daniel/ansible-bind9-role
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: Update templates to use dynamic ordering and add deprecation warnings

Browse Source
This commit is contained in:
Daniel Akulenok
2025-12-07 20:15:54 +01:00
parent 26c6e7844d
commit b5a9e97712
2 changed files with 215 additions and 517 deletions
Download Patch File Download Diff File Expand all files Collapse all files

199
templates/named.conf.zone.j2
View File

@@ -2,29 +2,20 @@
zone "{{ zone.name }}" {
{% filter indent(bind9_config_indent, true) %}
# Zone {{ zone.name }} type {{ zone.type }}
{# Most critical/defining statements first #}
{{ ('type ' + zone.type | string+';\n') if zone.type is defined and zone.type -}}
{{ ('file "' + zone.file | string+'";\n') if zone.file is defined and zone.file -}}
{{ ('forward ' + zone.forward | string+';\n') if zone.forward is defined and zone.forward -}}
{{ ('journal "' + zone.journal | string+'";\n') if zone.journal is defined and zone.journal -}}
{{ ('key-directory "' + zone.key_directory | string+'";\n') if zone.key_directory is defined and zone.key_directory -}}
{# boolean_or_string options #}
{{ ('dialup ' + functions.boolean_or_string(zone.dialup) + ';\n') if zone.dialup is defined -}}
{{ ('notify ' + functions.boolean_or_string(zone.notify) + ';\n') if zone.notify is defined -}}
{{ ('zone-statistics ' + functions.boolean_or_string(zone.zone_statistics) + ';\n') if zone.zone_statistics is defined -}}
{# upstream_servers options #}
{{ functions.parent_address_key_tls('also-notify', zone.also_notify) if zone.also_notify is defined and zone.also_notify -}}
{{ functions.parent_address_key_tls('primaries', zone.primaries) if zone.primaries is defined and zone.primaries -}}
{{ functions.parent_address_key_tls('parental-agents', zone.parental_agents) if zone.parental_agents is defined and zone.parental_agents -}}
{# Unicorn Options#}
{% if zone.update_policy is defined and zone.update_policy %}
{% if zone.update_policy == 'local' %}
{% for key, value in zone.items() %}
{% set conf_key = key | replace('_', '-') %}
{% if key == 'name' %}
{# Skip name as it is in the zone header #}
{# --- COMPLEX BLOCKS --- #}
{% elif key == 'update_policy' %}
{% if value == 'local' %}
update-policy local;
{% else %}
update-policy {
{% filter indent(bind9_config_indent, true) %}
{% for policy in zone.update_policy %}
{% for policy in value %}
{{ policy.permission -}}
{{ ' ' + policy.identity -}}
{{ ' ' + policy.ruletype -}}
@@ -33,127 +24,61 @@ update-policy {
{% endfor %}
{% endfilter %}};
{% endif %}
{% endif %}
{% if zone.sig_validity_interval is defined and zone.sig_validity_interval %}
{% elif key == 'sig_validity_interval' %}
sig-validity-interval
{{- (' ' + zone.sig_validity_interval.upper | string) }}
{{- (' ' + zone.sig_validity_interval.lower | string) if zone.sig_validity_interval.lower is defined and zone.sig_validity_interval.lower -}};
{% endif %}
{% if zone.server_names is defined and zone.server_names %}
server-names {
{{ functions.simple_item_list(zone.server_names) }}};
{% endif %}
{% if zone.server_addresses is defined and zone.server_addresses %}
server-addresses {
{{ functions.simple_item_list(zone.server_addresses) }}};
{% endif %}
{{ functions.parent_address_port_dscp('forwarders', zone.forwarders) if zone.forwarders is defined and zone.forwarders -}}
{% if zone.allow_transfer is defined and zone.allow_transfer is not string %}
{{- (' ' + value.upper | string) }}
{{- (' ' + value.lower | string) if value.lower is defined and value.lower -}};
{% elif key in ['server_names', 'server_addresses'] %}
{{ conf_key }} {
{{ functions.simple_item_list(value) }}};
{% elif key in ['also_notify', 'primaries', 'parental_agents'] %}
{{ functions.parent_address_key_tls(conf_key, value) -}}
{% elif key == 'forwarders' %}
{{ functions.parent_address_port_dscp('forwarders', value) -}}
{% elif key == 'allow_transfer' and value is not string and value is mapping %}
allow-transfer
{{- (' port ' + zone.allow_transfer.port | string) if zone.allow_transfer.port is defined and zone.allow_transfer.port -}}
{{- (' transport ' + zone.allow_transfer.transport) if zone.allow_transfer.transport is defined and zone.allow_transfer.transport }} {
{{ functions.simple_item_list(zone.allow_transfer.addresses) }}};
{{- (' port ' + value.port | string) if value.port is defined and value.port -}}
{{- (' transport ' + value.transport) if value.transport is defined and value.transport }} {
{{ functions.simple_item_list(value.addresses) }}};
{% elif key in ['transfer_source', 'transfer_source_v6', 'alt_transfer_source', 'alt_transfer_source_v6', 'notify_source', 'notify_source_v6', 'parental_source', 'parental_source_v6'] %}
{{ conf_key }} {{ value.address -}}
{{- (' port ' + value.port | string) if value.port is defined and value.port -}}
{{- (' dscp ' + value.dscp | string) if value.dscp is defined and value.dscp }};
{# --- SIMPLE LISTS --- #}
{% elif key in ['allow_notify', 'allow_query', 'allow_query_on', 'allow_update', 'allow_update_forwarding'] %}
{{ conf_key }} {
{{ functions.simple_item_list(value) }}};
{# --- BOOLEANS --- #}
{% elif key in ['check_integrity', 'check_sibling', 'check_wildcard', 'delegation_only', 'dnssec_dnskey_kskonly', 'dnssec_secure_to_insecure', 'inline_signing', 'ixfr_from_differences', 'multi_master', 'notify_to_soa', 'request_expire', 'request_ixfr', 'try_tcp_refresh', 'update_check_ksk', 'use_alt_transfer_source', 'zero_no_soa_ttl'] %}
{{ (functions.boolean_option(conf_key, value)) }}
{# --- BOOLEAN OR STRING --- #}
{% elif key in ['dialup', 'notify', 'zone_statistics'] %}
{{ conf_key }} {{ functions.boolean_or_string(value) }};
{# --- QUOTED STRINGS --- #}
{% elif key in ['file', 'journal', 'key_directory'] %}
{{ conf_key }} "{{ value }}";
{# --- DEPRECATED --- #}
{% elif key == 'auto_dnssec' %}
/* WARN: auto-dnssec is removed in BIND 9.20 */
{{ conf_key }} {{ value }};
{# --- FALLTHROUGH --- #}
{% else %}
{# Strict mode: Ignore unknown keys #}
{% endif %}
{# simple_list options #}
{{ ('allow-notify {\n' + functions.simple_item_list(zone.allow_notify) + '};\n') if zone.allow_notify is defined and zone.allow_notify -}}
{{ ('allow-query {\n' + functions.simple_item_list(zone.allow_query) + '};\n') if zone.allow_query is defined and zone.allow_query -}}
{{ ('allow-query-on {\n' + functions.simple_item_list(zone.allow_query_on) + '};\n') if zone.allow_query_on is defined and zone.allow_query_on -}}
{{ ('allow-update {\n' + functions.simple_item_list(zone.allow_update) + '};\n') if zone.allow_update is defined and zone.allow_update -}}
{{ ('allow-update-forwarding {\n' + functions.simple_item_list(zone.allow_update_forwarding) + '};\n') if zone.allow_update_forwarding is defined and zone.allow_update_forwarding -}}
{# ip_port_dscp options#}
{% if zone.transfer_source is defined and zone.transfer_source is mapping %}
transfer-source {{ zone.transfer_source.address -}}
{{- (' port ' + zone.transfer_source.port | string) if zone.transfer_source.port is defined and zone.transfer_source.port -}}
{{- (' dscp ' + zone.transfer_source.dscp | string) if zone.transfer_source.dscp is defined and zone.transfer_source.dscp }};
{% endif %}
{% if zone.transfer_source_v6 is defined and zone.transfer_source_v6 is mapping %}
transfer-source-v6 {{ zone.transfer_source_v6.address -}}
{{- (' port ' + zone.transfer_source_v6.port | string) if zone.transfer_source_v6.port is defined and zone.transfer_source_v6.port -}}
{{- (' dscp ' + zone.transfer_source_v6.dscp | string) if zone.transfer_source_v6.dscp is defined and zone.transfer_source_v6.dscp }};
{% endif %}
{% if zone.alt_transfer_source is defined and zone.alt_transfer_source is mapping %}
alt-transfer-source {{ zone.alt_transfer_source.address -}}
{{- (' port ' + zone.alt_transfer_source.port | string) if zone.alt_transfer_source.port is defined and zone.alt_transfer_source.port -}}
{{- (' dscp ' + zone.alt_transfer_source.dscp | string) if zone.alt_transfer_source.dscp is defined and zone.alt_transfer_source.dscp }};
{% endif %}
{% if zone.alt_transfer_source_v6 is defined and zone.alt_transfer_source_v6 is mapping %}
alt-transfer-source-v6 {{ zone.alt_transfer_source_v6.address -}}
{{- (' port ' + zone.alt_transfer_source_v6.port | string) if zone.alt_transfer_source_v6.port is defined and zone.alt_transfer_source_v6.port -}}
{{- (' dscp ' + zone.alt_transfer_source_v6.dscp | string) if zone.alt_transfer_source_v6.dscp is defined and zone.alt_transfer_source_v6.dscp }};
{% endif %}
{% if zone.notify_source is defined and zone.notify_source is mapping %}
notify-source {{ zone.notify_source.address -}}
{{- (' port ' + zone.notify_source.port | string) if zone.notify_source.port is defined and zone.notify_source.port -}}
{{- (' dscp ' + zone.notify_source.dscp | string) if zone.notify_source.dscp is defined and zone.notify_source.dscp }};
{% endif %}
{% if zone.notify_source_v6 is defined and zone.notify_source_v6 is mapping %}
notify-source-v6 {{ zone.notify_source_v6.address -}}
{{- (' port ' + zone.notify_source_v6.port | string) if zone.notify_source_v6.port is defined and zone.notify_source_v6.port -}}
{{- (' dscp ' + zone.notify_source_v6.dscp | string) if zone.notify_source_v6.dscp is defined and zone.notify_source_v6.dscp }};
{% endif %}
{% if zone.parental_source is defined and zone.parental_source is mapping %}
parental-source {{ zone.parental_source.address -}}
{{- (' port ' + zone.parental_source.port | string) if zone.parental_source.port is defined and zone.parental_source.port -}}
{{- (' dscp ' + zone.parental_source.dscp | string) if zone.parental_source.dscp is defined and zone.parental_source.dscp }};
{% endif %}
{% if zone.parental_source_v6 is defined and zone.parental_source_v6 is mapping %}
parental-source-v6 {{ zone.parental_source_v6.address -}}
{{- (' port ' + zone.parental_source_v6.port | string) if zone.parental_source_v6.port is defined and zone.parental_source_v6.port -}}
{{- (' dscp ' + zone.parental_source_v6.dscp | string) if zone.parental_source_v6.dscp is defined and zone.parental_source_v6.dscp }};
{% endif %}
{# integer options #}
{{ ('dnskey-sig-validity ' + zone.dnskey_sig_validity | string+';\n') if zone.dnskey_sig_validity is defined and zone.dnskey_sig_validity -}}
{{ ('dnssec-loadkeys-interval ' + zone.dnssec_loadkeys_interval | string+';\n') if zone.dnssec_loadkeys_interval is defined and zone.dnssec_loadkeys_interval -}}
{{ ('max-records ' + zone.max_records | string+';\n') if zone.max_records is defined and zone.max_records -}}
{{ ('max-refresh-time ' + zone.max_refresh_time | string+';\n') if zone.max_refresh_time is defined and zone.max_refresh_time -}}
{{ ('max-retry-time ' + zone.max_retry_time | string+';\n') if zone.max_retry_time is defined and zone.max_retry_time -}}
{{ ('max-transfer-idle-in ' + zone.max_transfer_idle_in | string+';\n') if zone.max_transfer_idle_in is defined and zone.max_transfer_idle_in -}}
{{ ('max-transfer-idle-out ' + zone.max_transfer_idle_out | string+';\n') if zone.max_transfer_idle_out is defined and zone.max_transfer_idle_out -}}
{{ ('max-transfer-time-in ' + zone.max_transfer_time_in | string+';\n') if zone.max_transfer_time_in is defined and zone.max_transfer_time_in -}}
{{ ('max-transfer-time-out ' + zone.max_transfer_time_out | string+';\n') if zone.max_transfer_time_out is defined and zone.max_transfer_time_out -}}
{{ ('min-refresh-time ' + zone.min_refresh_time | string+';\n') if zone.min_refresh_time is defined and zone.min_refresh_time -}}
{{ ('min-retry-time ' + zone.min_retry_time | string+';\n') if zone.min_retry_time is defined and zone.min_retry_time -}}
{{ ('notify-delay ' + zone.notify_delay | string+';\n') if zone.notify_delay is defined and zone.notify_delay -}}
{{ ('sig-signing-nodes ' + zone.sig_signing_nodes | string+';\n') if zone.sig_signing_nodes is defined and zone.sig_signing_nodes -}}
{{ ('sig-signing-signatures ' + zone.sig_signing_signatures | string+';\n') if zone.sig_signing_signatures is defined and zone.sig_signing_signatures -}}
{{ ('sig-signing-type ' + zone.sig_signing_type | string+';\n') if zone.sig_signing_type is defined and zone.sig_signing_type -}}
{# boolean options #}
{{ (functions.boolean_option('check-integrity', zone.check_integrity) + '\n') if zone.check_integrity is defined -}}
{{ (functions.boolean_option('check-sibling', zone.check_sibling) + '\n') if zone.check_sibling is defined -}}
{{ (functions.boolean_option('check-wildcard', zone.check_wildcard) + '\n') if zone.check_wildcard is defined -}}
{{ (functions.boolean_option('delegation-only', zone.delegation_only) + '\n') if zone.delegation_only is defined -}}
{{ (functions.boolean_option('dnssec-dnskey-kskonly', zone.dnssec_dnskey_kskonly) + '\n') if zone.dnssec_dnskey_kskonly is defined -}}
{{ (functions.boolean_option('dnssec-secure-to-insecure', zone.dnssec_secure_to_insecure) + '\n') if zone.dnssec_secure_to_insecure is defined -}}
{{ (functions.boolean_option('inline-signing', zone.inline_signing) + '\n') if zone.inline_signing is defined -}}
{{ (functions.boolean_option('ixfr-from-differences', zone.ixfr_from_differences) + '\n') if zone.ixfr_from_differences is defined -}}
{{ (functions.boolean_option('multi-master', zone.multi_master) + '\n') if zone.multi_master is defined -}}
{{ (functions.boolean_option('notify-to-soa', zone.notify_to_soa) + '\n') if zone.notify_to_soa is defined -}}
{{ (functions.boolean_option('request-expire', zone.request_expire) + '\n') if zone.request_expire is defined -}}
{{ (functions.boolean_option('request-ixfr', zone.request_ixfr) + '\n') if zone.request_ixfr is defined -}}
{{ (functions.boolean_option('try-tcp-refresh', zone.try_tcp_refresh) + '\n') if zone.try_tcp_refresh is defined -}}
{{ (functions.boolean_option('update-check-ksk', zone.update_check_ksk) + '\n') if zone.update_check_ksk is defined -}}
{{ (functions.boolean_option('use-alt-transfer-source', zone.use_alt_transfer_source) + '\n') if zone.use_alt_transfer_source is defined -}}
{{ (functions.boolean_option('zero-no-soa-ttl', zone.zero_no_soa_ttl) + '\n') if zone.zero_no_soa_ttl is defined -}}
{# multiple_choice options #}
{{ ('auto-dnssec ' + zone.auto_dnssec | string+';\n') if zone.auto_dnssec is defined and zone.auto_dnssec -}}
{{ ('check-dup-records ' + zone.check_dup_records | string+';\n') if zone.check_dup_records is defined and zone.check_dup_records -}}
{{ ('check-mx-cname ' + zone.check_mx_cname | string+';\n') if zone.check_mx_cname is defined and zone.check_mx_cname -}}
{{ ('check-mx ' + zone.check_mx | string+';\n') if zone.check_mx is defined and zone.check_mx -}}
{{ ('check-names ' + zone.check_names | string+';\n') if zone.check_names is defined and zone.check_names -}}
{{ ('check-spf ' + zone.check_spf | string+';\n') if zone.check_spf is defined and zone.check_spf -}}
{{ ('check-srv-cname ' + zone.check_srv_cname | string+';\n') if zone.check_srv_cname is defined and zone.check_srv_cname -}}
{{ ('dnssec-update-mode ' + zone.dnssec_update_mode | string+';\n') if zone.dnssec_update_mode is defined and zone.dnssec_update_mode -}}
{{ ('masterfile-format ' + zone.masterfile_format | string+';\n') if zone.masterfile_format is defined and zone.masterfile_format -}}
{{ ('masterfile-style ' + zone.masterfile_style | string+';\n') if zone.masterfile_style is defined and zone.masterfile_style -}}
{{ ('max-ixfr-ratio ' + zone.max_ixfr_ratio | string+';\n') if zone.max_ixfr_ratio is defined and zone.max_ixfr_ratio -}}
{{ ('max-journal-size ' + zone.max_journal_size | string+';\n') if zone.max_journal_size is defined and zone.max_journal_size -}}
{{ ('max-zone-ttl ' + zone.max_zone_ttl | string+';\n') if zone.max_zone_ttl is defined and zone.max_zone_ttl -}}
{{ ('serial-update-method ' + zone.serial_update_method | string+';\n') if zone.serial_update_method is defined and zone.serial_update_method -}}
{# string options #}
{{ ('database ' + zone.database | string+';\n') if zone.database is defined and zone.database -}}
{{ ('dlz ' + zone.dlz | string+';\n') if zone.dlz is defined and zone.dlz -}}
{{ ('dnssec-policy ' + zone.dnssec_policy | string+';\n') if zone.dnssec_policy is defined and zone.dnssec_policy -}}
{{ ('in-view ' + zone.in_view | string+';\n') if zone.in_view is defined and zone.in_view -}}
{% endfor %}
{% endfilter %}
};
{% endfor %}