Initial commit

2019-03-09 00:31:38 +00:00 · 2019-03-09 00:31:38 +00:00 · aa28efc5fc
commit aa28efc5fc
10 changed files with 83 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+*.retry
--- a/inventory.yaml
+++ b/inventory.yaml
@ -0,0 +1,5 @@
+---
+pi:
+  hosts:
+    pi:
+      ansible_connection: local
--- a/pi.yaml
+++ b/pi.yaml
@ -0,0 +1,5 @@
+---
+- hosts: pi
+  roles:
+    - common
+    - dns
--- a/roles/common/tasks/main.yaml
+++ b/roles/common/tasks/main.yaml
@ -0,0 +1,6 @@
+---
+- name: install system utilities
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ sys_utils }}"
--- a/roles/common/vars/main.yaml
+++ b/roles/common/vars/main.yaml
@ -0,0 +1,8 @@
+---
+sys_utils:
+  - git
+  - vim
+  - tmux
+  - dnsutils
+  - ldnsutils
+  - tcpdump
--- a/roles/dns/defaults/main.yaml
+++ b/roles/dns/defaults/main.yaml
@ -0,0 +1,23 @@
+---
+unbound_package_name: 'unbound'
+unbound_package_state: 'present'
+
+unbound_service_name: 'unbound'
+unbound_service_state: 'started'
+unbound_service_enabled: yes
+
+unbound_forward_zones:
+  - name: .
+    forward_addr:
+      - 2606:4700:4700::1111
+      - 2001:4860:4860::8888
+      - 2620:fe::fe
+      - 2606:4700:4700::1001 
+      - 2001:4860:4860::8844
+      - 2620:fe::9
+      - 1.1.1.1
+      - 8.8.8.8
+      - 9.9.9.9
+      - 1.0.0.1
+      - 8.8.4.4
+      - 149.112.112.112
--- a/roles/dns/handlers/main.yaml
+++ b/roles/dns/handlers/main.yaml
@ -0,0 +1,6 @@
+---
+- name: reload unbound
+  service:
+    name: "{{ unbound_service_name }}"
+    state: reloaded
+  when: "{{ unbound_service_enabled }}"
--- a/roles/dns/tasks/main.yaml
+++ b/roles/dns/tasks/main.yaml
@ -0,0 +1,19 @@
+---
+- name: install unbound
+  package:
+    name: "{{ unbound_package_name }}"
+    state: "{{ unbound_package_state }}"
+
+- name: configure unbound
+  template:
+    src: forward.conf.j2
+    dest: /etc/unbound/unbound.conf.d/forward.conf
+    validate: 'unbound-checkconf %s'
+  notify:
+    - reload unbound
+
+- name: start unbound
+  service:
+    name: "{{ unbound_service_name }}"
+    state: "{{ unbound_service_state }}"
+    enabled: "{{ unbound_service_enabled }}"
--- a/roles/dns/templates/forward.conf.j2
+++ b/roles/dns/templates/forward.conf.j2
@ -0,0 +1,9 @@
+{% if unbound_forward_zones %}
+forward-zone:
+{% for zone in unbound_forward_zones %}
+  name: "{{ zone.name }}"
+{% for addr in zone.forward_addr %}
+  forward-addr: {{ addr }}
+{% endfor %}
+{% endfor %}
+{% endif %}
--- a/roles/dns/vars/RedHat.yaml
+++ b/roles/dns/vars/RedHat.yaml
@ -0,0 +1 @@
+---