From 3b2c2a453eb437d1045fa49bf808e199e7622a99 Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Thu, 9 May 2024 18:23:21 +0000 Subject: [PATCH] unbound: Add support for copying zone files --- group_vars/dnagw.yml | 4 ++++ group_vars/frigate.yml | 4 +++- group_vars/nms.yml | 4 ++++ group_vars/print.yml | 4 ++++ playbooks/dna-gw.yml | 13 ------------- playbooks/frigate.yml | 13 ------------- playbooks/nms.yml | 13 ------------- playbooks/print.yml | 13 ------------- roles/unbound/tasks/main.yml | 11 +++++++++++ roles/unbound/vars/OpenBSD.yml | 1 + roles/unbound/vars/RedHat.yml | 1 + 11 files changed, 28 insertions(+), 53 deletions(-) diff --git a/group_vars/dnagw.yml b/group_vars/dnagw.yml index f224e9f..3bffd50 100644 --- a/group_vars/dnagw.yml +++ b/group_vars/dnagw.yml @@ -16,6 +16,10 @@ network_ether_interfaces: - device: vio1 proto: none +unbound_zones: + - 20.172.in-addr.arpa + - home.foo.sh + # use custom firewall config firewall_src: pf.conf.gw_home diff --git a/group_vars/frigate.yml b/group_vars/frigate.yml index 03177dc..7a7df80 100644 --- a/group_vars/frigate.yml +++ b/group_vars/frigate.yml @@ -11,7 +11,9 @@ network_vip_interfaces: netmask: 255.255.0.0 pass: "{{ vip26_pass }}" -zm_mysql_host: sqldb02.home.foo.sh +unbound_zones: + - 26.20.172.in-addr.arpa + - cam.foo.sh dhcpd_template: dhcpd.conf.cam.j2 firewall_in: diff --git a/group_vars/nms.yml b/group_vars/nms.yml index 42b35f2..4278cfd 100644 --- a/group_vars/nms.yml +++ b/group_vars/nms.yml @@ -2,6 +2,10 @@ datadisks: - {size: 10, type: nvme} +unbound_zones: + - 25.20.172.in-addr.arpa + - oob.foo.sh + network_vip_interfaces: - device: eth0 vhid: 11 diff --git a/group_vars/print.yml b/group_vars/print.yml index 2dbeb2c..469cb94 100644 --- a/group_vars/print.yml +++ b/group_vars/print.yml @@ -9,6 +9,10 @@ network_vip_interfaces: dhcpd_template: dhcpd.conf.print.j2 +unbound_zones: + - 24.20.172.in-addr.arpa + - print.foo.sh + firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - {proto: tcp, port: 53, from: [172.20.24.0/24]} diff --git a/playbooks/dna-gw.yml b/playbooks/dna-gw.yml index f9672d0..360d7be 100644 --- a/playbooks/dna-gw.yml +++ b/playbooks/dna-gw.yml @@ -144,19 +144,6 @@ tags: certificates notify: Restart unbound - - name: Copy DNS zone files - ansible.builtin.copy: - dest: "/var/unbound/db/{{ item }}" - src: "/srv/dns/{{ item }}" - mode: "0644" - owner: root - group: "{{ ansible_wheel }}" - tags: dns - notify: Restart unbound - with_items: - - 20.172.in-addr.arpa - - home.foo.sh - - name: Import unbound role ansible.builtin.import_role: name: unbound diff --git a/playbooks/frigate.yml b/playbooks/frigate.yml index 9da0eb3..2b37b1c 100644 --- a/playbooks/frigate.yml +++ b/playbooks/frigate.yml @@ -35,19 +35,6 @@ - name: Run handlers to get interfaces configured ansible.builtin.meta: flush_handlers - - name: Copy DNS zone files - ansible.builtin.copy: - dest: "/var/lib/unbound/{{ item }}" - src: "/srv/dns/{{ item }}" - mode: "0644" - owner: root - group: "{{ ansible_wheel }}" - tags: dns - notify: Restart unbound - with_items: - - 26.20.172.in-addr.arpa - - cam.foo.sh - - name: Include unbound role ansible.builtin.import_role: name: unbound diff --git a/playbooks/nms.yml b/playbooks/nms.yml index 3c73d5f..c557d36 100644 --- a/playbooks/nms.yml +++ b/playbooks/nms.yml @@ -46,19 +46,6 @@ vars: relay_domains: [foo.sh] - - name: Copy DNS zone files - ansible.builtin.copy: - dest: "/var/lib/unbound/{{ item }}" - src: "/srv/dns/{{ item }}" - mode: "0644" - owner: root - group: "{{ ansible_wheel }}" - tags: dns - notify: Restart unbound - with_items: - - 25.20.172.in-addr.arpa - - oob.foo.sh - - name: Import unbound role ansible.builtin.import_role: name: unbound diff --git a/playbooks/print.yml b/playbooks/print.yml index 3a22ad2..baa33c8 100644 --- a/playbooks/print.yml +++ b/playbooks/print.yml @@ -25,19 +25,6 @@ ansible.builtin.import_role: name: dhcpd - - name: Copy DNS zone files - ansible.builtin.copy: - dest: "/var/lib/unbound/{{ item }}" - src: "/srv/dns/{{ item }}" - mode: "0644" - owner: root - group: "{{ ansible_wheel }}" - tags: dns - notify: Restart unbound - with_items: - - 24.20.172.in-addr.arpa - - print.foo.sh - - name: Install unbound role ansible.builtin.import_role: name: unbound diff --git a/roles/unbound/tasks/main.yml b/roles/unbound/tasks/main.yml index 0c0ef91..5ec99fb 100644 --- a/roles/unbound/tasks/main.yml +++ b/roles/unbound/tasks/main.yml @@ -15,6 +15,17 @@ creates: "{{ unbound_control_key }}" notify: Restart unbound +- name: Copy zone files + ansible.builtin.copy: + dest: "{{ unbound_zonedir }}/{{ item }}" + src: "/srv/dns/{{ item }}" + mode: "0644" + owner: root + group: "{{ ansible_wheel }}" + with_items: "{{ unbound_zones }}" + notify: Restart unbound + when: unbound_zones is defined + - name: Copy config ansible.builtin.template: dest: "{{ unbound_conf }}" diff --git a/roles/unbound/vars/OpenBSD.yml b/roles/unbound/vars/OpenBSD.yml index 4ce4313..c952c8a 100644 --- a/roles/unbound/vars/OpenBSD.yml +++ b/roles/unbound/vars/OpenBSD.yml @@ -1,3 +1,4 @@ --- unbound_conf: /var/unbound/etc/unbound.conf unbound_control_key: /var/unbound/etc/unbound_control.key +unbound_zonedir: /var/unbound/db diff --git a/roles/unbound/vars/RedHat.yml b/roles/unbound/vars/RedHat.yml index 48bfadd..a15473b 100644 --- a/roles/unbound/vars/RedHat.yml +++ b/roles/unbound/vars/RedHat.yml @@ -1,3 +1,4 @@ --- unbound_conf: /etc/unbound/unbound.conf unbound_control_key: /etc/unbound/unbound_control.key +unbound_zonedir: /var/lib/unbound