Add unbound for print hosts

group_vars/print.yml

@@ -9,6 +9,8 @@ network_vip_interfaces:
 
 firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 53, from: [172.20.24.0/24]}
+  - {proto: udp, port: 53, from: [172.20.24.0/24]}
   - {proto: tcp, port: 443, from: [172.20.20.0/22]}
 firewall_raw:
   - "-A INPUT -i eth1 -d 224.0.0.0/8 -j ACCEPT"

host_vars/print01.home.foo.sh.yml

@@ -4,10 +4,12 @@ network_interfaces:
   - device: eth0
     vlan: 20
     mac: "52:54:00:ac:dc:1b"
+    nameservers: []
   - device: eth1
     vlan: 24
     ipaddr: 172.20.24.2
     netmask: 255.255.255.0
     proto: static
+    nameservers: [172.20.24.1,172.20.24.2]
 
 vip24_priority: 128

playbooks/print.yml

@@ -18,3 +18,18 @@
       principals:
         - "HTTP/print.foo.sh@{{ kerberos_realm }}"
     - cups/server
+
+  tasks:
+    - name: copy dns zone files
+      copy:
+        dest: "/var/lib/unbound/{{ item }}"
+        src: "/srv/dns/{{ item }}"
+        mode: 0644
+        owner: root
+        group: "{{ ansible_wheel }}"
+      notify: restart unbound
+      with_items:
+        - 24.20.172.in-addr.arpa
+        - print.foo.sh
+    - import_role:
+        name: unbound