diff --git a/inventory/inventory b/inventory/inventory index 1060ee2..98f8f11 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -1,3 +1,9 @@ +[control] +localhost + +[dns] +192.168.2.236 + [aws] aws ansible_user=ubuntu diff --git a/playbooks/network_services/dns.yml b/playbooks/network_services/dns.yml new file mode 100644 index 0000000..eda0578 --- /dev/null +++ b/playbooks/network_services/dns.yml @@ -0,0 +1,51 @@ +--- +- name: sets up a fresh redhat 9 vm to offer dns services + hosts: dns + become: true + tasks: + - name: installs bind + ansible.builtin.dnf: + name: + - bind + - bind-utils + - firewalld + state: present + + - name: install bind conf file in /etc/named.conf + ansible.builtin.template: + src: ../../templates/bind.conf.j2 + dest: /etc/named.conf + mode: '0640' + + - name: change file ownership,group and permissions of named.conf + ansible.builtin.file: + path: /etc/named.conf + owner: root + group: named + mode: '0640' + + - name: install bind conf file in /etc/named.conf + ansible.builtin.template: + src: ../../templates/homelab.local.zone.j2 + dest: /var/named/homelab.local.zone + mode: '0640' + + - name: change file ownership,group and permissions of homelab.local.zone + ansible.builtin.file: + path: /var/named/homelab.local.zone + owner: root + group: named + mode: '0640' + + - name: allow access to a firewall + ansible.posix.firewalld: + service: dns + permanent: true + state: enabled + immediate: true + + - name: start the bind service + ansible.builtin.service: + name: named + state: started + enabled: true diff --git a/templates/homelab.local.zone.j2 b/templates/homelab.local.zone.j2 new file mode 100644 index 0000000..e1428ed --- /dev/null +++ b/templates/homelab.local.zone.j2 @@ -0,0 +1,12 @@ +$TTL 8h +@ IN SOA ns1.homelab.local. hostmaster.homelab.local. ( + 2024100607 ; serial number + 1d ; refresh period + 3h ; retry period + 3d ; expire time + 3h ) ; minimum TTL + +;www IN A 192.168.2. +@ IN NS ns1.homelab.local. +ns1 IN A 192.168.2.236 +;mail IN A 192.0.2.20