commit f6c8265044df304827f20e13922bd0c5a4f8ceaa
parent 12407e86d67c44988803b9f3d534cdc60a1e0770
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sun, 21 Feb 2021 16:51:03 +0100
parent 12407e86d67c44988803b9f3d534cdc60a1e0770
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sun, 21 Feb 2021 16:51:03 +0100
roles/bind: split tasks to multiple files
6 files changed, 180 insertions(+), 210 deletions(-)
M
|
220
++++---------------------------------------------------------------------------
diff --git a/roles/bind/tasks/configure.yml b/roles/bind/tasks/configure.yml @@ -0,0 +1,38 @@ +--- + +- name: "Clone specified zone-repo to: /var/lib/bind/zones" + git: + repo: '{{ services.bind.zonesRepo }}' + dest: /var/lib/named/zones + register: zonesClone + when: + - services.bind.zonesRepo is defined + +- name: "Set correct permissions for: /var/lib/named" + file: + path: /var/lib/named + owner: named + group: named + state: directory + recurse: yes + register: setPermissions + +- name: "[Alpine] Generate named.conf" + template: + src: named.conf.j2 + dest: /etc/bind/named.conf + owner: named + group: named + register: namedConfig + when: + - ansible_distribution == "Alpine" + +- name: "[Archlinux] Generate named.conf" + template: + src: named.conf.j2 + dest: /etc/named.conf + owner: named + group: named + register: namedConfig + when: + - ansible_distribution == "Archlinux"
diff --git a/roles/bind/tasks/firewall.yml b/roles/bind/tasks/firewall.yml @@ -0,0 +1,20 @@ +--- + +- name: "[nftables] Create rule for: bind" + copy: + src: nftables-rule.nft + dest: /etc/nftables.d/bind.nft + +- name: "[OpenRC] Restart service: nftables" + service: + name: nftables + state: restarted + when: + - ansible_service_mgr == "openrc" + +- name: "[systemd] Restart service: nftables" + systemd: + name: nftables + state: restarted + when: + - ansible_service_mgr == "systemd"
diff --git a/roles/bind/tasks/install.yml b/roles/bind/tasks/install.yml @@ -0,0 +1,17 @@ +--- + +- name: "[Alpine] Install package: bind" + apk: + name: bind + state: present + update_cache: yes + when: + - ansible_distribution == "Alpine" + +- name: "[Archlinux] Install package: bind" + pacman: + name: bind + state: present + update_cache: yes + when: + - ansible_distribution == "Archlinux"
diff --git a/roles/bind/tasks/main.yml b/roles/bind/tasks/main.yml @@ -1,227 +1,27 @@ --- -# install it - -- name: "[Alpine] Install package: bind" - apk: - name: bind - state: present - update_cache: yes - when: - - ansible_distribution == "Alpine" - - services.bind.enable is true - -- name: "[Archlinux] Install package: bind" - pacman: - name: bind - state: present - update_cache: yes - when: - - ansible_distribution == "Archlinux" - - services.bind.enable is true - - -- name: "Clone specified zone-repo to: /var/lib/bind/zones" - git: - repo: '{{ services.bind.zonesRepo }}' - dest: /var/lib/named/zones - register: zonesClone - when: - - services.bind.enable is true - - services.bind.zonesRepo is defined - -- name: "Set correct permissions for: /var/lib/named" - file: - path: /var/lib/named - owner: named - group: named - state: directory - recurse: yes - register: setPermissions - when: - - services.bind.enable is true - -- name: "[Alpine] Generate named.conf" - template: - src: named.conf.j2 - dest: /etc/bind/named.conf - owner: named - group: named - register: namedConfig - when: - - ansible_distribution == "Alpine" - - services.bind.enable is true - -- name: "[Archlinux] Generate named.conf" - template: - src: named.conf.j2 - dest: /etc/named.conf - owner: named - group: named - register: namedConfig +- include: install.yml when: - - ansible_distribution == "Archlinux" + - services.bind.enable is defined - services.bind.enable is true - -# (re)start it - -- name: "[OpenRC] Enable and start service: named" - service: - name: named - enabled: yes - state: started - when: - - ansible_service_mgr == "openrc" - - services.bind.enable is true - -- name: "[systemd] Enable and start service: named" - systemd: - name: named - enabled: yes - state: started - when: - - ansible_service_mgr == "systemd" - - services.bind.enable is true - -- name: "[OpenRC] Restart service: named" - service: - name: named - state: restarted - when: - - ansible_service_mgr == "openrc" - - services.bind.enable is true - - zonesClone.changed or setPermissions.changed or namedConfig.changed - -- name: "[systemd] Restart service: named" - systemd: - name: named - state: restarted - when: - - ansible_service_mgr == "systemd" - - services.bind.enable is true - - zonesClone.changed or setPermissions.changed or namedConfig.changed - - -#firewall it - -- name: "[nftables] Create rule for: bind" - copy: - src: nftables-rule.nft - dest: /etc/nftables.d/bind.nft +- include: configure.yml when: - - network.nftables.enable is true + - services.bind.enable is defined - services.bind.enable is true -- name: "[OpenRC] Restart service: nftables" - service: - name: nftables - state: restarted +- include: start.yml when: - - ansible_service_mgr == "openrc" - - network.nftables.enable is true + - services.bind.enable is defined - services.bind.enable is true -- name: "[systemd] Restart service: nftables" - systemd: - name: nftables - state: restarted +- include: firewall.yml when: - - ansible_service_mgr == "systemd" - - network.nftables.enable is true + - services.bind.enable is defined - services.bind.enable is true - - -# stop it - -- name: "[OpenRC] Disable and stop service: named" - service: - name: named - enabled: no - state: stopped - when: - - ansible_service_mgr == "openrc" - - services.bind.enable is false - -- name: "[systemd] Disable and stop service: named" - systemd: - name: named - enabled: no - state: stopped - when: - - ansible_service_mgr == "systemd" - - services.bind.enable is false - - -#defirewall it - -- name: "[nftables] Delete rule for: bind" - file: - path: /etc/nftables.d/bind.nft - state: absent - when: - network.nftables.enable is true - - services.bind.enable is false - -- name: "[OpenRC] Restart service: nftables" - service: - name: nftables - state: restarted - when: - - ansible_service_mgr == "openrc" - - network.nftables.enable is true - - services.bind.enable is false -- name: "[systemd] Restart service: nftables" - systemd: - name: nftables - state: restarted +- include: remove.yml when: - - ansible_service_mgr == "systemd" - - network.nftables.enable is true - - services.bind.enable is false - - -# deinstall it - -- name: "[Alpine] Remove package: bind" - apk: - name: bind - state: absent - when: - - ansible_distribution == "Alpine" - - services.bind.enable is false - -- name: "[Archlinux] Remove package: bind" - pacman: - name: bind - state: absent - when: - - ansible_distribution == "Archlinux" - - services.bind.enable is false - - -# remove leftover files - -- name: "Remove directory: /etc/bind" - file: - path: /etc/bind - state: absent - when: - - ansible_distribution == "Alpine" - - services.bind.enable is false - -- name: "Remove file: /etc/name.conf" - file: - path: /etc/named.conf - state: absent - when: - - ansible_distribution == "Archlinux" - - services.bind.enable is false - -- name: "Remove directory: /var/lib/named" - file: - path: /var/lib/named - state: absent - when: + - services.bind.enable is defined - services.bind.enable is false
diff --git a/roles/bind/tasks/remove.yml b/roles/bind/tasks/remove.yml @@ -0,0 +1,62 @@ +--- + +- name: "[OpenRC] Disable and stop service: named" + service: + name: named + enabled: no + state: stopped + when: + - ansible_service_mgr == "openrc" + +- name: "[systemd] Disable and stop service: named" + systemd: + name: named + enabled: no + state: stopped + when: + - ansible_service_mgr == "systemd" + + +- name: "[Alpine] Remove package: bind" + apk: + name: bind + state: absent + when: + - ansible_distribution == "Alpine" + - services.bind.enable is false + +- name: "[Archlinux] Remove package: bind" + pacman: + name: bind + state: absent + when: + - ansible_distribution == "Archlinux" + - services.bind.enable is false + + +- name: "Delete leftovers" + file: + path: "{{item}}" + state: absent + with_items: + - /etc/bind + - /etc/named.conf + - /var/lib/named + - /etc/nftables.d/bind.nft + + +- name: "[OpenRC] Restart service: nftables" + service: + name: nftables + state: restarted + when: + - ansible_service_mgr == "openrc" + - network.nftables.enable is true + +- name: "[systemd] Restart service: nftables" + systemd: + name: nftables + state: restarted + when: + - ansible_service_mgr == "systemd" + - network.nftables.enable is true
diff --git a/roles/bind/tasks/start.yml b/roles/bind/tasks/start.yml @@ -0,0 +1,33 @@ +--- + +- name: "[OpenRC] Enable and start service: named" + service: + name: named + enabled: yes + state: started + when: + - ansible_service_mgr == "openrc" + +- name: "[systemd] Enable and start service: named" + systemd: + name: named + enabled: yes + state: started + when: + - ansible_service_mgr == "systemd" + +- name: "[OpenRC] Restart service: named (to deploy config changed)" + service: + name: named + state: restarted + when: + - ansible_service_mgr == "openrc" + - zonesClone.changed or setPermissions.changed or namedConfig.changed + +- name: "[systemd] Restart service: named (to deploy config changed)" + systemd: + name: named + state: restarted + when: + - ansible_service_mgr == "systemd" + - zonesClone.changed or setPermissions.changed or namedConfig.changed