unbound: Add support for copying zone files

group_vars/dnagw.yml

@@ -16,6 +16,10 @@ network_ether_interfaces:
   - device: vio1
     proto: none
 
+unbound_zones:
+  - 20.172.in-addr.arpa
+  - home.foo.sh
+
 # use custom firewall config
 firewall_src: pf.conf.gw_home
 

group_vars/frigate.yml

@@ -11,7 +11,9 @@ network_vip_interfaces:
     netmask: 255.255.0.0
     pass: "{{ vip26_pass }}"
 
-zm_mysql_host: sqldb02.home.foo.sh
+unbound_zones:
+  - 26.20.172.in-addr.arpa
+  - cam.foo.sh
 dhcpd_template: dhcpd.conf.cam.j2
 
 firewall_in:

group_vars/nms.yml

@@ -2,6 +2,10 @@
 datadisks:
   - {size: 10, type: nvme}
 
+unbound_zones:
+  - 25.20.172.in-addr.arpa
+  - oob.foo.sh
+
 network_vip_interfaces:
   - device: eth0
     vhid: 11

group_vars/print.yml

@@ -9,6 +9,10 @@ network_vip_interfaces:
 
 dhcpd_template: dhcpd.conf.print.j2
 
+unbound_zones:
+  - 24.20.172.in-addr.arpa
+  - print.foo.sh
+
 firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22]}
   - {proto: tcp, port: 53, from: [172.20.24.0/24]}

playbooks/dna-gw.yml

@@ -144,19 +144,6 @@
       tags: certificates
       notify: Restart unbound
 
-    - name: Copy DNS zone files
-      ansible.builtin.copy:
-        dest: "/var/unbound/db/{{ item }}"
-        src: "/srv/dns/{{ item }}"
-        mode: "0644"
-        owner: root
-        group: "{{ ansible_wheel }}"
-      tags: dns
-      notify: Restart unbound
-      with_items:
-        - 20.172.in-addr.arpa
-        - home.foo.sh
-
     - name: Import unbound role
       ansible.builtin.import_role:
         name: unbound

playbooks/frigate.yml

@@ -35,19 +35,6 @@
     - name: Run handlers to get interfaces configured
       ansible.builtin.meta: flush_handlers
 
-    - name: Copy DNS zone files
-      ansible.builtin.copy:
-        dest: "/var/lib/unbound/{{ item }}"
-        src: "/srv/dns/{{ item }}"
-        mode: "0644"
-        owner: root
-        group: "{{ ansible_wheel }}"
-      tags: dns
-      notify: Restart unbound
-      with_items:
-        - 26.20.172.in-addr.arpa
-        - cam.foo.sh
-
     - name: Include unbound role
       ansible.builtin.import_role:
         name: unbound

playbooks/nms.yml

@@ -46,19 +46,6 @@
       vars:
         relay_domains: [foo.sh]
 
-    - name: Copy DNS zone files
-      ansible.builtin.copy:
-        dest: "/var/lib/unbound/{{ item }}"
-        src: "/srv/dns/{{ item }}"
-        mode: "0644"
-        owner: root
-        group: "{{ ansible_wheel }}"
-      tags: dns
-      notify: Restart unbound
-      with_items:
-        - 25.20.172.in-addr.arpa
-        - oob.foo.sh
-
     - name: Import unbound role
       ansible.builtin.import_role:
         name: unbound

playbooks/print.yml

@@ -25,19 +25,6 @@
       ansible.builtin.import_role:
         name: dhcpd
 
-    - name: Copy DNS zone files
-      ansible.builtin.copy:
-        dest: "/var/lib/unbound/{{ item }}"
-        src: "/srv/dns/{{ item }}"
-        mode: "0644"
-        owner: root
-        group: "{{ ansible_wheel }}"
-      tags: dns
-      notify: Restart unbound
-      with_items:
-        - 24.20.172.in-addr.arpa
-        - print.foo.sh
-
     - name: Install unbound role
       ansible.builtin.import_role:
         name: unbound

roles/unbound/tasks/main.yml

@@ -15,6 +15,17 @@
     creates: "{{ unbound_control_key }}"
   notify: Restart unbound
 
+- name: Copy zone files
+  ansible.builtin.copy:
+    dest: "{{ unbound_zonedir }}/{{ item }}"
+    src: "/srv/dns/{{ item }}"
+    mode: "0644"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  with_items: "{{ unbound_zones }}"
+  notify: Restart unbound
+  when: unbound_zones is defined
+
 - name: Copy config
   ansible.builtin.template:
     dest: "{{ unbound_conf }}"

roles/unbound/vars/OpenBSD.yml

@@ -1,3 +1,4 @@
 ---
 unbound_conf: /var/unbound/etc/unbound.conf
 unbound_control_key: /var/unbound/etc/unbound_control.key
+unbound_zonedir: /var/unbound/db

roles/unbound/vars/RedHat.yml

@@ -1,3 +1,4 @@
 ---
 unbound_conf: /etc/unbound/unbound.conf
 unbound_control_key: /etc/unbound/unbound_control.key
+unbound_zonedir: /var/lib/unbound