nsd-formula/pillar.example
Georg Pfuetzenreuter 9bbffa5f1f
feat(keys): allow pillar based management
Introduce managed TSIG keys configuration using pillar data.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-18 16:09:24 +01:00

99 lines
3.0 KiB
YAML

# -*- coding: utf-8 -*-
# vim: ft=yaml
---
nsd:
lookup:
master: template-master
# Just for testing purposes
winner: lookup
added_in_lookup: lookup_value
# pkg:
# name: nsd
# service:
# name: nsd
# config: /etc/nsd/nsd.conf
# config_include_dir: /etc/nsd/nsd.conf.d
# config_include_glob: *.conf
# Configuration is separated into several files which have their own templates
# config_files:
# 10-server: local-nsd-for-unbound
# # 90-generated-zones is reserved for zones generated by this formula
# # 10-salt is reserved for general configuration generated by this formula
# If this section is present in your Pillar data,
# nsd.conf.d/80-generated-keys will be created and managed
keys:
examplekey:
algorithm: hmac-sha512
secret: encryptme
# If this section is present in your Pillar data,
# nsd.conf.d/90-generated-zones will be created and managed.
zones:
example.test:
# Just for testing purpuses
multi-master-check: no
"168.192.in-addr.arpa": {}
# NSD's include-pattern directive may be a better way to share configuration
# across zones than using YAML anchors.
#
# You can load the zone file from a custom source and specify additional configuration options:
# example.com:
# zone_source: salt://zones/example.com.zone
# request-xfr: 192.168.0.1
# If this section is present in your Pillar data,
# nsd.conf.d/10-salt.conf will be created and managed
config_data:
server:
hide-version: 'yes'
ip-address: 127.0.0.1
# to use an option multiple times, make it a list:
# ip-address:
# - 127.0.0.1
# - 192.168.0.1
verbosity: 2
port: 53530
remote-control:
control-enable: 'yes'
control-interface: /run/nsd.sock
tofs:
# The files_switch key serves as a selector for alternative
# directories under the formula files directory. See TOFS pattern
# doc for more info.
# Note: Any value not evaluated by `config.get` will be used literally.
# This can be used to set custom paths, as many levels deep as required.
files_switch:
- any/path/can/be/used/here
- id
- roles
- osfinger
- os
- os_family
# All aspects of path/file resolution are customisable using the options below.
# This is unnecessary in most cases; there are sensible defaults.
# Default path: salt://< path_prefix >/< dirs.files >/< dirs.default >
# I.e.: salt://nsd/files/default
# path_prefix: template_alt
# dirs:
# files: files_alt
# default: default_alt
# The entries under `source_files` are prepended to the default source files
# given for the state
# source_files:
# nsd-config-file-file-managed:
# - 'example_alt.tmpl'
# - 'example_alt.tmpl.jinja'
# For testing purposes
source_files:
nsd-config-file-file-managed:
- 'nsd.conf.jinja'
# Just for testing purposes
winner: pillar
added_in_pillar: pillar_value