Inventories Update

.vscode/settings.json

@@ -1,6 +1,5 @@
 {
     "files.trimTrailingWhitespace": true,
     "files.insertFinalNewline": true,
-    "files.trimFinalNewlines": true,
     "editor.renderFinalNewline": false
 }

INSTRUCTIONS.md

@@ -14,12 +14,12 @@
 
 r1.net.tjas
 ```
+!
 version 12.4
 service timestamps debug datetime msec
 service timestamps log datetime msec
 no service password-encryption
 !
-!
 hostname r1.net.tjas
 !
 boot-start-marker
@@ -62,27 +62,35 @@ interface FastEthernet0/1.10
  description "TINU - INTERNET"
  encapsulation dot1Q 10
  ip address 192.168.1.1 255.255.255.224
+ ip access-group 10 out
  ip helper-address 192.168.2.10
+ ip nat inside
  no snmp trap link-status
 !
 interface FastEthernet0/1.20
  description "JUVA - INTRA"
  encapsulation dot1Q 20
  ip address 192.168.2.1 255.255.255.224
+ ip access-group 20 out
  ip helper-address 192.168.2.10
+ ip nat inside
  no snmp trap link-status
 !
 interface FastEthernet0/1.30
  description "AITO - TOIMISTO"
  encapsulation dot1Q 30
  ip address 192.168.3.1 255.255.255.224
+ ip access-group 30 out
  ip helper-address 192.168.2.10
+ ip nat inside
  no snmp trap link-status
 !
 interface FastEthernet0/1.69
  description "SIVE - HALLINTA"
  encapsulation dot1Q 69
  ip address 192.168.69.1 255.255.255.192
+ ip access-group 69 in
+ ip access-group 69 out
  ip helper-address 192.168.69.20
  no snmp trap link-status
 !
@@ -94,10 +102,43 @@ interface GigabitEthernet0/0/0
 ip classless
 !
 ip http server
+ip nat inside source list 1 interface FastEthernet0/0 overload
 !
+access-list 1 permit 192.168.1.0 0.0.0.31
+access-list 1 permit 192.168.2.0 0.0.0.31
+access-list 1 permit 192.168.3.0 0.0.0.31
+access-list 10 deny   192.168.0.0 0.0.255.255
+access-list 10 permit any
+access-list 20 permit 192.168.2.0 0.0.0.31
+access-list 20 deny   192.168.0.0 0.0.255.255
+access-list 20 permit any
+access-list 30 permit 192.168.2.10
+access-list 30 permit 192.168.3.0 0.0.0.31
+access-list 30 deny   192.168.0.0 0.0.255.255
+access-list 30 permit any
+access-list 69 permit 192.168.69.0 0.0.0.63
 !
 control-plane
 !
+banner motd ^C
+
+
+
+  .-') _               ('-.      .-')
+ (  OO) )             ( OO ).-. ( OO ).
+ /     '._      ,--.  / . --. /(_)---\_)
+ |'--...__) .-')| ,|  | \-.  \ /    _ |
+ '--.  .--'( OO |(_|.-'-'  |  |\  :` `.
+    |  |   | `-'|  | \| |_.'  | '..`''.)
+    |  |   ,--. |  |  |  .-.  |.-._)   \
+    |  |   |  '-'  /  |  | |  |\       /
+    `--'    `-----'   `--' `--' `-----'
+
+
+ PVJJK 1.VOS NIINISALO
+ r1.net.tjas
+
+^C
 !
 line con 0
 line aux 0
@@ -113,11 +154,13 @@ end
 s1.net.tjas
 ```
 hostname "s1.net.tjas"
+ip default-gateway 192.168.1.1
 snmp-server community "public" Unrestricted
 vlan 1
    name "DEFAULT_VLAN"
-   untagged 1-52
+   untagged 4-52
    ip address dhcp-bootp
+   no untagged 1-3
    exit
 vlan 10
    name "TINU"
@@ -140,6 +183,24 @@ vlan 69
    tagged 1-3
    exit
 ip authorized-managers 192.168.69.20 255.255.255.255
+banner motd "
+
+
+  .-') _               ('-.      .-')
+ (  OO) )             ( OO ).-. ( OO ).
+ /     '._      ,--.  / . --. /(_)---\_)
+ |'--...__) .-')| ,|  | \-.  \ /    _ |
+ '--.  .--'( OO |(_|.-'-'  |  |\  :` `.
+    |  |   | `-'|  | \| |_.'  | '..`''.)
+    |  |   ,--. |  |  |  .-.  |.-._)   \
+    |  |   |  '-'  /  |  | |  |\       /
+    `--'    `-----'   `--' `--' `-----'
+
+
+ PVJJK 1.VOS NIINISALO
+ s1.net.tjas
+
+"
 ip ssh
 password manager
 ```
@@ -147,16 +208,83 @@ password manager
 s2.net.tjas
 ```
 hostname "s2.net.tjas"
+interface 3
+   disable
+exit
+interface 4
+   disable
+exit
+interface 5
+   disable
+exit
+interface 6
+   disable
+exit
+interface 7
+   disable
+exit
+interface 8
+   disable
+exit
+interface 9
+   disable
+exit
+interface 10
+   disable
+exit
+interface 11
+   disable
+exit
+interface 12
+   disable
+exit
+interface 13
+   disable
+exit
+interface 14
+   disable
+exit
+interface 15
+   disable
+exit
+interface 16
+   disable
+exit
+interface 17
+   disable
+exit
+interface 18
+   disable
+exit
+interface 19
+   disable
+exit
+interface 20
+   disable
+exit
+interface 21
+   disable
+exit
+interface 22
+   disable
+exit
+interface 23
+   disable
+exit
+interface 24
+   disable
+exit
+ip default-gateway 192.168.2.1
 snmp-server community "public" Unrestricted
 vlan 1
    name "DEFAULT_VLAN"
-   untagged 25-28
+   untagged 3-28
    ip address dhcp-bootp
-   no untagged 1-24
+   no untagged 1-2
    exit
 vlan 20
    name "JUVA"
-   untagged 2-24
+   untagged 3-24
    ip address 192.168.2.2 255.255.255.224
    tagged 1-2
    exit
@@ -165,7 +293,25 @@ vlan 69
    ip address 192.168.69.12 255.255.255.192
    tagged 1-2
    exit
-ip authorized-managers 192.168.69.20 255.255.255.255
+ip authorized-managers 192.168.69.20
+banner motd "
+
+
+  .-') _               ('-.      .-')
+ (  OO) )             ( OO ).-. ( OO ).
+ /     '._      ,--.  / . --. /(_)---\_)
+ |'--...__) .-')| ,|  | \-.  \ /    _ |
+ '--.  .--'( OO |(_|.-'-'  |  |\  :` `.
+    |  |   | `-'|  | \| |_.'  | '..`''.)
+    |  |   ,--. |  |  |  .-.  |.-._)   \
+    |  |   |  '-'  /  |  | |  |\       /
+    `--'    `-----'   `--' `--' `-----'
+
+
+ PVJJK 1.VOS NIINISALO
+ s2.net.tjas
+
+"
 ip ssh
 password manager
 ```
@@ -173,6 +319,40 @@ password manager
 s3.net.tjas
 ```
 hostname "s3.net.tjas"
+interface 2
+   disable
+exit
+interface 3
+   disable
+exit
+interface 4
+   disable
+exit
+interface 5
+   disable
+exit
+interface 6
+   disable
+exit
+interface 7
+   disable
+exit
+interface 8
+   disable
+exit
+interface 9
+   disable
+exit
+interface 10
+   disable
+exit
+interface 11
+   disable
+exit
+interface 12
+   disable
+exit
+ip default-gateway 192.168.3.1
 snmp-server community "public" Unrestricted
 vlan 1
    name "DEFAULT_VLAN"
@@ -182,9 +362,9 @@ vlan 1
    exit
 vlan 30
    name "AITO"
+   untagged 13-24
    ip address 192.168.3.2 255.255.255.224
-   tagged 1,13-24
-   untagged
+   tagged 1
    exit
 vlan 69
    name "SIVE"
@@ -192,7 +372,25 @@ vlan 69
    ip address 192.168.69.13 255.255.255.192
    tagged 1
    exit
-ip authorized-managers 192.168.69.20 255.255.255.255
+ip authorized-managers 192.168.69.20
+banner motd "
+
+
+  .-') _               ('-.      .-')
+ (  OO) )             ( OO ).-. ( OO ).
+ /     '._      ,--.  / . --. /(_)---\_)
+ |'--...__) .-')| ,|  | \-.  \ /    _ |
+ '--.  .--'( OO |(_|.-'-'  |  |\  :` `.
+    |  |   | `-'|  | \| |_.'  | '..`''.)
+    |  |   ,--. |  |  |  .-.  |.-._)   \
+    |  |   |  '-'  /  |  | |  |\       /
+    `--'    `-----'   `--' `--' `-----'
+
+
+ PVJJK 1.VOS NIINISALO
+ s3.net.tjas
+
+"
 ip ssh
 password manager
 ```

files/dnsdist/config.conf

@@ -0,0 +1,12 @@
+setLocal('0.0.0.0:53')
+addLocal('[::]:53')
+setACL({'0.0.0.0/0', '::/0'})
+setECSOverride(true)
+setECSSourcePrefixV4(32)
+setECSSourcePrefixV6(128)
+newServer({address='127.0.0.1:531', useClientSubnet=true, pool='authorative'})
+newServer({ address='127.0.0.1:532', useClientSubnet=true, pool='recursor' })
+addAction('tjas', PoolAction('authorative'))
+addAction(AllRule(), PoolAction('recursor'))
+setSecurityPollSuffix("")
+setServFailWhenNoServer(true)

files/issue

@@ -21,4 +21,5 @@ Jääkäri Warén
 https://christerwaren.fi
 
 
-======================================================================
+
+

files/motd

@@ -25,4 +25,5 @@ ylikirjoittaa automatisoidusti.
 https://github.com/cwchristerw/tjas-intra
 
 
-======================================================================
+
+

files/networking/interfaces

@@ -15,10 +15,9 @@ auto enp0s25.20
 iface enp0s25.20 inet static
   address 192.168.2.10/27
   gateway 192.168.2.1
-  hw-mac-address 90:1b:0e:5b:18:fb
+  hwaddress 90:1b:0e:5b:18:fb
 
 auto enp0s25.69
 iface enp0s25.69 inet static
   address 192.168.69.20/26
-  gateway 192.168.69.1
-  hw-mac-address 90:1b:0e:5b:18:fc
+  hwaddress 90:1b:0e:5b:18:fc

files/powerdns-authorative/config.conf

@@ -1,6 +1,6 @@
 local-address=0.0.0.0,::
-local-port=53
-default-soa-content=s1.intra.tjas no-reply.intra.tjas 0 10800 3600 604800 3600
+local-port=531
+default-soa-content=olympus.juva.tjas no-reply.intra.tjas 0 10800 3600 604800 3600
 launch=gmysql
 gmysql-host=127.0.0.1
 gmysql-port=3306

files/powerdns-recursor/config.conf

@@ -0,0 +1,9 @@
+incoming:
+  listen:
+    - 127.0.0.1:532
+recursor:
+  forward_zones:
+    - zone: tjas
+      recurse: false
+      forwarders:
+        - 127.0.0.1:531

files/yggdrasil/config.conf

@@ -6,11 +6,17 @@
     # use this section when you may connect via different interfaces.
 
     Peers: [
-        #TRUSTED PEERS - Waren Group
-        #aurora.devices.waren.io
-        #201:361f:bbfb:7210:c5b8:3f74:a285:adb9
-        "tls://[2a01:4f9:2a:60c::2]:18836",
-        "tls://95.216.5.243:18836",
+{% if config.yggdrasil.peers is defined %}
+        #TRUSTED PEERS
+{% for peer in config.yggdrasil.peers %}
+{% if peer.name is defined and peer.address is defined and peer.address is defined %}
+
+        #{{ peer.name }}
+        "{{ peer.address }}"{% if not loop.last %},{% endif %}
+{% endif %}
+{% endfor %}
+{% endif %}
+
     ]
 
     # List of connection strings for static peers in URI format, arranged

inventories/pvjjk-1vos-niinisalo/group_vars/pvjjk_1vos_niinisalo

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
+30383633646132396336336135366264386137643166376336666261316465346632353333616361
+3134623361333633653666313035633536396662613234320a386239373636623061383331663438
+64366431613763376239613036633365346266643163396331653237313662346231623731373530
+6630653939373762380a363939383862623336666361303032653431356139383766663331656335
+3438

inventories/pvjjk-1vos-niinisalo/host_vars/olympus.juva.tjas

@@ -1,42 +1,51 @@
 $ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
-33353437353561323566336635356239333339343163306335613265633931323164633966633432
-3334663031336637356131353161303136333063396561330a346633303561623137323964306630
-66663134396266386665386566643033613364613038626562343134376235383466363966653864
-6539646166353836340a633539663236386337636433333334346633646536653335336532303132
-36373030613335623465386233376338623263326461373638336538626538356462663138333736
-62326639653739373438636466633461386238363630623262626361383636396665373765313231
-62376236626161386265313932643361306538343535663161366538653037633661323134386661
-61663433343837653732313435646263353835366561383734383162363861653261636534393661
-31363934616239333364373961393238343161616565326135663831353837633033613432323835
-37376134663937613234373664343264303636323363613466346161303266373239646362393334
-31313932623234636436643132643439313434363231646230663432356436316264373339373564
-62636437663563363562303663383831333035643765313332393338316163626537656638363739
-62303633663164633566343362656462353737303935313837613738316564656639383537613737
-63633863663864326339386537633330383235373866643563396139313638643831396264336138
-37343238386234623962643130306666316361653537306466653133333437616533643535366638
-63386236653535396133313430306231613938303462386134613230303432346537396133623134
-64646261353561656664333132646364303732656234303237316635376239646635333435323766
-61643136623339373463393032363462353963623535616230623366613163323538333461363937
-64373132313837623435323830633038386664333262353734333637303761663933393732323463
-65613464643766373034333261373233353132356466343066306538656537303434306633643530
-63323930643562663032633062343335333266393931663661643731346563386161623263323935
-34386461333566623535656335623338316563386232356462623566613363333539316536613234
-31366533333962643735393733326134313932326565346166333064616633363964326637653761
-33396435313663633237366166613936383335326231393738663166326664633161623532326636
-32343130383438633732613863366562386131326538643838663364363434656533623566663334
-63396563626430343437346636663530363933356365633637326634656530326431653335366631
-33333136306136396639326566303336646635653435356430663631646666633164646535303830
-64313565323134366566343939626638646230336131373166383935313062373630646665343633
-31623938363763653364643763353462356537616638306338643165353164306139303134663361
-32376331313531326664303563336338393836383665323762336564366438623066643962623833
-66363466613539626431373335636533313536303231666435333132383030643836633361343930
-62393337373831393061656434393635656537633432636562333237633963643964336331666130
-62316530316235393765306666353739663434356664343363633036366166363836356530343437
-30336632373765353231636261393839323531613139346338313437626565646331336638373262
-63643663616236646532663562663536646364303231356236326136646665393739326535636363
-65626136356138373530623137396637623438383338623466323835326137356264666532313566
-36383035663763636536303830383532313638363135363539643961343038613762346638633262
-65343833363761373431663634333663373132333635363332383861366134643439383038336563
-61626263336264373933313662383362373562656639356138616639663033306464643531356339
-31343764383234336464383561333635623238363331383164366162336332343165323933313966
-3831
+30386163316331336461633036653363613064366361653938616138353736366463643664393933
+6533383232616130626431353164663738346630616465300a393062663634356566656562646137
+36623535313932316262663064366535616565386436653761336463323163646439656563303262
+6531373030393264310a623933386234306532643664363335386231626664643531656433323731
+30373237626531336431343965313239616339356162383262313363363262613463303236643734
+62303636646232383235316137393634626235386662616339343231626661376331396138343361
+31663630306431653532666463326536636365663163663162643136366363333638333930373234
+36306166366533636562363063336436333465393231316363343864373335646437373561353538
+31613162643664633435363831326230373635313165633566323135303263323034636265393163
+62373234613334393261356464643262616132343963383165303534346335373634396161383532
+31623330373935613866336135323038343030353865373863633562303134613662353762376134
+61653035313965316134666534366435663333386235636266376164663731646365626135613166
+39333934653563623966366466613436313635313537363337386133356433356336303938333366
+66653735636462383666396332656333666234333435333062356338383034656637323438316134
+62386136663962336232623663666438333931376561303964636563306664313134373338303339
+32313635643136396365383834343438633463366262366330653034333332653038356331346566
+30336164393136383434646636376239656162643734643735306436303961326565346566333461
+33383861356537656262646131386134303165636632343134383264353466316633663732396334
+33373664633239396234366534636365346631643063373836666233626565626234363433313866
+31663464346264393731623364373035616134376430333764383836353132386339636537326637
+36366662333336373633653330353939396239623037653862393932373932353834373339373934
+61663338666164663235653337336238626462653336313532643131383638336535376232303465
+64363530393065383639663731383036613338343436313937663162643434323835353363653738
+62613139343934656135313832323532623263653038353166313531643036303538613436323664
+33356434623633643462326564383263323833376165366536633264656366353137316265653534
+36656561353634626330636363636133356265306336623737643961663061343630383330386538
+63636434303066646261636338323563373663323835386563393539616663636139356536393462
+37363766356138616232333162666562333261626661646538613862306264336636396562313665
+35373266366134623263663363376630343263623335666663396438663238636534393130623134
+36653465383763646563386361636530393366323538336532393661306362346333353661303334
+32633966303964383861653365626332316135373731393935313262383164346233353765396561
+33323864306336353732623937386235646366663764653965633764643864366331666262386639
+66326335326562646630346435663533313335373034663565333839323961383366643263356133
+64303030366263356231343530343566623935306431653866613165393633643835653330666436
+38663535373666333763386436646337656133303262396237663931323864336630646466306462
+65656536336533343065316637613034626333343837616363376263636635363866383638393234
+39373030663230383865396131363638376537363362666439636235626461303930396464313532
+63306136613265636438333764646465306565333435666233656534656538646465636263363433
+37356131353530363665336564386264616235613564363065356234336537363561313666653637
+35336638623730633735643465316164323739316636353762653965633831626561313532626139
+62303933376637376334666362306133383035376561333361326338663762363230303533363632
+62383539626263363636636164366139306666333165636130323765643532363338656261396135
+36336664656335383561643637383066653531303236323765356666343765616134343036313538
+34623935616531323536383565313238333564613635343332303238626534613337353430303864
+30383131346163636335363563656465316263316439646530663665386636393261386536306265
+34656230643662653665383730396335646562306161663233353835666131633730663237336434
+62643631653738633638366133396364623837343138613765616362633262333333646639396637
+36386533386439623866346335376164336439366133643266663938643333383836346538636536
+35376335306435616236323163616163656366366630656535393233643966313166346530383365
+3630646439643335393964313862363134396566636661643666

protect.sh

@@ -5,23 +5,23 @@ nounderline=`tput rmul`
 bold=$(tput bold)
 normal=$(tput sgr0)
 
-echo "${bold}PVJJK 1.VOS TJAS / Infra / Protect${normal}"
+echo "${bold}PVJJK 1.VOS Niinisalo / TJAS Infra / Protect${normal}"
 action=$1
 
 encrypt() {
     echo "${underline}Encrypting...${nounderline}"
-    execute "ansible-vault encrypt --vault-id pvjjk-1vos-niinisalo@vault/pvjjk-1vos-niinisalo"
+    execute "ansible-vault encrypt --vault-id $1@vault/$1" $1
 }
 
 decrypt() {
     echo "${underline}Decrypting...${nounderline}"
-    execute "ansible-vault decrypt --vault-id pvjjk-1vos-niinisalo@vault/pvjjk-1vos-niinisalo"
+    execute "ansible-vault decrypt --vault-id $1@vault/$1" $1
 }
 
 list() {
     echo "${underline}Listing...${nounderline}"
     i=0
-    for file in inventories/*/group_vars/* inventories/*/host_vars/*;
+    for file in inventories/$1/group_vars/* inventories/$1/host_vars/*;
     do
         i=$((i + 1))
         echo $i")"$file
@@ -29,7 +29,8 @@ list() {
 }
 
 execute() {
-for file in inventories/*/group_vars/* inventories/*/host_vars/*;
+i=0
+for file in inventories/$2/group_vars/* inventories/$2/host_vars/*;
     do
         i=$((i + 1))
         echo $i")"$file
@@ -40,13 +41,13 @@ for file in inventories/*/group_vars/* inventories/*/host_vars/*;
 
 case $action in
     encrypt)
-        encrypt
+        encrypt pvjjk-1vos-niinisalo
         ;;
     decrypt)
-        decrypt
+        decrypt pvjjk-1vos-niinisalo
         ;;
     list)
-        list
+        list pvjjk-1vos-niinisalo
         ;;
     help)
         echo "encrypt, decrypt, list"

tasks/deployer.yml

@@ -58,7 +58,6 @@
   containers.podman.podman_image:
     name: docker.io/library/golang
     tag: alpine
-#    force: true
   register: deployerTaskY2
 
 - name: "Deployer - Yggdrasil - Clone Repository"
@@ -108,7 +107,6 @@
   containers.podman.podman_image:
     name: docker.io/library/mariadb
     tag: latest
-#    force: true
   register: deployerTaskM1
 
 - name: "Deployer - MariaDB - Run Container"
@@ -216,7 +214,7 @@
 
 - name: "Deployer - Kea - Configure - Database : Init"
   ansible.builtin.command:
-    cmd: "kea-admin db-init mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
+    cmd: "/usr/sbin/kea-admin db-init mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
   register: deployerTaskK2
   changed_when:
     - deployerTaskK2.stdout.find('Initializing database') != -1
@@ -229,7 +227,7 @@
 
 - name: "Deployer - Kea - Configure - Database : Upgrade"
   ansible.builtin.command:
-    cmd: "kea-admin db-upgrade mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
+    cmd: "/usr/sbin/kea-admin db-upgrade mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
   tags:
     - kea
     - dhcp
@@ -252,62 +250,185 @@
     - kea
     - dhcp
 
-- name: "Deployer - PowerDNS - Configure - Create Folder"
+
+- name: "Deployer - dnsdist - Configure - Create Folder"
   ansible.builtin.file:
-    path: "/root/data/powerdns/"
+    path: "/root/data/dnsdist/"
     state: directory
   tags:
-    - powerdns
+    - dnsdist
     - dns
 
-- name: "Deployer - PowerDNS - Configure - Create Subfolders"
+- name: "Deployer - dnsdist - Configure - Create Subfolders"
   ansible.builtin.file:
-    dest: '/root/data/powerdns/{{ item.path }}'
+    dest: '/root/data/dnsdist/{{ item.path }}'
     state: directory
-  with_filetree: './files/powerdns/'
+  with_filetree: './files/dnsdist/'
   loop_control:
     label: "{{ item.path }}"
   when:
     - item.state == 'directory'
   tags:
-    - powerdns
+    - dnsdist
     - dns
 
-- name: "Deployer - PowerDNS - Configure - Generating & Transferring Files"
+- name: "Deployer - dnsdist - Configure - Generating & Transferring Files"
   ansible.builtin.template:
     src: '{{ item.src }}'
-    dest: '/root/data/powerdns/{{ item.path }}'
-  register: deployerTaskP1
-  with_filetree: './files/powerdns/'
+    dest: '/root/data/dnsdist/{{ item.path }}'
+  register: deployerTaskD1
+  with_filetree: './files/dnsdist/'
   loop_control:
     label: "{{ item.path }}"
   when:
     - item.state == 'file'
   tags:
-    - powerdns
+    - dnsdist
     - dns
 
-- name: "Deployer - PowerDNS - Pull Image"
+- name: "Deployer - dnsdist - Pull Image"
   containers.podman.podman_image:
-    name: docker.io/powerdns/pdns-auth-49
+    name: docker.io/powerdns/dnsdist-20
     tag: latest
-#    force: true
-  register: deployerTaskP2
+  register: deployerTaskD2
 
-- name: "Deployer - PowerDNS - Run Container"
+- name: "Deployer - dnsdist - Run Container"
   containers.podman.podman_container:
-    name: powerdns
-    image: docker.io/powerdns/pdns-auth-49:latest
+    name: dnsdist
+    image: docker.io/powerdns/dnsdist-20:latest
     state: started
     recreate: on
     network: host
     restart_policy: always
     volumes:
-      - "/root/data/powerdns/config.conf:/etc/powerdns/pdns.conf:ro"
+      - "/root/data/dnsdist/config.conf:/etc/dnsdist/dnsdist.conf:ro"
+    tty: yes
+    interactive: yes
+    capabilities:
+      - NET_BIND_SERVICE
   when:
-    - (deployerTaskP1 is defined and deployerTaskP1.changed) or deployerTaskP1 is undefined or (deployerTaskP2 is defined and deployerTaskP2.changed) or deployerTaskP2 is undefined
+    - (deployerTaskD1 is defined and deployerTaskD1.changed) or deployerTaskD1 is undefined or (deployerTaskD2 is defined and deployerTaskD2.changed) or deployerTaskD2 is undefined
   tags:
-    - powerdns
+    - dnsdist
+    - dns
+
+- name: "Deployer - PowerDNS Authorative - Configure - Create Folder"
+  ansible.builtin.file:
+    path: "/root/data/powerdns-authorative/"
+    state: directory
+  tags:
+    - powerdns-authorative
+    - dns
+
+- name: "Deployer - PowerDNS Authorative - Configure - Create Subfolders"
+  ansible.builtin.file:
+    dest: '/root/data/powerdns-authorative/{{ item.path }}'
+    state: directory
+  with_filetree: './files/powerdns-authorative/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'directory'
+  tags:
+    - powerdns-authorative
+    - dns
+
+- name: "Deployer - PowerDNS Authorative - Configure - Generating & Transferring Files"
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '/root/data/powerdns-authorative/{{ item.path }}'
+  register: deployerTaskPA1
+  with_filetree: './files/powerdns-authorative/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'file'
+  tags:
+    - powerdns-authorative
+    - dns
+
+- name: "Deployer - PowerDNS Authorative - Pull Image"
+  containers.podman.podman_image:
+    name: docker.io/powerdns/pdns-auth-50
+    tag: latest
+  register: deployerTaskPA2
+
+- name: "Deployer - PowerDNS Authorative - Run Container"
+  containers.podman.podman_container:
+    name: powerdns-authorative
+    image: docker.io/powerdns/pdns-auth-50:latest
+    state: started
+    recreate: on
+    network: host
+    restart_policy: always
+    volumes:
+      - "/root/data/powerdns-authorative/config.conf:/etc/powerdns/pdns.conf:ro"
+    capabilities:
+      - NET_BIND_SERVICE
+  when:
+    - (deployerTaskPA1 is defined and deployerTaskPA1.changed) or deployerTaskPA1 is undefined or (deployerTaskPA2 is defined and deployerTaskPA2.changed) or deployerTaskPA2 is undefined
+  tags:
+    - powerdns-authorative
+    - dns
+
+
+- name: "Deployer - PowerDNS Recursor - Configure - Create Folder"
+  ansible.builtin.file:
+    path: "/root/data/powerdns-recursor/"
+    state: directory
+  tags:
+    - powerdns-recursor
+    - dns
+
+- name: "Deployer - PowerDNS Recursor - Configure - Create Subfolders"
+  ansible.builtin.file:
+    dest: '/root/data/powerdns-recursor/{{ item.path }}'
+    state: directory
+  with_filetree: './files/powerdns-recursor/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'directory'
+  tags:
+    - powerdns-recursor
+    - dns
+
+- name: "Deployer - PowerDNS Recursor - Configure - Generating & Transferring Files"
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '/root/data/powerdns-recursor/{{ item.path }}'
+  register: deployerTaskPR1
+  with_filetree: './files/powerdns-recursor/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'file'
+  tags:
+    - powerdns-recursor
+    - dns
+
+- name: "Deployer - PowerDNS Recursor - Pull Image"
+  containers.podman.podman_image:
+    name: docker.io/powerdns/pdns-recursor-52
+    tag: latest
+  register: deployerTaskPR2
+
+- name: "Deployer - PowerDNS Recursor - Run Container"
+  containers.podman.podman_container:
+    name: powerdns-recursor
+    image: docker.io/powerdns/pdns-recursor-52:latest
+    state: started
+    recreate: on
+    network: host
+    restart_policy: always
+    volumes:
+      - "/root/data/powerdns-recursor/config.conf:/etc/powerdns/recursor.conf:ro"
+    capabilities:
+      - NET_BIND_SERVICE
+  when:
+    - (deployerTaskPR1 is defined and deployerTaskPR1.changed) or deployerTaskPR1 is undefined or (deployerTaskPR2 is defined and deployerTaskPR2.changed) or deployerTaskPR2 is undefined
+  tags:
+    - powerdns-recursor
     - dns
 
 - name: "Deployer - Nginx - Configure - Create Folder"
@@ -349,7 +470,6 @@
   containers.podman.podman_image:
     name: docker.io/library/nginx
     tag: latest
-#    force: true
   register: deployerTaskN2
 
 - name: "Deployer - Nginx - Run Container"

tasks/installer.yml

@@ -133,6 +133,8 @@
       - http
       - https
       - ssh
+      - dhcp
+      - dns
   loop: "{{ services }}"
   loop_control:
     label: "{{ service }}"