update name-resolution role

group_vars/dhcp.yml

@@ -1,217 +0,0 @@
----
-dns_primary: 1.1.1.1
-dns_secondary: 1.0.0.1
-dns_over_https: true
-
-gateway_server_ip: 10.0.0.2
-actual_gateway_ip: 10.0.0.1
-wireguard_server_ip: 10.0.0.8 # static route to webers through this server
-gateway_internal_interface: enp3s0
-# TODO split out static route in dhcpd.conf.j2 (currently hardcoded)
-
-
-wg_interface: wg0
-wg_private_key: "{{ vaulted_wg_private_key }}"
-wg_address: "{{ vaulted_wg_address }}"
-wg_allowed_ips: 0.0.0.0/0,::0/0
-wg_info: "{{ vaulted_wg_info | shuffle | first }}"
-wg_public_key: "{{ wg_info.pubkey }}"
-wg_endpoint: "{{ wg_info.endpoint }}"
-
-dhcp_cidr: 10.0.0.0
-dhcp_netmask: 255.255.255.0
-dhcp_range_start: 10.0.0.125
-dhcp_range_end: 10.0.0.200
-dhcp_routers: "{{ actual_gateway_ip }}"
-
-allowed_access_cidrs:
-  - 10.0.0.0/24
-
-allowed_services:
-  - dns
-  - dhcp
-
-status_services:
-  - wg-quick@wg0
-  - unbound
-  - dhcpd
-
-reservations:
-  - type: default
-    name: gateway
-    mac: 00:e0:4c:68:01:ad # internal
-    ip: 10.0.0.2
-
-  - type: default
-    name: netgearap
-    mac: 94:a6:7e:58:3a:9f
-    #mac: 10:da:43:8c:a3:13
-    ip: 10.0.0.3
-
-  - type: secured
-    name: nas
-    mac: fc:aa:14:86:9d:7b
-    ip: 10.0.0.4
-
-  - type: secured
-    name: kodilv
-    mac: 48:21:0b:3f:2a:ef
-    ip: 10.0.0.5
-
-  - type: secured
-    name: kodimb
-    mac: e4:5f:01:4f:7c:74
-    ip: 10.0.0.6
-
-  - type: secured
-    name: kodijb
-    mac: 00:23:24:ad:2f:72
-    ip: 10.0.0.7
-
-  - type: default
-    name: tvheadend
-    mac: 10:bf:48:4e:08:85
-    ip: 10.0.0.8
-
-  - type: secured
-    name: arm
-    mac: 10:bf:48:d4:d5:fc
-    ip: 10.0.0.9
-
-  - type: devnull
-    name: ipcameras
-    mac: 9c:8e:cd:2e:51:9c
-    ip: 10.0.0.11
-
-  - type: default
-    name: retropie
-    mac: b8:27:eb:42:71:dc
-    ip: 10.0.0.12
-
-  - type: secured
-    name: kodiserver
-    mac: f4:4d:30:65:4d:1f
-    ip: 10.0.0.14
-
-  - type: default
-    name: kitchen
-    mac: 60:f2:62:61:2d:71
-    ip: 10.0.0.15
-
-  - type: default
-    name: x10
-    mac: b8:27:eb:7c:f3:ff
-    ip: 10.0.0.16
-
-  - type: default
-    name: brother-print-server
-    mac: 80:1f:02:4a:cd:cf
-    ip: 10.0.0.17
-
-  - type: default
-    name: dellxps
-    mac: f0:1f:af:36:0c:48
-    ip: 10.0.0.19
-
-  - type: devnull
-    name: zoom
-    mac: 00:12:41:ba:5c:00
-    ip: 10.0.0.20
-
-  # Ricky's Camera joystick manually set to 10.0.0.21
-
-  # will set cameras to 10.0.0.30
-
-  - type: default
-    name: nixos-laptop
-    mac: 28:d2:44:d8:7f:95
-    ip: 10.0.0.40
-
-  # Ricky's new laptop wifi manually set to 10.0.0.41
-
-  # Ricky's old laptop manually set to 10.0.0.42
-
-  # Ricky's new laptop ethernet manually set to 10.0.0.43
-
-  - type: cloudflare
-    name: blaine-work-laptop
-    mac: 08:3a:88:57:ab:fa
-    ip: 10.0.0.45
-
-  - type: default
-    name: s7
-    mac: 8c:f5:a3:6a:55:f6
-    ip: 10.0.0.51
-
-  - type: default
-    name: t440s-ethernet
-    mac: 68:f7:28:21:36:60
-    ip: 10.0.0.52
-
-  - type: default
-    name: t440s-wifi
-    mac: a4:c4:94:df:2f:c3
-    ip: 10.0.0.53
-
-  - type: default
-    name: blaine-iphone
-    mac: f0:a3:5a:95:b4:cd
-    ip: 10.0.0.54
-
-  - type: default
-    name: xen-titanium
-    mac: f0:57:a6:87:50:23
-    ip: 10.0.0.55
-
-  - type: default
-    name: controller1
-    mac: 6c:0b:84:e0:d2:a0
-    ip: 10.0.0.60
-
-  - type: default
-    name: worker1
-    mac: 00:23:24:c7:1d:fb
-    ip: 10.0.0.61
-
-  - type: default
-    name: worker2
-    mac: 00:23:24:c7:25:bf
-    ip: 10.0.0.62
-
-  - type: default
-    name: worker3
-    mac: 00:23:24:b4:d3:3b
-    ip: 10.0.0.63
-
-  - type: default
-    name: worker4
-    mac: 6c:0b:84:1:9b:61
-    ip: 10.0.0.64
-
-  - type: default
-    name: worker6
-    mac: f8:e4:3b:bb:0c:c8
-    ip: 10.0.0.66
-
-
-  - type: cloudflare
-    name: julie-macbook
-    mac: b8:8d:12:36:f1:16
-    ip: 10.0.0.90
-
-  # Ken is using 10.0.0.91
-
-  - type: devnull
-    name: cameradvr
-    mac: 00:12:41:12:e5:22
-    ip: 10.0.0.158
-
-  - type: devnull
-    name: backyard-camera
-    mac: 00:2a:2a:5c:06:9a
-    ip: 10.0.0.173
-
-  - type: default
-    name: netgear-switch1
-    mac: cc:40:d0:4c:3a:b6
-    ip: 10.0.0.254

plays/name-resolution.yml

@@ -0,0 +1,226 @@
+---
+- hosts: 10.0.0.2
+  gather_facts: true
+  become: true
+
+  roles:
+    - role: name-resolution
+    - role: linux-system-roles.network
+
+  vars_files:
+    - "{{ inventory_dir }}/vars/vault.yaml"
+
+  vars:
+    local_domain: home.arpa # https://www.rfc-editor.org/rfc/rfc8375.html
+
+    dhcp_cidr: 10.0.0.0
+    dhcp_netmask: 255.255.255.0
+    dhcp_range_start: 10.0.0.125
+    dhcp_range_end: 10.0.0.200
+    dhcp_default_gateway: 10.0.0.1
+    dhcp_secure_gateway: 10.0.0.2
+
+    dns_server_primary: 1.1.1.1
+    dns_server_secondary: 1.0.0.1
+
+    network_connections:
+      - name: enp3s0
+        type: ethernet
+        ip:
+          gateway4: "{{ dhcp_default_gateway }}"
+          address:
+            - "{{ dhcp_secure_gateway }}/24"
+          dns:
+            - "{{ dns_server_primary }}"
+            - "{{ dns_server_secondary }}"
+
+    reservations:
+      - type: default
+        name: gateway
+        mac: 00:e0:4c:68:01:ad # internal
+        ip: 10.0.0.2
+
+      - type: default
+        name: netgearap
+        mac: 94:a6:7e:58:3a:9f
+        #mac: 10:da:43:8c:a3:13
+        ip: 10.0.0.3
+
+      - type: secured
+        name: nas
+        mac: fc:aa:14:86:9d:7b
+        ip: 10.0.0.4
+
+      - type: secured
+        name: kodilv
+        mac: 48:21:0b:3f:2a:ef
+        ip: 10.0.0.5
+    
+      - type: secured
+        name: kodimb
+        mac: e4:5f:01:4f:7c:74
+        ip: 10.0.0.6
+    
+      - type: secured
+        name: kodijb
+        mac: 00:23:24:ad:2f:72
+        ip: 10.0.0.7
+    
+      - type: default
+        name: tvheadend
+        mac: 10:bf:48:4e:08:85
+        ip: 10.0.0.8
+    
+      - type: secured
+        name: arm
+        mac: 10:bf:48:d4:d5:fc
+        ip: 10.0.0.9
+    
+      - type: devnull
+        name: ipcameras
+        mac: 9c:8e:cd:2e:51:9c
+        ip: 10.0.0.11
+    
+      - type: default
+        name: retropie
+        mac: b8:27:eb:42:71:dc
+        ip: 10.0.0.12
+    
+      - type: secured
+        name: kodiserver
+        mac: f4:4d:30:65:4d:1f
+        ip: 10.0.0.14
+    
+      - type: default
+        name: kitchen
+        mac: 60:f2:62:61:2d:71
+        ip: 10.0.0.15
+    
+      - type: default
+        name: x10
+        mac: b8:27:eb:7c:f3:ff
+        ip: 10.0.0.16
+    
+      - type: default
+        name: brother-print-server
+        mac: 80:1f:02:4a:cd:cf
+        ip: 10.0.0.17
+    
+      - type: default
+        name: dellxps
+        mac: f0:1f:af:36:0c:48
+        ip: 10.0.0.19
+    
+      - type: devnull
+        name: zoom
+        mac: 00:12:41:ba:5c:00
+        ip: 10.0.0.20
+    
+      # Ricky's Camera joystick manually set to 10.0.0.21
+    
+      # will set cameras to 10.0.0.30
+    
+      - type: default
+        name: nixos-laptop
+        mac: 28:d2:44:d8:7f:95
+        ip: 10.0.0.40
+    
+      # Ricky's new laptop wifi manually set to 10.0.0.41
+    
+      # Ricky's old laptop manually set to 10.0.0.42
+    
+      # Ricky's new laptop ethernet manually set to 10.0.0.43
+    
+      - type: cloudflare
+        name: blaine-work-laptop
+        mac: 08:3a:88:57:ab:fa
+        ip: 10.0.0.45
+    
+      - type: default
+        name: s7
+        mac: 8c:f5:a3:6a:55:f6
+        ip: 10.0.0.51
+    
+      - type: default
+        name: t440s-ethernet
+        mac: 68:f7:28:21:36:60
+        ip: 10.0.0.52
+    
+      - type: default
+        name: t440s-wifi
+        mac: a4:c4:94:df:2f:c3
+        ip: 10.0.0.53
+    
+      - type: default
+        name: blaine-iphone
+        mac: f0:a3:5a:95:b4:cd
+        ip: 10.0.0.54
+    
+      - type: default
+        name: xen-titanium
+        mac: f0:57:a6:87:50:23
+        ip: 10.0.0.55
+    
+        # rancher server
+      - type: default
+        name: rancher
+        mac: 6c:0b:84:e0:d2:a0
+        ip: 10.0.0.60
+    
+        # rancher master
+      - type: default
+        name: rke-m01
+        mac: 6c:0b:84:e1:9b:61
+        ip: 10.0.0.61
+    
+        # rancher worker1
+      - type: default
+        name: rke-w01
+        mac: 00:23:24:b4:d3:3b
+        ip: 10.0.0.62
+    
+        # rancher worker2
+      - type: default
+        name: rke-w02
+        mac: 00:23:24:c7:25:bf
+        ip: 10.0.0.63
+    
+        # rancher worker3
+      - type: default
+        name: rke-w03
+        mac: 00:23:24:c7:1d:fb
+        ip: 10.0.0.64
+    
+    
+    
+        # extra kodi box?
+      - type: default
+        name: unknown
+        mac: f8:e4:3b:bb:0c:c8
+        ip: 10.0.0.65
+    
+    
+    
+    
+      - type: cloudflare
+        name: julie-macbook
+        mac: b8:8d:12:36:f1:16
+        ip: 10.0.0.90
+    
+      # Ken is using 10.0.0.91
+    
+      - type: devnull
+        name: cameradvr
+        mac: 00:12:41:12:e5:22
+        ip: 10.0.0.158
+    
+      - type: devnull
+        name: backyard-camera
+        mac: 00:2a:2a:5c:06:9a
+        ip: 10.0.0.173
+    
+      - type: default
+        name: netgear-switch1
+        mac: cc:40:d0:4c:3a:b6
+        ip: 10.0.0.254
+    

roles/name-resolution/tasks/main.yml

@@ -86,9 +86,7 @@
     group: unbound
     mode: '0640'
   loop:
-    - server.home.conf
-    - home-lan.conf
-    - lan-name-resolution.conf
+    - local-domain.conf
     - plug-onion-addresses.conf
   notify:
     - Restart unbound
@@ -122,23 +120,3 @@
     owner: root
     group: root
     mode: '0644'
-
-- set_fact:
-    ethernet: "{{ (ansible_interfaces | reject('search', 'podman') | list | sort)[0] }}"
-  when:
-    - gateway_internal_interface is not defined
-
-- name: Configure static IP on {{ ethernet | default(gateway_internal_interface) }}
-  nmcli:
-    conn_name: "{{ ethernet | default(gateway_internal_interface) }}"
-    ifname: "{{ ethernet | default(gateway_internal_interface) }}"
-    type: ethernet
-    state: present
-    ip4: "{{ gateway_server_ip }}/24"
-    gw4: "{{ actual_gateway_ip }}"
-    mtu: 1500
-    dns4:
-      - "{{ dns_primary }}"
-      - "{{ dns_secondary }}"
-  notify:
-    - Restart NetworkManager

roles/name-resolution/templates/dhcpd/dhcpd.conf.j2

@@ -17,9 +17,10 @@ option ms-classless-static-routes 24, 192, 168, 1, 10, 0, 0, 8, 0, 10, 0, 0, 1;
 
 subnet {{ dhcp_cidr }} netmask {{ dhcp_netmask }} {
 
-  option routers {{ dhcp_routers }};
+  option routers {{ dhcp_default_gateway }};
 
-  option domain-name-servers {{ gateway_server_ip }}, {{ dns_primary }}, {{ dns_secondary }};
+  option domain-name-servers {{ dhcp_secure_gateway }}, {{ dns_primary }}, {{ dns_secondary }};
+  option domain-name "home.arpa";
 
   ## WINS info for Windows capability
   #option netbios-name-servers 10.0.0.4;
@@ -29,7 +30,7 @@ subnet {{ dhcp_cidr }} netmask {{ dhcp_netmask }} {
   range {{ dhcp_range_start }} {{ dhcp_range_end }};
 
   class "secured" {
-    option routers {{ gateway_server_ip }};
+    option routers {{ dhcp_secure_gateway }};
 
     # 192.168.1.0/24 thru 10.0.0.8, 10.0.0.2 as default route
     #option rfc3442-classless-static-routes 24, 192, 168, 1, 10, 0, 0, 8, 0, 10, 0, 0, 2;

roles/name-resolution/templates/hosts.j2

@@ -3,6 +3,6 @@
 
 # BEGIN ANSIBLE MANAGED BLOCK
 {% for node in reservations %}
-{{ node.ip }}	{{ node.name }}	{{ node.name }}.home	{{ node.name }}.home.lan
+{{ node.ip }}	{{ node.name }}	{{ node.name }}.{{ local_domain|split('.')|first}}	{{ node.name }}.{{ local_domain }}
 {% endfor %}
 # END ANSIBLE MANAGED BLOCK

roles/name-resolution/templates/unbound/home-lan.conf.j2

@@ -1,9 +0,0 @@
-# {{ ansible_managed }}
-
-local-data: "home.lan A 10.0.0.4"
-local-data-ptr: "10.0.0.4 home.lan"
-
-{% for node in reservations %}
-local-data: "{{ node.name }}.home.lan A {{ node.ip }}"
-local-data-ptr: "{{ node.ip }} {{ node.name }}.home.lan"
-{% endfor %}

roles/name-resolution/templates/unbound/local-domain.conf.j2

@@ -0,0 +1,12 @@
+# {{ ansible_managed }}
+
+{% for node in reservations %}
+local-zone: "{{ node.name }}.{{ local_domain }}" redirect
+local-data: "{{ node.name }}.{{ local_domain }} 86400 IN A {{ node.ip }}"
+local-data-ptr: "{{ node.ip }} {{ node.name}}.{{ local_domain }}"
+{% endfor %}
+
+#{% for node in reservations %}
+#local-data: "{{ node.name }}.home.arpa A {{ node.ip }}"
+#local-data-ptr: "{{ node.ip }} {{ node.name }}.home.arpa"
+#{% endfor %}