ansible-role-bind9/tasks/sign_zone_file.yml
Markus Pesch 20bf0a7f9b
Some checks reported errors
continuous-integration/drone/push Build encountered an error
feat: support DNSSEC
2024-05-22 20:23:24 +02:00

29 lines
903 B
YAML

---
- name: "Sign DNS Zone {{ zone.config.origin }}"
vars:
dnssec_cmd:
- dnssec-signzone
- -N
- INCREMENT
- -S
- -K
- "{{ bind9_options.key_directory }}"
block:
- name: "Extend dnssec command of ORIGIN"
ansible.builtin.set_fact:
_dnssec_cmd: "{{ dnssec_cmd + ['-o', zone.config.origin] }}"
- name: "Extend dnssec command of zone file"
ansible.builtin.set_fact:
_dnssec_cmd: "{{ _dnssec_cmd + [bind_config_directory + '/' + zone.file] }}"
- name: "Sign zone {{ zone.config.origin }}"
ansible.builtin.command:
argv: "{{ _dnssec_cmd }}"
creates: "{{ bind_config_directory + '/' + zone.file }}.signed"
- name: Adapt signed zone file permissions
ansible.builtin.file:
path: "{{ bind_config_directory + '/' + zone.file }}.signed"
owner: "{{ bind_unix_user }}"
group: "{{ bind_unix_group }}"
mode: "0644"