bundles/powerdns/files/bind.conf

@@ -0,0 +1,2 @@
+launch+=bind
+bind-config=/etc/powerdns/named.conf

bundles/powerdns/files/named.conf

@@ -0,0 +1,6 @@
+% for zone in sorted(zones):
+zone "${zone}" {
+  file "/var/lib/powerdns/zones/${zone}";
+  type native;
+};
+% endfor

bundles/powerdns/files/pdns.conf

@@ -1,3 +1,16 @@
-launch=bind,psql
+launch=
-
 include-dir=/etc/powerdns/pdns.d
+
+api=yes
+api-key=${api_key}
+webserver=yes
+
+disable-syslog=yes
+log-timestamp=no
+
+max-tcp-connections=500
+max-tcp-connections-per-client=10
+
+security-poll-suffix=
+
+server-id=${node.name}

bundles/powerdns/items.py

@@ -1,13 +1,103 @@
+from datetime import datetime
+from os import listdir
+from os.path import isfile, join
+from subprocess import check_output
+
+zone_path = join(repo.path, 'data', 'powerdns', 'files', 'bind-zones')
+
+ZONE_HEADER = """
+;      _    ____ _   _ _____ _   _ _   _  ____
+;     / \\  / ___| | | |_   _| | | | \\ | |/ ___|
+;    / _ \\| |   | |_| | | | | | | |  \\| | |  _
+;   / ___ \\ |___|  _  | | | | |_| | |\\  | |_| |
+;  /_/   \\_\\____|_| |_| |_|  \\___/|_| \\_|\\____|
+;
+; --> Diese Datei wird von BundleWrap verwaltet! <--
+
+$TTL 60
+@       IN  SOA ns-1.kunbox.net.    hostmaster.kunbox.net. (
+        {serial}
+        3600
+        3600
+        86400
+        300
+        )
+@       IN  NS  bind01.gce.kunbox.net.
+        IN  NS  b.ns14.net.
+        IN  NS  c.ns14.net.
+        IN  NS  d.ns14.net.
+"""
+
+default_attributes = {
+    'needs': {
+        'pkg_apt:pdns-server',
+        'pkg_apt:pdns-backend-bind',
+        'pkg_apt:pdns-backend-pgsql',
+    },
+    'triggers': {
+        'svc_systemd:pdns:restart',
+    },
+}
+
 directories = {
     '/etc/powerdns/pdns.d': {
         'purge': True,
+        **default_attributes,
     },
+    '/var/lib/powerdns/zones': {
+        'purge': True,
+        **default_attributes
+    }
 }
 
 files = {
     '/etc/powerdns/pdns.conf': {
+        'content_type': 'mako',
+        'context': {
+            'api_key': node.metadata['powerdns']['api_key'],
+        },
+        **default_attributes,
+    },
+}
+
+svc_systemd = {
+    'pdns': {
         'needs': {
-            'pkg_apt:pdns-server',
+            'directory:',
+            'file:',
         },
     },
 }
+
+if node.metadata['powerdns'].get('features', {}).get('bind', False):
+    primary_zones = set()
+    for zone in listdir(zone_path):
+        if not isfile(join(zone_path, zone)) or zone.startswith(".") or zone.startswith("_"):
+            continue
+
+        try:
+            output = check_output(['git', 'log', '-1', '--pretty=%ci', join(zone_path, zone)]).decode('utf-8').strip()
+            serial = datetime.strptime(output, '%Y-%m-%d %H:%M:%S %z').strftime('%y%m%d%H%M')
+        except:
+            serial = datetime.now().strftime('%y%m%d0000')
+
+        primary_zones.add(zone)
+
+        files["/var/lib/powerdns/zones/{}".format(zone)] = {
+            'content_type': 'mako',
+            'context': {
+                'header': ZONE_HEADER.format(serial=serial),
+                'metadata_records': node.metadata.get('powerdns', {}).get('bind-zones', {}).get(zone, {}).get('records', []),
+            },
+            'source': 'bind-zones/{}'.format(zone),
+            **default_attributes
+        }
+
+    files['/etc/powerdns/pdns.d/bind.conf'] = default_attributes
+    files['/etc/powerdns/named.conf'] = {
+        'content_type': 'mako',
+        'context': {
+            'zones': primary_zones,
+        },
+        **default_attributes
+    }

bundles/powerdns/metadata.py

@@ -7,6 +7,9 @@ defaults = {
             'pdns-backend-pgsql': {},
         },
     },
+    'powerdns': {
+        'api_key': repo.vault.password_for('{} powerdns api'.format(node.name)),
+    },
     'postgresql': {
         'users': {
             'powerdns': {

groups/features.py

@@ -10,4 +10,11 @@ groups['dns'] = {
         'postgresql',
         'powerdns',
     },
+    'metadata': {
+        'powerdns': {
+            'features': {
+                'bind': True,
+            },
+        },
+    },
 }