3 files changed, 38 insertions, 0 deletions

diff --git a/pillar/formulas.yaml b/pillar/formulas.yaml
index 191a8e1..0683900 100644
--- a/pillar/formulas.yaml
+++ b/pillar/formulas.yaml
@@ -2,6 +2,7 @@
 - firewalld
 - keepalived
 - nginx
+- nsd
 - openssh
 - postfix
 - prometheus
diff --git a/pillar/role/dns/nsd.sls b/pillar/role/dns/nsd.sls
new file mode 100644
index 0000000..4b89a0a
--- /dev/null
+++ b/pillar/role/dns/nsd.sls
@@ -0,0 +1,35 @@
+nsd:
+  config_data:
+    server:
+      hide-version: 'yes'
+      verbosity: 2
+      ip4-only: 'yes'
+    remote-control:
+      control-enable: 'yes'
+      control-interface: '/run/nsd/nsd.sock'
+  zones:
+    lysergic.dev:
+      zone_source: salt://zones/lysergic.dev.zone
+      allow-notify: 192.168.0.115 tsig.lysergic.dev.
+      request-xfr: 10.0.10.2@5353 tsig.lysergic.dev.
+      outgoing-interface: 192.168.0.160
+    psyched.dev:
+      zone_source: salt://zones/psyched.dev.zone
+      allow-notify: 192.168.0.115 tsig.psyched.dev.
+      request-xfr: 10.0.10.2@5353 tsig.psyched.dev.
+      outgoing-interface: 192.168.0.160
+    syscid.com:
+      zone_source: salt://zones/syscid.com.zone
+      allow-notify: 192.168.0.115 tsig.syscid.com.
+      request-xfr: 10.0.10.2@5353 tsig.syscid.com.
+      outgoing-interface: 192.168.0.160
+  keys:
+    tsig.lysergic.dev.:
+      algorithm: hmac-sha512
+      secret: ${'secret_nsd:tsig_key:lysergic_dev'}
+    tsig.syscid.com.:
+      algorithm: hmac-sha512
+      secret: ${'secret_nsd:tsig_key:syscid_com'}
+    tsig.psyched.dev.:
+      algorithm: hmac-sha512
+      secret: ${'secret_nsd:tsig_key:psyched_dev'}
diff --git a/salt/role/dns/nsd.sls b/salt/role/dns/nsd.sls
new file mode 100644
index 0000000..bb9f5fd
--- /dev/null
+++ b/salt/role/dns/nsd.sls
@@ -0,0 +1,2 @@
+include:
+  - nsd