ansible: set up dyndns hooks

diff --git a/ansible/inventory-routers.yaml b/ansible/inventory-routers.yaml
index d050fed..edf1c36 100644 (file)
--- a/ansible/inventory-routers.yaml
+++ b/ansible/inventory-routers.yaml
@@ -7,6 +7,7 @@ routers:
       lan_ip: "10.0.1.1/24"
       ipsec_conf: "ipsec_iapetus.conf"
       hostname: "iapetus.saturn.sigsegv.be"
+      dyndns_name: "thuis.sigsegv.be"
 initial:
   hosts:
     poudriere-image:

diff --git a/ansible/roles/router/tasks/dyndns.yaml b/ansible/roles/router/tasks/dyndns.yaml
new file mode 100644 (file)
index 0000000..64face2
--- /dev/null
+++ b/ansible/roles/router/tasks/dyndns.yaml
@@ -0,0 +1,16 @@
+- name: DHCP exit hook
+  template:
+    src: "dhclient-exit-hooks"
+    dest: "/etc/dhclient-exit-hooks"
+    owner: root
+    group: wheel
+    mode: 0755
+  become: true
+- name: nsupdate key
+  template:
+    src: "{{ dyndns_name }}.private"
+    dest: "/etc/K{{ dyndns_name }}.private"
+    owner: root
+    group: wheel
+    mode: 0600
+  become: true

diff --git a/ansible/roles/router/tasks/main.yaml b/ansible/roles/router/tasks/main.yaml
index 315573e..4991049 100644 (file)
--- a/ansible/roles/router/tasks/main.yaml
+++ b/ansible/roles/router/tasks/main.yaml
@@ -83,3 +83,5 @@
     name:  strongswan
     state: started
   become: true
+- name: dynamic dns
+  import_tasks: dyndns.yaml

diff --git a/ansible/roles/router/templates/dhclient-exit-hooks b/ansible/roles/router/templates/dhclient-exit-hooks
new file mode 100644 (file)
index 0000000..b783b4b
--- /dev/null
+++ b/ansible/roles/router/templates/dhclient-exit-hooks
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -x
+
+make_commands()
+{
+  echo "server ns.sigsegv.be."
+  echo "zone {{ dyndns_name }}."
+  echo "update delete {{ dyndns_name }}. A"
+  echo "update delete {{ dyndns_name }}. AAAA"
+  echo "update add {{ dyndns_name }} 60 A $new_ip_address"
+  echo "send"
+}
+
+make_commands
+make_commands | /usr/local/bin/nsupdate -D -k /etc/K{{ dyndns_name }}.private

diff --git a/ansible/roles/router/templates/thuis.sigsegv.be.private b/ansible/roles/router/templates/thuis.sigsegv.be.private
new file mode 100644 (file)
index 0000000..e2323f6
--- /dev/null
+++ b/ansible/roles/router/templates/thuis.sigsegv.be.private
@@ -0,0 +1,14 @@
+$ANSIBLE_VAULT;1.1;AES256
+63373337353134613566383331353061373033386532313066336331363936623637346131386364
+3366356137336336653262323565613362326166653137300a633133326339333261653038386532
+31613266373738396539383265353535663834653634336362646265633763393036366161653336
+3038663534653235640a373338643033613865663663613732653563303232666439376463386637
+33646536666235336634343237666533396461323061353363323331366132353035663134653637
+63636236333431663136336234663738393337666131623165613237623036343836303533643861
+39333937643638303765323564643439333565626362613530373063383835623863656532323335
+31663937343965316130343336646630333934323264383566373461353464643538663064363537
+33323133383035396434636235653438333638626564366262363462643061316335623736393461
+36643661336338653136636230376130366539653164353361383066643263316138663462353266
+39386531666332636330373337326632383937306334363237633931346638666431373937343264
+64353333396234393537653431623233343330383331336265333262643366363136386430313462
+34303138616237393730333534373162633166643337653633663431616538646636