ansible-playbooks/roles/blocky/tasks/main.yml

- name: import internal tld resolver vars if internal nameserver is present
  include_vars:
    file: internal.yml
  when: services.internal_ns is defined


- name: import ipv6 disable snippet
  include_vars:
    file: disable_ipv6.yml
    hash_behaviour: merge
  when: blocky_disable_ipv6 | d(false) == true


- name: import tls support
  include_vars:
    file: tls.yml
    hash_behaviour: merge
  when: host_tls and blocky_enable_dot


- name: set blocky_cfg
  set_fact:
    blocky_cfg: "{{ blocky_default_config | d({}) | combine(blocky_config | d({}), recursive=true) }}"


- name: install dependencies
  include_tasks: tasks/install_packages.yml
  vars:
    package:
      - libcap
      - libc6-compat


- name: create user and group
  include_tasks: tasks/create_user.yml
  vars:
    user:
      name: "{{ blocky_user }}"
      group: "{{ blocky_group }}"
      dir: "{{ blocky_dir }}"
      notify: restart blocky


- name: create directories
  file:
    path: "{{ item }}"
    state: directory
    mode: 0755
    owner: "{{ blocky_user }}"
    group: "{{ blocky_group }}"
  notify: restart blocky
  loop:
    - "{{ blocky_conf_dir }}"
    - "{{ blocky_dir }}"


- name: get and extract latest version of blocky
  include_tasks: tasks/get_lastversion.yml
  vars:
    package:
      name: 0xERR0R/blocky
      location: github
      assets: yes
      asset_filter: 'Linux_x86_64.tar.gz$'
      file: "{{ blocky_dir }}/last_version"
      extract: "{{ blocky_dir }}"
      user: "{{ blocky_user }}"
      group: "{{ blocky_group }}"
      notify: restart blocky


- name: template config file
  template:
    src: blocky.j2
    dest: "{{ blocky_conf_file }}"
    force: yes
    mode: 0400
    owner: "{{ blocky_user }}"
    group: "{{ blocky_group }}"
    lstrip_blocks: yes
  notify: restart blocky


- name: template init script
  template:
    src: init.j2
    dest: /etc/init.d/blocky
    force: yes
    mode: "+x"
  notify: restart blocky


- name: ensure blocky binary has executable bit set
  file:
    path: "{{ blocky_dir }}/blocky"
    mode: "+x"


- name: add cap_net_bind_service to blocky executable
  community.general.capabilities:
    path: "{{ blocky_dir }}/blocky"
    capability: cap_net_bind_service+ep
  changed_when: no


- name: install and configure nginx
  include_role:
    name: nginx
  vars:
    nginx:
      servers:
        - conf: nginx_server
      certs: "{{ host_tls }}"
      external_tld: "{{ host_tld }}"


- block:
    - name: get certificate file type
      stat:
        path: /etc/nginx/tls/ecc384.crt
      register: stat


    - name: copy nginx ecc384 certificate to blocky dir
      copy:
        src: "/etc/nginx/tls/{{ item.src }}"
        dest: "{{ item.dest }}"
        force: yes
        mode: 0400
        owner: "{{ blocky_user }}"
        group: "{{ blocky_group }}"
        remote_src: yes
      loop:
        - src: ecc384.crt
          dest: "{{ blocky_tls_ecc384_cert }}"
        - src: ecc384.key
          dest: "{{ blocky_tls_ecc384_key }}"
      when: not (stat.stat.islnk is defined and stat.stat.islnk)


    - name: create symlinks
      file:
        path: "{{ item.dest }}"
        src: "/etc/nginx/tls/{{ item.src }}"
        state: link
        force: yes
      loop:
        - src: ecc384.crt
          dest: "{{ blocky_tls_ecc384_cert }}"
        - src: ecc384.key
          dest: "{{ blocky_tls_ecc384_key }}"
      when: stat.stat.islnk is defined and stat.stat.islnk

  when: host_tls and blocky_enable_dot


- name: add directories to backup plan
  include_role:
    name: backup
  vars:
    function: add
    backup_items:
      - "{{ blocky_conf_dir }}"


- name: add prometheus metric target
  include_role:
    name: prometheus
  vars:
    function: add_target
    target:
      name: blocky
      scheme: "{{ host_protocol }}"
  when: host_metrics


- name: flush handlers
  meta: flush_handlers


- name: enable and start blocky
  service:
    name: blocky
    enabled: yes
    state: started
init 2 years ago			`- name: import internal tld resolver vars if internal nameserver is present`
			`include_vars:`
			`file: internal.yml`
			`when: services.internal_ns is defined`


			`- name: import ipv6 disable snippet`
			`include_vars:`
			`file: disable_ipv6.yml`
			`hash_behaviour: merge`
			`when: blocky_disable_ipv6 \| d(false) == true`


			`- name: import tls support`
			`include_vars:`
			`file: tls.yml`
			`hash_behaviour: merge`
			`when: host_tls and blocky_enable_dot`


			`- name: set blocky_cfg`
			`set_fact:`
			`blocky_cfg: "{{ blocky_default_config \| d({}) \| combine(blocky_config \| d({}), recursive=true) }}"`


			`- name: install dependencies`
			`include_tasks: tasks/install_packages.yml`
			`vars:`
			`package:`
			`- libcap`
			`- libc6-compat`


			`- name: create user and group`
			`include_tasks: tasks/create_user.yml`
			`vars:`
			`user:`
			`name: "{{ blocky_user }}"`
			`group: "{{ blocky_group }}"`
			`dir: "{{ blocky_dir }}"`
			`notify: restart blocky`


			`- name: create directories`
			`file:`
			`path: "{{ item }}"`
			`state: directory`
			`mode: 0755`
			`owner: "{{ blocky_user }}"`
			`group: "{{ blocky_group }}"`
			`notify: restart blocky`
			`loop:`
			`- "{{ blocky_conf_dir }}"`
			`- "{{ blocky_dir }}"`


			`- name: get and extract latest version of blocky`
			`include_tasks: tasks/get_lastversion.yml`
			`vars:`
			`package:`
			`name: 0xERR0R/blocky`
			`location: github`
			`assets: yes`
			`asset_filter: 'Linux_x86_64.tar.gz$'`
			`file: "{{ blocky_dir }}/last_version"`
			`extract: "{{ blocky_dir }}"`
			`user: "{{ blocky_user }}"`
			`group: "{{ blocky_group }}"`
			`notify: restart blocky`


			`- name: template config file`
			`template:`
			`src: blocky.j2`
			`dest: "{{ blocky_conf_file }}"`
			`force: yes`
			`mode: 0400`
			`owner: "{{ blocky_user }}"`
			`group: "{{ blocky_group }}"`
			`lstrip_blocks: yes`
			`notify: restart blocky`


			`- name: template init script`
			`template:`
			`src: init.j2`
			`dest: /etc/init.d/blocky`
			`force: yes`
			`mode: "+x"`
			`notify: restart blocky`


			`- name: ensure blocky binary has executable bit set`
			`file:`
			`path: "{{ blocky_dir }}/blocky"`
			`mode: "+x"`


			`- name: add cap_net_bind_service to blocky executable`
			`community.general.capabilities:`
			`path: "{{ blocky_dir }}/blocky"`
			`capability: cap_net_bind_service+ep`
			`changed_when: no`


			`- name: install and configure nginx`
			`include_role:`
			`name: nginx`
			`vars:`
			`nginx:`
			`servers:`
			`- conf: nginx_server`
			`certs: "{{ host_tls }}"`
			`external_tld: "{{ host_tld }}"`


			`- block:`
			`- name: get certificate file type`
			`stat:`
			`path: /etc/nginx/tls/ecc384.crt`
			`register: stat`


			`- name: copy nginx ecc384 certificate to blocky dir`
			`copy:`
			`src: "/etc/nginx/tls/{{ item.src }}"`
			`dest: "{{ item.dest }}"`
			`force: yes`
			`mode: 0400`
			`owner: "{{ blocky_user }}"`
			`group: "{{ blocky_group }}"`
			`remote_src: yes`
			`loop:`
			`- src: ecc384.crt`
			`dest: "{{ blocky_tls_ecc384_cert }}"`
			`- src: ecc384.key`
			`dest: "{{ blocky_tls_ecc384_key }}"`
			`when: not (stat.stat.islnk is defined and stat.stat.islnk)`


			`- name: create symlinks`
			`file:`
			`path: "{{ item.dest }}"`
			`src: "/etc/nginx/tls/{{ item.src }}"`
			`state: link`
			`force: yes`
			`loop:`
			`- src: ecc384.crt`
			`dest: "{{ blocky_tls_ecc384_cert }}"`
			`- src: ecc384.key`
			`dest: "{{ blocky_tls_ecc384_key }}"`
			`when: stat.stat.islnk is defined and stat.stat.islnk`

			`when: host_tls and blocky_enable_dot`


			`- name: add directories to backup plan`
			`include_role:`
			`name: backup`
			`vars:`
			`function: add`
			`backup_items:`
			`- "{{ blocky_conf_dir }}"`


			`- name: add prometheus metric target`
			`include_role:`
			`name: prometheus`
			`vars:`
			`function: add_target`
			`target:`
			`name: blocky`
			`scheme: "{{ host_protocol }}"`
			`when: host_metrics`


			`- name: flush handlers`
			`meta: flush_handlers`


			`- name: enable and start blocky`
			`service:`
			`name: blocky`
			`enabled: yes`
			`state: started`