Added key directroy customization

Closes #72

defaults/main.yml

@@ -137,4 +137,5 @@ bind9_log_categories:
 
 bind9_generate_ddns_key: true
 bind9_zonedir: /etc/bind/zones
+bind9_keydir: /etc/bind/keys
 bind9_local_keydir: files/bind/zones

tasks/main.yml

@@ -100,7 +100,7 @@
 
 - name: Create bind9 directory for keys
   ansible.builtin.file:
-    path: /etc/bind/keys
+    path: "{{ bind9_keydir }}"
     state: directory
     owner: "{{ bind9_user }}"
     group: "{{ bind9_group }}"
@@ -114,7 +114,7 @@
 - name: Copy over DDNS keys for zones with update_keyfile
   ansible.builtin.copy:
     src: bind/zones/{{ item.update_keyfile }}.key
-    dest: /etc/bind/keys/{{ item.update_keyfile }}.key
+    dest: "{{ bind9_keydir }}/{{ item.update_keyfile }}.key"
     owner: "{{ bind9_user }}"
     group: "{{ bind9_group }}"
     mode: "0644"
@@ -128,7 +128,7 @@
 - name: Copy over DDNS private keys for zones with update_keyfile
   ansible.builtin.copy:
     src: bind/zones/{{ item.update_keyfile }}.private
-    dest: /etc/bind/keys/{{ item.update_keyfile }}.private
+    dest: "{{ bind9_keydir }}/{{ item.update_keyfile }}.private"
     owner: "{{ bind9_user }}"
     group: "{{ bind9_group }}"
     mode: "0600"
@@ -142,7 +142,7 @@
 # TODO: DNSSEC: implement key rollover
 - name: Determine if DNSSEC keys for zones already exist
   ansible.builtin.find:
-    paths: /etc/bind/keys
+    paths: "{{ bind9_keydir }}"
     patterns: "K{{ item.name }}.+008+*"
   register: bind9_reg_dnssec_keys_tmp
   with_items:
@@ -162,7 +162,7 @@
 - name: Generate bind9 key signing keys for zones
   ansible.builtin.command: dnssec-keygen -a RSASHA256 -b 4096 -n ZONE -f KSK {{ item.item.name }}
   args:
-    chdir: /etc/bind/keys
+    chdir: "{{ bind9_keydir }}"
   register: bind9_reg_keygen_ksk
   changed_when: bind9_reg_keygen_ksk.rc != 0
   become: true
@@ -180,7 +180,7 @@
 - name: Generate bind9 zone signing keys for zones
   ansible.builtin.command: dnssec-keygen -a RSASHA256 -b 2048 -n ZONE {{ item.item.name }}
   args:
-    chdir: /etc/bind/keys
+    chdir: "{{ bind9_keydir }}"
   register: bind9_reg_keygen_zsk
   changed_when: bind9_reg_keygen_zsk.rc != 0
   become: true
@@ -196,7 +196,7 @@
     - role:bind9:dnssec
 
 - name: Read in key signing keys from key files (DNSKEY)
-  ansible.builtin.command: "grep 'IN DNSKEY' /etc/bind/keys/{{ item.stdout }}.key"
+  ansible.builtin.command: "grep 'IN DNSKEY' {{ bind9_keydir }}/{{ item.stdout }}.key"
   register: bind9_reg_ksk
   changed_when: false
   with_items: "{{ bind9_reg_keygen_ksk.results }}"
@@ -208,7 +208,7 @@
     - role:bind9:dnssec
 
 - name: Generate DS records from key signing keys
-  ansible.builtin.command: "dnssec-dsfromkey -2 /etc/bind/keys/{{ item.stdout }}.key"
+  ansible.builtin.command: "dnssec-dsfromkey -2 {{ bind9_keydir }}/{{ item.stdout }}.key"
   register: bind9_reg_ksk_ds
   changed_when: false
   with_items: "{{ bind9_reg_keygen_ksk.results }}"

templates/bind/named.conf.options.j2

@@ -51,7 +51,7 @@ options {
 {% if bind9_dnssec|default() %}
 
 	// Look here for DNSSEC keys
-	key-directory "/etc/bind/keys";
+	key-directory "{{ bind9_keydir }}";
 {% endif %}
 };
 

templates/bind/zones/db.template.j2

@@ -12,7 +12,7 @@
   mx_records:
     - priority: 10
       name: mx1.example.org.
-  caa_records: 
+  caa_records:
     - 0 issue "example-ca.org"
   rrs:
     - label: subdomain
@@ -22,7 +22,7 @@
 ;; {{ ansible_managed }}
 $ORIGIN .
 {# Default TTL of zone records. `negative_ttl` is a deprecated name of this variable.  #}
-$TTL {{ zone.default_ttl|default(zone.negative_ttl|default('3600')) }}   ; 1 hour. 
+$TTL {{ zone.default_ttl|default(zone.negative_ttl|default('3600')) }}   ; 1 hour.
 {# We first deal in detail with SOA and NS, which are requiered, and root zone registers
    Empezamos detallando el SOA y NS, que son indispensables, y registros de raíz de zona #}
 {{ zone.name }} IN  SOA     {{ zone.primary|default(zone.ns_records.0) }}. {{ zone.admin|default(bind9_admin) }}. (