commit aa28efc5fc43d8c4d41439ebb0c5769d07fa9320 Author: Ryan Cavicchioni Date: Sat Mar 9 00:31:38 2019 +0000 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a8b42eb --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.retry diff --git a/inventory.yaml b/inventory.yaml new file mode 100644 index 0000000..e6d7f16 --- /dev/null +++ b/inventory.yaml @@ -0,0 +1,5 @@ +--- +pi: + hosts: + pi: + ansible_connection: local diff --git a/pi.yaml b/pi.yaml new file mode 100644 index 0000000..ffe5dde --- /dev/null +++ b/pi.yaml @@ -0,0 +1,5 @@ +--- +- hosts: pi + roles: + - common + - dns diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml new file mode 100644 index 0000000..7ce8944 --- /dev/null +++ b/roles/common/tasks/main.yaml @@ -0,0 +1,6 @@ +--- +- name: install system utilities + package: + name: "{{ item }}" + state: present + with_items: "{{ sys_utils }}" diff --git a/roles/common/vars/main.yaml b/roles/common/vars/main.yaml new file mode 100644 index 0000000..4f81b8f --- /dev/null +++ b/roles/common/vars/main.yaml @@ -0,0 +1,8 @@ +--- +sys_utils: + - git + - vim + - tmux + - dnsutils + - ldnsutils + - tcpdump diff --git a/roles/dns/defaults/main.yaml b/roles/dns/defaults/main.yaml new file mode 100644 index 0000000..96e0179 --- /dev/null +++ b/roles/dns/defaults/main.yaml @@ -0,0 +1,23 @@ +--- +unbound_package_name: 'unbound' +unbound_package_state: 'present' + +unbound_service_name: 'unbound' +unbound_service_state: 'started' +unbound_service_enabled: yes + +unbound_forward_zones: + - name: . + forward_addr: + - 2606:4700:4700::1111 + - 2001:4860:4860::8888 + - 2620:fe::fe + - 2606:4700:4700::1001 + - 2001:4860:4860::8844 + - 2620:fe::9 + - 1.1.1.1 + - 8.8.8.8 + - 9.9.9.9 + - 1.0.0.1 + - 8.8.4.4 + - 149.112.112.112 diff --git a/roles/dns/handlers/main.yaml b/roles/dns/handlers/main.yaml new file mode 100644 index 0000000..2351b33 --- /dev/null +++ b/roles/dns/handlers/main.yaml @@ -0,0 +1,6 @@ +--- +- name: reload unbound + service: + name: "{{ unbound_service_name }}" + state: reloaded + when: "{{ unbound_service_enabled }}" diff --git a/roles/dns/tasks/main.yaml b/roles/dns/tasks/main.yaml new file mode 100644 index 0000000..e673ec7 --- /dev/null +++ b/roles/dns/tasks/main.yaml @@ -0,0 +1,19 @@ +--- +- name: install unbound + package: + name: "{{ unbound_package_name }}" + state: "{{ unbound_package_state }}" + +- name: configure unbound + template: + src: forward.conf.j2 + dest: /etc/unbound/unbound.conf.d/forward.conf + validate: 'unbound-checkconf %s' + notify: + - reload unbound + +- name: start unbound + service: + name: "{{ unbound_service_name }}" + state: "{{ unbound_service_state }}" + enabled: "{{ unbound_service_enabled }}" diff --git a/roles/dns/templates/forward.conf.j2 b/roles/dns/templates/forward.conf.j2 new file mode 100644 index 0000000..af64eb4 --- /dev/null +++ b/roles/dns/templates/forward.conf.j2 @@ -0,0 +1,9 @@ +{% if unbound_forward_zones %} +forward-zone: +{% for zone in unbound_forward_zones %} + name: "{{ zone.name }}" +{% for addr in zone.forward_addr %} + forward-addr: {{ addr }} +{% endfor %} +{% endfor %} +{% endif %} diff --git a/roles/dns/vars/RedHat.yaml b/roles/dns/vars/RedHat.yaml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/dns/vars/RedHat.yaml @@ -0,0 +1 @@ +---