PowerDNS · npmdnl · Mar 3, 2023 · Jan 30, 2023 · Jan 30, 2023 · Jan 30, 2023
diff --git a/README.md b/README.md
@@ -78,7 +78,7 @@ pdns_rec_install_epel: True
 ```
 
 By default, install EPEL to satisfy some PowerDNS Recursor dependencies like `protobuf`.
-To skip the installtion of EPEL set `pdns_rec_install_epel` to `False`.
+To skip the installation of EPEL set `pdns_rec_install_epel` to `False`.
 
 ```yaml
 pdns_rec_package_name: "{{ default_pdns_rec_package_name }}"
@@ -182,6 +182,23 @@ pdns_rec_service_overrides:
 Dict with overrides for the service (systemd only).
 This can be used to change any systemd settings in the `[Service]` category
 
+```yaml
+pdns_rec_config_from_files_dir_mode: 0750
+pdns_rec_config_from_files: []
+#pdns_rec_config_from_files:
+#  - dest: "/var/lib/pdns-recursor/from-files/forward-zones.txt"
+#    src: "files/forward-zones/forward.txt"
+```
+
+List of files to copy to the PowerDNS Recursor instance, could be used for the `*-from-file` settings in the `recursor.conf` configuration file.
+The `pdns_rec_config_from_files_dir_mode` allow to change the mode of files if required.
+
+```yaml
+pdns_rec_config_include_dir_mode: 0750
+```
+
+The `pdns_rec_config_include_dir_mode` will change the mode of directories form `include-dir` settings, in case one of them required some writing permissions.
+
 ## Example Playbooks
 
 Bind to `203.0.113.53` on port `5300` and allow only traffic from the `198.51.100.0/24` subnet:

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -80,6 +80,13 @@ pdns_rec_config_lua_file_content: ""
 pdns_rec_config_dns_script: "{{ pdns_rec_config_dir }}/dns-script.lua"
 pdns_rec_config_dns_script_file_content: ""
 
+# Mode for directories from include-dir
+pdns_rec_config_include_dir_mode: 0750
+
+# Directories and files required by recursor configuration
+pdns_rec_config_from_files_dir_mode: 0750
+pdns_rec_config_from_files: []
+
 # Dict containing all configuration options, except for the
 # "config-dir", "setuid" and "setgid" directives in YAML format.
 pdns_rec_config: {}

diff --git a/tasks/configure.yml b/tasks/configure.yml
@@ -48,8 +48,33 @@
     state: directory
     owner: "{{ pdns_rec_file_owner }}"
     group: "{{ pdns_rec_file_group }}"
-    mode: 0750
+    mode: "{{ pdns_rec_config_include_dir_mode }}"
   when: "pdns_rec_config['include-dir'] is defined"
+  register: _pdns_recursor_configuration_include_dir
+
+- block:
+
+  - name: Ensure that the PowerDNS Recursor configuration from-files directory exists
+    ansible.builtin.file:
+      name: "{{ item.dest | dirname }}"
+      state: directory
+      owner: "{{ pdns_rec_file_owner }}"
+      group: "{{ pdns_rec_file_group }}"
+      mode: "{{ pdns_rec_config_from_files_dir_mode }}"
+    loop: "{{ pdns_rec_config_from_files }}"
+
+  - name: Copy the PowerDNS Recursor configuration from-files files
+    ansible.builtin.copy:
+      content: "{{ item.content | default(omit) }}"
+      src: "{{ item.src | default(omit) }}"
+      dest: "{{ item.dest }}"
+      owner: "{{ pdns_rec_file_owner }}"
+      group: "{{ pdns_rec_file_group }}"
+      mode: "{{ pdns_rec_config_from_files_dir_mode }}"
+    loop: "{{ pdns_rec_config_from_files }}"
+    register: _pdns_recursor_configuration_from_files
+
+  when: "pdns_rec_config_from_files | length > 0"
 
 - name: Generate the PowerDNS Recursor Lua config-file
   copy:
@@ -79,6 +104,8 @@
   when: not pdns_rec_disable_handlers
     and pdns_rec_service_state != 'stopped'
     and (_pdns_recursor_override_unit.changed
+      or _pdns_recursor_configuration_include_dir.changed
       or _pdns_recursor_configuration.changed
+      or _pdns_recursor_configuration_from_files.changed
       or _pdns_recursor_lua_file_configuraton.changed
       or _pdns_recursor_dns_script_configuration.changed)