 37a3925d98c39ee6b0e936bc4aac67d2984dff0e (patch)
tree: 950310eb06e311b174f57046dd6bbf106d90f70b /openbsd
parent: 5f2668d6e94da47a873987d89c984241246cc9d5 (diff)
11 files changed, 55 insertions, 9 deletions
diff --git a/openbsd/frontends/Rexfile b/openbsd/frontends/Rexfile
index cd5a6eb..4985c47 100644
--- a/openbsd/frontends/Rexfile
+++ b/openbsd/frontends/Rexfile
@@ -20,6 +20,11 @@ our $ipv6address = sub {
   return '::1';
 };
 
+sub secret {
+  my $secret = shift;
+  read_file($ENV{HOME} . '/.rexsecrets/' . $secret);
+}
+
 desc 'Install various packages';
 task 'packages', group => 'frontends',
   sub {
@@ -119,6 +124,47 @@ task 'smtpd', group => 'frontends',
     service 'smtpd', ensure => 'started';
   };
 
+desc 'Setup DNS master';
+task 'dnsmaster', group => 'dnsmaster',
+  sub {
+    my $restart = FALSE;
+
+    file '/var/nsd/etc/key.conf',
+      content => template('./var/nsd/etc/key.conf.tpl',
+          nsd_secret => secret('nsd_secret')),
+      owner => 'root',
+      group => '_nsd',
+      mode => '640',
+      on_change => sub {
+        $restart = TRUE;
+      };
+
+    file '/var/nsd/etc/nsd.conf',
+      content => template('./var/nsd/etc/nsd.conf.master.tpl'),
+      owner => 'root',
+      group => '_nsd',
+      mode => '640',
+      on_change => sub {
+        $restart = TRUE;
+      };
+
+    for my $tpl (<./var/nsd/zones/master/*.zone.tpl>) {
+      my $zone = $tpl;
+      $zone =~ s/\.tpl$//;
+      file $zone,
+        content => template($tpl),
+        owner => 'root',
+        group => 'wheel',
+        mode => '644',
+        on_change => sub {
+          $restart = TRUE;
+        };
+     }
+
+    service 'nsd' => 'restart' if $restart;
+    service 'nsd', ensure => 'started';
+  };
+
 desc 'Setup HA';
 task 'ha', group => 'frontends',
   sub {
diff --git a/openbsd/frontends/var/nsd:twofish/etc/key.conf.templ b/openbsd/frontends/var/nsd/etc/key.conf.tpl
index 36e855f..976661a 100644
--- a/openbsd/frontends/var/nsd:twofish/etc/key.conf.templ
+++ b/openbsd/frontends/var/nsd/etc/key.conf.tpl
@@ -1,4 +1,4 @@
 key:
         name: blowfish.buetow.org
         algorithm: hmac-sha256
-	secret: %%ADDSECRETHEREIN"MARKS%%
+        secret: "<%= $nsd_secret %>"
diff --git a/openbsd/frontends/var/nsd:blowfish/etc/nsd.conf b/openbsd/frontends/var/nsd/etc/nsd.conf.master.tpl
index 535acea..535acea 100644
--- a/openbsd/frontends/var/nsd:blowfish/etc/nsd.conf
+++ b/openbsd/frontends/var/nsd/etc/nsd.conf.master.tpl
diff --git a/openbsd/frontends/var/nsd:blowfish/zones/master/buetow.org.zone b/openbsd/frontends/var/nsd/zones.master/buetow.org.zone.tpl
index 6e6d925..42bff2d 100644
--- a/openbsd/frontends/var/nsd:blowfish/zones/master/buetow.org.zone
+++ b/openbsd/frontends/var/nsd/zones.master/buetow.org.zone.tpl
@@ -1,7 +1,7 @@
 $ORIGIN buetow.org.
 $TTL 4h
 @        IN  SOA  blowfish.buetow.org. hostmaster.buetow.org. (
-                  2022031701      ; serial
+                  <%= time() %>   ; serial
                   1h              ; refresh
                   30m             ; retry
                   7d              ; expire
diff --git a/openbsd/frontends/var/nsd:blowfish/zones/master/dtail.dev.zone b/openbsd/frontends/var/nsd/zones.master/dtail.dev.zone.tpl
index 09018a4..0d67272 100644
--- a/openbsd/frontends/var/nsd:blowfish/zones/master/dtail.dev.zone
+++ b/openbsd/frontends/var/nsd/zones.master/dtail.dev.zone.tpl
@@ -1,7 +1,7 @@
 $ORIGIN dtail.dev.
 $TTL 4h
 @        IN  SOA  blowfish.buetow.org. hostmaster.buetow.org. (
-                  2022011708      ; serial
+                  <%= time() %>   ; serial
                   1h              ; refresh
                   30m             ; retry
                   7d              ; expire
diff --git a/openbsd/frontends/var/nsd:blowfish/zones/master/foo.surf.zone b/openbsd/frontends/var/nsd/zones.master/foo.surf.zone.tpl
index a08cf19..e92b881 100644
--- a/openbsd/frontends/var/nsd:blowfish/zones/master/foo.surf.zone
+++ b/openbsd/frontends/var/nsd/zones.master/foo.surf.zone.tpl
@@ -1,7 +1,7 @@
 $ORIGIN foo.surf.
 $TTL 4h
 @        IN  SOA  blowfish.buetow.org. hostmaster.buetow.org. (
-                  2022013001      ; serial
+                  <%= time() %>   ; serial
                   1h              ; refresh
                   30m             ; retry
                   7d              ; expire
diff --git a/openbsd/frontends/var/nsd:blowfish/zones/master/foo.zone.zone b/openbsd/frontends/var/nsd/zones.master/foo.zone.zone.tpl
index 4bfa771..4efbf3d 100644
--- a/openbsd/frontends/var/nsd:blowfish/zones/master/foo.zone.zone
+++ b/openbsd/frontends/var/nsd/zones.master/foo.zone.zone.tpl
@@ -1,7 +1,7 @@
 $ORIGIN foo.zone.
 $TTL 4h
 @        IN  SOA  blowfish.buetow.org. hostmaster.buetow.org. (
-                  2022011708      ; serial
+                  <%= time() %>   ; serial
                   1h              ; refresh
                   30m             ; retry
                   7d              ; expire
diff --git a/openbsd/frontends/var/nsd:blowfish/zones/master/irregular.ninja.zone b/openbsd/frontends/var/nsd/zones.master/irregular.ninja.zone.tpl
index 1bd851a..d3c55e5 100644
--- a/openbsd/frontends/var/nsd:blowfish/zones/master/irregular.ninja.zone
+++ b/openbsd/frontends/var/nsd/zones.master/irregular.ninja.zone.tpl
@@ -1,7 +1,7 @@
 $ORIGIN irregular.ninja.
 $TTL 4h
 @        IN  SOA  blowfish.buetow.org. hostmaster.buetow.org. (
-                  2022011707      ; serial
+                  <%= time() %>   ; serial
                   1h              ; refresh
                   30m             ; retry
                   7d              ; expire
diff --git a/openbsd/frontends/var/nsd:blowfish/zones/master/sidewalk.ninja.zone b/openbsd/frontends/var/nsd/zones.master/sidewalk.ninja.zone.tpl
index 97174a8..42b1db7 100644
--- a/openbsd/frontends/var/nsd:blowfish/zones/master/sidewalk.ninja.zone
+++ b/openbsd/frontends/var/nsd/zones.master/sidewalk.ninja.zone.tpl
@@ -1,7 +1,7 @@
 $ORIGIN sidewalk.ninja.
 $TTL 4h
 @        IN  SOA  blowfish.buetow.org. hostmaster.buetow.org. (
-                  2022011707      ; serial
+                  <%= time() %>   ; serial
                   1h              ; refresh
                   30m             ; retry
                   7d              ; expire
diff --git a/openbsd/frontends/var/nsd:blowfish/zones/master/snonux.de.zone b/openbsd/frontends/var/nsd/zones.master/snonux.de.zone.tpl
index c30b87c..cc530b6 100644
--- a/openbsd/frontends/var/nsd:blowfish/zones/master/snonux.de.zone
+++ b/openbsd/frontends/var/nsd/zones.master/snonux.de.zone.tpl
@@ -1,7 +1,7 @@
 $ORIGIN snonux.de.
 $TTL 4h
 @        IN  SOA  blowfish.buetow.org. hostmaster.buetow.org. (
-                  2022011708      ; serial
+                  <%= time() %>   ; serial
                   1h              ; refresh
                   30m             ; retry
                   7d              ; expire
diff --git a/openbsd/frontends/var/nsd:blowfish/zones/master/snonux.me.zone b/openbsd/frontends/var/nsd/zones.master/snonux.me.zone.tpl
index 82ce20c..e756998 100644
--- a/openbsd/frontends/var/nsd:blowfish/zones/master/snonux.me.zone
+++ b/openbsd/frontends/var/nsd/zones.master/snonux.me.zone.tpl
@@ -1,7 +1,7 @@
 $ORIGIN snonux.me.
 $TTL 4h
 @        IN  SOA  blowfish.buetow.org. hostmaster.buetow.org. (
-                  2022011707      ; serial
+                  <%= time() %>   ; serial
                   1h              ; refresh
                   30m             ; retry
                   7d              ; expire
author	Paul Buetow <paul@buetow.org>	2022-04-17 21:34:13 +0100
committer	Paul Buetow <paul@buetow.org>	2022-04-17 21:34:13 +0100
commit	37a3925d98c39ee6b0e936bc4aac67d2984dff0e (patch)
tree	950310eb06e311b174f57046dd6bbf106d90f70b /openbsd
parent	5f2668d6e94da47a873987d89c984241246cc9d5 (diff)