fix owner references

suhancz · Oct 28, 2023 · 8940699 · 8940699
1 parent 6dcc406
commit 8940699
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 22 deletions.
diff --git a/tasks/configure_dyndns_subdomain.yml b/tasks/configure_dyndns_subdomain.yml
@@ -7,7 +7,7 @@
   vars:
     record:
       zone: "{% if dyndns_item | length > 0 %}dyndns.{% endif %}{{ mailserver_domain }}"
-      name: "{{ dyndns_item }}"
+      name: "{{ wg_configs[dyndns_item]['owner'] }}"
       ttl: "3600"
       type: NS
       content: "ns.{{ mailserver_domain }}"
@@ -21,7 +21,7 @@
       ansible.builtin.import_tasks: add_dns_record.yml
       vars:
         record:
-          zone: "{% if dyndns_item | length > 0 %}{{ dyndns_item }}.{% endif %}dyndns.{{ mailserver_domain }}"
+          zone: "{% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['owner'] }}.{% endif %}dyndns.{{ mailserver_domain }}"
           name: "@"
           ttl: "3600"
           type: A
@@ -33,7 +33,7 @@
       ansible.builtin.import_tasks: add_dns_record.yml
       vars:
         record:
-          zone: "{% if dyndns_item | length > 0 %}{{ dyndns_item }}.{% endif %}dyndns.{{ mailserver_domain }}"
+          zone: "{% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['owner'] }}.{% endif %}dyndns.{{ mailserver_domain }}"
           name: "@"
           ttl: "3600"
           type: AAAA
@@ -45,7 +45,7 @@
   ansible.builtin.include_tasks: add_dns_record.yml
   vars:
     record:
-      zone: "{% if dyndns_item | length > 0 %}{{ dyndns_item }}.{% endif %}dyndns.{{ mailserver_domain }}"
+      zone: "{% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['owner'] }}.{% endif %}dyndns.{{ mailserver_domain }}"
       name: "{{ dyndns_item }}"
       ttl: "3600"
       type: A
@@ -59,7 +59,7 @@
   ansible.builtin.include_tasks: add_dns_record.yml
   vars:
     record:
-      zone: "{% if dyndns_item | length > 0 %}{{ dyndns_item }}.{% endif %}dyndns.{{ mailserver_domain }}"
+      zone: "{% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['owner'] }}.{% endif %}dyndns.{{ mailserver_domain }}"
       name: "{{ dyndns_item }}"
       ttl: "3600"
       type: AAAA
@@ -72,8 +72,8 @@
     - poweradmin
   ansible.builtin.lineinfile:
     path: /etc/pdns-recursor/recursor.conf
-    line: "forward-zones+={% if dyndns_item | length > 0 %}{{ dyndns_item }}.{% endif %}dyndns.{{ mailserver_domain }}=127.0.0.1:5300"
-    regex: "^forward-zones+={% if dyndns_item | length > 0 %}{{ dyndns_item }}.{% endif %}dyndns.{{ mailserver_domain }}="
+    line: "forward-zones+={% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['owner'] }}.{% endif %}dyndns.{{ mailserver_domain }}=127.0.0.1:5300"
+    regex: "^forward-zones+={% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['owner'] }}.{% endif %}dyndns.{{ mailserver_domain }}="
     state: present
     backup: yes
   no_log: yes

diff --git a/tasks/dyndns.yml b/tasks/dyndns.yml
@@ -78,33 +78,36 @@
   tags:
     - dyndns
     - poweradmin
-  loop: "{{ '' + [wg_configs.keys()] }}"
-  loop_control:
-    loop_var: dyndns_item
   block:
     - name: Fill PowerDNS DB with DynDNS data using Blowfish 2y ident
+      when: 'public_dns == "yes"'
+      loop: "{{ [''] + [wg_configs.keys()] }}"
+      loop_control:
+        loop_var: dyndns_item
+      notify: Warn on passwords
       community.mysql.mysql_query:
         login_db: powerdnsdb
         login_user: '{{ mailserver_admin_user }}@{{ mailserver_domain }}'
         login_password: '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}'
         query:
-          - REPLACE INTO `users` (`username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES ('{% if dyndns_item | length > 0 %}{{ dyndns_item.owner }}{% else %}dyndns{% endif %}', '{% for user in users %}{% if user.name == dyndns_item.owner %}{{ user.password | password_hash("blowfish") }}{% endif %}{% endfor %}{% else %}{% if user.name == mailserver_admin_user %}{{ user.password | password_hash("blowfish") }}{% endif %}{% endfor %}{% endif %}', 'Dynamic DNS for user {{ dyndns_item.owner | default("dyndns") }}', '{{ dyndns_item.owner | default("dyndns") }}@{{ mailserver_domain }}', 'DNS updates for user {{ dyndns_item.owner | default("dyndns") }}', 2, 1, 0)
-          - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zone_templ_id`) SELECT 1, domains.id, users.id, '', 0 FROM domains, users WHERE domains.name = '{% if dyndns_item | length > 0 %}{{ dyndns_item }}.{% endif %}dyndns.{{ mailserver_domain }}' and users.username = '{% if dyndns_item | length > 0 %}{{ dyndns_item.owner }}{% else %}dyndns{% endif %}'"
+          - REPLACE INTO `users` (`username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES ('{% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['owner'] }}{% else %}dyndns{% endif %}', '{% for user in users %}{% if user.name == wg_configs[dyndns_item]['owner'] %}{{ user.password | password_hash("blowfish") }}{% endif %}{% endfor %}{% else %}{% if user.name == mailserver_admin_user %}{{ user.password | password_hash("blowfish") }}{% endif %}{% endfor %}{% endif %}', 'Dynamic DNS for user {{ wg_configs[dyndns_item]['owner'] | default("dyndns") }}', '{{ wg_configs[dyndns_item]['owner'] | default("dyndns") }}@{{ mailserver_domain }}', 'DNS updates for user {{ wg_configs[dyndns_item]['owner'] | default("dyndns") }}', 2, 1, 0)
+          - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zone_templ_id`) SELECT 1, domains.id, users.id, '', 0 FROM domains, users WHERE domains.name = '{% if dyndns_item | length > 0 %}{{ dyndns_item }}.{% endif %}dyndns.{{ mailserver_domain }}' and users.username = '{% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['owner'] }}{% else %}dyndns{% endif %}'"
       no_log: yes
-      when: 'public_dns == "yes"'
-      notify: Warn on passwords
   rescue:
     - name: Fill PowerDNS DB with DynDNS data replacing Blowfish 2b ident with 2y
+      when: 'public_dns == "yes"'
+      loop: "{{ [''] + [wg_configs.keys()] }}"
+      loop_control:
+        loop_var: dyndns_item
+      notify: Warn on passwords
       mysql_query:
         login_db: powerdnsdb
         login_user: '{{ mailserver_admin_user }}@{{ mailserver_domain }}'
         login_password: '{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}'
         query:
-          - REPLACE INTO `users` (`username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES ('{% if dyndns_item | length > 0 %}{{ dyndns_item.owner }}{% else %}dyndns{% endif %}', '{% for user in users %}{% if user.name == dyndns_item.owner %}{{ user.password | password_hash("blowfish") | replace("$2b$", "$2y$") }}{% endif %}{% endfor %}{% else %}{% if user.name == mailserver_admin_user %}{{ user.password | password_hash("blowfish") | replace("$2b$", "$2y$") }}{% endif %}{% endfor %}{% endif %}', 'Dynamic DNS for user {{ dyndns_item.owner | default("dyndns") }}', '{{ dyndns_item.owner | default("dyndns") }}@{{ mailserver_domain }}', 'DNS updates for user {{ dyndns_item.owner | default("dyndns") }}', 2, 1, 0)
-          - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zone_templ_id`) SELECT 1, domains.id, users.id, '', 0 FROM domains, users WHERE domains.name = '{% if dyndns_item | length > 0 %}{{ dyndns_item }}.{% endif %}dyndns.{{ mailserver_domain }}' and users.username = '{% if dyndns_item | length > 0 %}{{ dyndns_item.owner }}{% else %}dyndns{% endif %}'"
+          - REPLACE INTO `users` (`username`, `password`, `fullname`, `email`, `description`, `perm_templ`, `active`, `use_ldap`) VALUES ('{% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['owner'] }}{% else %}dyndns{% endif %}', '{% for user in users %}{% if user.name == wg_configs[dyndns_item]['owner'] %}{{ user.password | password_hash("blowfish") | replace("$2b$", "$2y$") }}{% endif %}{% endfor %}{% else %}{% if user.name == mailserver_admin_user %}{{ user.password | password_hash("blowfish") | replace("$2b$", "$2y$") }}{% endif %}{% endfor %}{% endif %}', 'Dynamic DNS for user {{ wg_configs[dyndns_item]['owner'] | default("dyndns") }}', '{{ wg_configs[dyndns_item]['owner'] | default("dyndns") }}@{{ mailserver_domain }}', 'DNS updates for user {{ wg_configs[dyndns_item]['owner'] | default("dyndns") }}', 2, 1, 0)
+          - "REPLACE INTO `zones` (`id`, `domain_id`, `owner`, `comment`, `zone_templ_id`) SELECT 1, domains.id, users.id, '', 0 FROM domains, users WHERE domains.name = '{% if dyndns_item | length > 0 %}{{ dyndns_item }}.{% endif %}dyndns.{{ mailserver_domain }}' and users.username = '{% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['owner'] }}{% else %}dyndns{% endif %}'"
       no_log: yes
-      when: 'public_dns == "yes"'
-      notify: Warn on passwords
 - name: Generate BASH DynDNS clients
   tags:
     - dyndns

diff --git a/templates/dyndns/dynamic_dns_client.py.j2 b/templates/dyndns/dynamic_dns_client.py.j2
@@ -6,8 +6,8 @@ from unittest.mock import patch
 from requests.auth import HTTPBasicAuth
 
 # change these values if not given by arguments to the script
-login = "{{ dyndns_item.owner | default('dyndns') }}"
-password = "{% if dyndns_item.owner is defined %}{% for user in users %}{% if user.name == dyndns_item.owner %}{{ user.password }}{% endif %}{% endfor %}{% else %}{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}{% endif %}"
+login = "{{ wg_configs[dyndns_item]['owner'] | default('dyndns') }}"
+password = "{% if wg_configs[dyndns_item]['owner'] is defined %}{% for user in users %}{% if user.name == wg_configs[dyndns_item]['owner'] %}{{ user.password }}{% endif %}{% endfor %}{% else %}{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}{% endif %}"
 dyndns = socket.gethostname().split('.', 1)[0].lower() + ".dyndns.{{ mailserver_domain }}"
 dyndns_server = 'https://dyndns.{{ mailserver_domain }}'
 ip_lookup_url = 'https://clientip.{{ mailserver_domain }}'

diff --git a/templates/dyndns/dynamic_dns_client.sh.j2 b/templates/dyndns/dynamic_dns_client.sh.j2
@@ -1,8 +1,8 @@
 #!/usr/bin/env bash
 client_ip4="$(/usr/bin/curl -L -4 https://clientip.{{ mailserver_domain }})"
 client_ip6="$(/usr/bin/curl -L -6 https://clientip.{{ mailserver_domain }})"
-username="{{ dyndns_item.owner | default('dyndns') }}"
-password="{% if dyndns_item.owner is defined %}{% for user in users %}{% if user.name == dyndns_item.owner %}{{ user.password }}{% endif %}{% endfor %}{% else %}{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}{% endif %}"
+username="{{ wg_configs[dyndns_item]['owner'] | default('dyndns') }}"
+password="{% if wg_configs[dyndns_item]['owner'] is defined %}{% for user in users %}{% if user.name == wg_configs[dyndns_item]['owner'] %}{{ user.password }}{% endif %}{% endfor %}{% else %}{% for user in users %}{% if user.name == mailserver_admin_user %}{{ user.password }}{% endif %}{% endfor %}{% endif %}"
 mixed_hostname="$(/bin/hostname -s)"
 target_hostname="${mixed_hostname,,}"
 /usr/bin/curl -L -u ${username}:${password} "https://dyndns.{{ mailserver_domain }}/?hostname=${target_hostname}.dyndns.{{ mailserver_domain }}&verbose=true&myip=${client_ip4}"