ansible-role-bind9/tasks/sign_zone_file.yml

29 lines
903 B
YAML
Raw Permalink Normal View History

2024-05-22 18:22:17 +00:00
---
- name: "Sign DNS Zone {{ zone.config.origin }}"
vars:
dnssec_cmd:
- dnssec-signzone
- -N
- INCREMENT
- -S
- -K
- "{{ bind9_options.key_directory }}"
block:
- name: "Extend dnssec command of ORIGIN"
ansible.builtin.set_fact:
_dnssec_cmd: "{{ dnssec_cmd + ['-o', zone.config.origin] }}"
- name: "Extend dnssec command of zone file"
ansible.builtin.set_fact:
_dnssec_cmd: "{{ _dnssec_cmd + [bind_config_directory + '/' + zone.file] }}"
- name: "Sign zone {{ zone.config.origin }}"
ansible.builtin.command:
argv: "{{ _dnssec_cmd }}"
creates: "{{ bind_config_directory + '/' + zone.file }}.signed"
- name: Adapt signed zone file permissions
ansible.builtin.file:
path: "{{ bind_config_directory + '/' + zone.file }}.signed"
owner: "{{ bind_unix_user }}"
group: "{{ bind_unix_group }}"
mode: "0644"