diff --git a/pillar/formulas.yaml b/pillar/formulas.yaml index 191a8e1..0683900 100644 --- a/pillar/formulas.yaml +++ b/pillar/formulas.yaml @@ -2,6 +2,7 @@ - firewalld - keepalived - nginx +- nsd - openssh - postfix - prometheus diff --git a/pillar/role/dns/nsd.sls b/pillar/role/dns/nsd.sls new file mode 100644 index 0000000..4b89a0a --- /dev/null +++ b/pillar/role/dns/nsd.sls @@ -0,0 +1,35 @@ +nsd: + config_data: + server: + hide-version: 'yes' + verbosity: 2 + ip4-only: 'yes' + remote-control: + control-enable: 'yes' + control-interface: '/run/nsd/nsd.sock' + zones: + lysergic.dev: + zone_source: salt://zones/lysergic.dev.zone + allow-notify: 192.168.0.115 tsig.lysergic.dev. + request-xfr: 10.0.10.2@5353 tsig.lysergic.dev. + outgoing-interface: 192.168.0.160 + psyched.dev: + zone_source: salt://zones/psyched.dev.zone + allow-notify: 192.168.0.115 tsig.psyched.dev. + request-xfr: 10.0.10.2@5353 tsig.psyched.dev. + outgoing-interface: 192.168.0.160 + syscid.com: + zone_source: salt://zones/syscid.com.zone + allow-notify: 192.168.0.115 tsig.syscid.com. + request-xfr: 10.0.10.2@5353 tsig.syscid.com. + outgoing-interface: 192.168.0.160 + keys: + tsig.lysergic.dev.: + algorithm: hmac-sha512 + secret: ${'secret_nsd:tsig_key:lysergic_dev'} + tsig.syscid.com.: + algorithm: hmac-sha512 + secret: ${'secret_nsd:tsig_key:syscid_com'} + tsig.psyched.dev.: + algorithm: hmac-sha512 + secret: ${'secret_nsd:tsig_key:psyched_dev'} diff --git a/salt/role/dns/nsd.sls b/salt/role/dns/nsd.sls new file mode 100644 index 0000000..bb9f5fd --- /dev/null +++ b/salt/role/dns/nsd.sls @@ -0,0 +1,2 @@ +include: + - nsd