wip
This commit is contained in:
mwiegand
parent
f37e2d2fbd
commit
cb8eb8dac2
4 changed files with 81 additions and 20 deletions
|
|
@ -1,6 +1,6 @@
|
||||||
<%!
|
<%!
|
||||||
def column_width(column, table):
|
def column_width(column, table):
|
||||||
return max(map(lambda row: len(row[column]), table)) if table else 0
|
return max(map(lambda row: len(row[column]), table)) if table else 0
|
||||||
%>\
|
%>\
|
||||||
$TTL 600
|
$TTL 600
|
||||||
@ IN SOA ns.sublimity.de. admin.sublimity.de. (
|
@ IN SOA ns.sublimity.de. admin.sublimity.de. (
|
||||||
|
|
@ -15,9 +15,9 @@ $TTL 600
|
||||||
${(record['name'] or '@').ljust(column_width('name', records))} \
|
${(record['name'] or '@').ljust(column_width('name', records))} \
|
||||||
IN \
|
IN \
|
||||||
${record['type'].ljust(column_width('type', records))} \
|
${record['type'].ljust(column_width('type', records))} \
|
||||||
% if record['type'] == 'TXT':
|
% if record['type'] == 'TXT':
|
||||||
(${' '.join('"'+record['value'][i:i+255]+'"' for i in range(0, len(record['value']), 255))})
|
(${' '.join('"'+record['value'][i:i+255]+'"' for i in range(0, len(record['value']), 255))})
|
||||||
% else:
|
% else:
|
||||||
${record['value']}
|
${record['value']}
|
||||||
% endif
|
% endif
|
||||||
% endfor
|
% endfor
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,2 @@
|
||||||
include "/etc/bind/named.conf.options";
|
include "/etc/bind/named.conf.options";
|
||||||
include "/etc/bind/named.conf.local";
|
include "/etc/bind/named.conf.local";
|
||||||
include "/etc/bind/named.conf.default-zones";
|
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,13 @@
|
||||||
% for zone in zones:
|
% for view in views:
|
||||||
zone "${zone}" {
|
view "${view['name']}" {
|
||||||
type master;
|
match-clients {${' '.join(f'{e}; ' for e in view['acl'])}};
|
||||||
file "/var/lib/bind/db.${zone}";
|
% for zone in zones:
|
||||||
|
zone "${zone}" {
|
||||||
|
type master;
|
||||||
|
file "/var/lib/bind/${view['name']}/db.${zone}";
|
||||||
|
};
|
||||||
|
% endfor
|
||||||
|
include "/etc/bind/named.conf.default-zones";
|
||||||
|
include "/etc/bind/zones.rfc1918";
|
||||||
};
|
};
|
||||||
% endfor
|
% endfor
|
||||||
|
|
||||||
include "/etc/bind/zones.rfc1918";
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,6 @@
|
||||||
directories['/var/lib/bind'] = {
|
from ipaddress import ip_address
|
||||||
|
|
||||||
|
directories[f'/var/lib/bind'] = {
|
||||||
'purge': True,
|
'purge': True,
|
||||||
'needed_by': [
|
'needed_by': [
|
||||||
'svc_systemd:bind9',
|
'svc_systemd:bind9',
|
||||||
|
|
@ -38,9 +40,28 @@ files['/etc/bind/named.conf.options'] = {
|
||||||
'svc_systemd:bind9:restart',
|
'svc_systemd:bind9:restart',
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
|
||||||
|
views = [
|
||||||
|
{
|
||||||
|
'name': 'internal',
|
||||||
|
'is_internal': True,
|
||||||
|
'acl': [
|
||||||
|
'10.0.0.0/16',
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
'name': 'external',
|
||||||
|
'is_internal': False,
|
||||||
|
'acl': [
|
||||||
|
'any',
|
||||||
|
]
|
||||||
|
},
|
||||||
|
]
|
||||||
|
|
||||||
files['/etc/bind/named.conf.local'] = {
|
files['/etc/bind/named.conf.local'] = {
|
||||||
'content_type': 'mako',
|
'content_type': 'mako',
|
||||||
'context': {
|
'context': {
|
||||||
|
'views': views,
|
||||||
'zones': sorted(node.metadata.get('bind/zones')),
|
'zones': sorted(node.metadata.get('bind/zones')),
|
||||||
},
|
},
|
||||||
'owner': 'root',
|
'owner': 'root',
|
||||||
|
|
@ -53,14 +74,27 @@ files['/etc/bind/named.conf.local'] = {
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
|
||||||
for zone, records in node.metadata.get('bind/zones').items():
|
def use_record(record, records, view):
|
||||||
files[f'/var/lib/bind/db.{zone}'] = {
|
if record['type'] in ['A', 'AAAA']:
|
||||||
'group': 'bind',
|
if view == 'external':
|
||||||
'source': 'db',
|
# no internal addresses in external view
|
||||||
'content_type': 'mako',
|
if ip_address(record['value']).is_private:
|
||||||
'context': {
|
return False
|
||||||
'records': records,
|
elif view == 'internal':
|
||||||
},
|
# external addresses in internal view only, if no internal exists
|
||||||
|
if ip_address(record['value']).is_global:
|
||||||
|
for other_record in records:
|
||||||
|
if (
|
||||||
|
record['name'] == other_record['name'] and
|
||||||
|
record['type'] == other_record['type'] and
|
||||||
|
ip_address(other_record['value']).is_private
|
||||||
|
):
|
||||||
|
return False
|
||||||
|
return True
|
||||||
|
|
||||||
|
for view in views:
|
||||||
|
directories[f"/var/lib/bind/{view['name']}"] = {
|
||||||
|
'purge': True,
|
||||||
'needed_by': [
|
'needed_by': [
|
||||||
'svc_systemd:bind9',
|
'svc_systemd:bind9',
|
||||||
],
|
],
|
||||||
|
|
@ -69,6 +103,29 @@ for zone, records in node.metadata.get('bind/zones').items():
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for zone, records in node.metadata.get('bind/zones').items():
|
||||||
|
files[f"/var/lib/bind/{view['name']}/db.{zone}"] = {
|
||||||
|
'group': 'bind',
|
||||||
|
'source': 'db',
|
||||||
|
'content_type': 'mako',
|
||||||
|
'context': {
|
||||||
|
'view': view['name'],
|
||||||
|
'records': list(filter(
|
||||||
|
lambda record: use_record(record, records, view['name']),
|
||||||
|
records
|
||||||
|
)),
|
||||||
|
},
|
||||||
|
'needs': [
|
||||||
|
f"directory:/var/lib/bind/{view['name']}",
|
||||||
|
],
|
||||||
|
'needed_by': [
|
||||||
|
'svc_systemd:bind9',
|
||||||
|
],
|
||||||
|
'triggers': [
|
||||||
|
'svc_systemd:bind9:restart',
|
||||||
|
],
|
||||||
|
}
|
||||||
|
|
||||||
svc_systemd['bind9'] = {}
|
svc_systemd['bind9'] = {}
|
||||||
|
|
||||||
actions['named-checkconf'] = {
|
actions['named-checkconf'] = {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue