ryanc/ansible
1
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

unbound: configure as a forwarded that accepts connections

Browse Source
This commit is contained in:
Ryan Cavicchioni 2022-08-30 07:24:18 -05:00
parent 621ae59e63
commit 399f5541c6
Signed by: ryanc
GPG Key ID: 877EEDAF9245103D
7 changed files with 63 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
roles/dns/defaults/main.yaml
View File

@ -6,6 +6,14 @@ unbound_service_name: 'unbound'
unbound_service_state: 'started' unbound_service_state: 'started'
unbound_service_enabled: yes unbound_service_enabled: yes
unbound_interfaces:
- 127.0.0.1
- ::1
unbound_access_control:
- 127.0.0.1 allow
- ::1 allow
unbound_forward_zones: unbound_forward_zones:
- name: . - name: .
forward_addr: forward_addr:

6
roles/dns/handlers/main.yaml
View File

@ -5,4 +5,10 @@
state: reloaded state: reloaded
when: unbound_service_enabled when: unbound_service_enabled
- name: restart unbound
service:
name: "{{ unbound_service_name }}"
state: restarted
when: unbound_service_enabled
# vim:ft=yaml.ansible: # vim:ft=yaml.ansible:

0
roles/dns/tasks/default.yaml Normal file
View File

38
roles/dns/tasks/main.yaml
View File

@ -1,14 +1,46 @@
--- ---
- name: gather os specific variables
include_vars: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
include_tasks: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- name: install unbound - name: install unbound
package: package:
name: "{{ unbound_package_name }}" name: "{{ unbound_package_name }}"
state: "{{ unbound_package_state }}" state: "{{ unbound_package_state }}"
- name: configure unbound - name: configure unbound interfaces
template:
src: listen.conf.j2
dest: "{{ unbound_conf_d_path }}/listen.conf"
validate: "{{ unbound_checkconf_command }}"
notify:
- restart unbound
- name: configure unbound forward zones
template: template:
src: forward.conf.j2 src: forward.conf.j2
dest: /etc/unbound/unbound.conf.d/forward.conf dest: "{{ unbound_conf_d_path }}/forward.conf"
validate: 'unbound-checkconf %s' validate: "{{ unbound_checkconf_command }}"
notify: notify:
- reload unbound - reload unbound

9
roles/dns/templates/listen.conf.j2 Normal file
View File

@ -0,0 +1,9 @@
server:
{% if unbound_interfaces is defined %}
{% for iface in unbound_interfaces | default([]) %}
interface: {{ iface }}
{% endfor %}
{% for ac in unbound_access_control | default([]) %}
access-control: {{ ac }}
{% endfor %}
{% endif %}

3
roles/dns/vars/Debian.yaml Normal file
View File

@ -0,0 +1,3 @@
---
unbound_conf_d_path: /etc/unbound/unbound.conf.d
unbound_checkconf_command: unbound-checkconf %s

2
roles/dns/vars/RedHat.yaml
View File

@ -1,3 +1,5 @@
--- ---
unbound_conf_d_path: /etc/unbound/conf.d
unbound_checkconf_command: 'true %s'
# vim:ft=yaml.ansible: # vim:ft=yaml.ansible: