dave
/
ansible-playbooks
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
2 Branches
0 Tags
425 KiB
 
 
Tag: Branch: Tree: ac4de942ba
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ac4de942ba'
${ noResults }
ansible-playbooks/roles/unbound/tasks/main.yml

99 lines
2.2 KiB
Raw Blame History

- name: import internal ns forwarding snippet
include_vars:
file: internal.yml
hash_behaviour: merge
when: services.internal_ns is defined
- name: set unbound_cfg
set_fact:
unbound_cfg: "{{ unbound_default_config | d({}) | combine(unbound_config | d({}), recursive=true) }}"
- name: install unbound
include_tasks: tasks/install_packages.yml
vars:
package:
- unbound
- alpine: unbound-openrc
notify: restart unbound
- name: create user and group
include_tasks: tasks/create_user.yml
vars:
user:
name: "{{ unbound_user }}"
group: "{{ unbound_group }}"
- name: create unbound conf dir
file:
path: "{{ unbound_conf_dir }}"
state: directory
mode: 0755
owner: "{{ unbound_user }}"
group: "{{ unbound_group }}"
- name: template unbound configuration
template:
src: unbound.j2
dest: "{{ unbound_conf_file }}"
force: yes
lstrip_blocks: yes
mode: 0400
owner: "{{ unbound_user }}"
group: "{{ unbound_group }}"
notify: restart unbound
- name: edit service config
lineinfile:
path: /etc/conf.d/unbound
regexp: "^{{ item.name }}="
line: "{{ item.name }}=\"{{ item.value }}\""
notify: restart unbound
loop:
- name: cfgfile
value: "{{ unbound_conf_file }}"
- name: download root hint file
get_url:
url: https://www.internic.net/domain/named.cache
dest: "{{ unbound_hints_file }}"
mode: 0644
owner: "{{ unbound_user }}"
group: "{{ unbound_group }}"
- name: create cron job for hint refresh
cron:
name: refresh root hints
minute: "{{ 59 | random(seed=inventory_hostname) }}"
hour: "{{ 5 | random(seed=inventory_hostname) }}"
job: "( wget -q -O {{ unbound_hints_file | quote }} https://www.internic.net/domain/named.cache ; \
chown {{ unbound_user }}:{{ unbound_group }} {{ unbound_hints_file | quote }} ; \
chmod 0644 {{ unbound_hints_file | quote }} \
) > /dev/null 2>&1"
- name: flush handlers
meta: flush_handlers
- name: add directories to backup plan
include_role:
name: backup
vars:
function: add
backup_items:
- "{{ unbound_conf_dir }}"
- name: enable and start unbound
service:
name: unbound
enabled: yes
state: started