unbound: Change static configs to templates

2021-09-29 18:38:23 +00:00 · 2021-09-29 18:38:23 +00:00 · 581484d207
commit 581484d207
parent d7baae9aea
8 changed files with 3 additions and 3 deletions
--- a/roles/unbound/templates/unbound.conf.dna-gw01.home.foo.sh.j2
+++ b/roles/unbound/templates/unbound.conf.dna-gw01.home.foo.sh.j2
@ -0,0 +1,28 @@
+
+server:
+    interface: 127.0.0.1
+    interface: ::1
+    interface: 172.20.20.10
+    interface: 172.20.21.1
+
+
+    access-control: 127.0.0.0/8 allow
+    access-control: ::1 allow
+    access-control: 172.20.20.0/22 allow
+
+    hide-identity: yes
+    hide-version: yes
+
+    prefetch: yes
+    unblock-lan-zones: yes
+
+remote-control:
+    control-enable: yes
+    control-interface: /var/run/unbound.sock
+
+auth-zone:
+    name: "home.foo.sh"
+    zonefile: "/var/unbound/db/home.foo.sh"
+auth-zone:
+    name: "20.172.in-addr.arpa"
+    zonefile: "/var/unbound/db/20.172.in-addr.arpa"
--- a/roles/unbound/templates/unbound.conf.dna-gw02.home.foo.sh.j2
+++ b/roles/unbound/templates/unbound.conf.dna-gw02.home.foo.sh.j2
@ -0,0 +1,28 @@
+
+server:
+    interface: 127.0.0.1
+    interface: ::1
+    interface: 172.20.20.10
+    interface: 172.20.21.2
+
+
+    access-control: 127.0.0.0/8 allow
+    access-control: ::1 allow
+    access-control: 172.20.20.0/22 allow
+
+    hide-identity: yes
+    hide-version: yes
+
+    prefetch: yes
+    unblock-lan-zones: yes
+
+remote-control:
+    control-enable: yes
+    control-interface: /var/run/unbound.sock
+
+auth-zone:
+    name: "home.foo.sh"
+    zonefile: "/var/unbound/db/home.foo.sh"
+auth-zone:
+    name: "20.172.in-addr.arpa"
+    zonefile: "/var/unbound/db/20.172.in-addr.arpa"
--- a/roles/unbound/templates/unbound.conf.nms01.home.foo.sh.j2
+++ b/roles/unbound/templates/unbound.conf.nms01.home.foo.sh.j2
@ -0,0 +1,35 @@
+
+server:
+    interface: 0.0.0.0
+    interface: ::0
+
+    access-control: 127.0.0.0/8 allow
+    access-control: ::1 allow
+    access-control: 172.20.25.1/32 allow
+    access-control: 172.20.25.2/32 allow
+    access-control: 172.20.25.3/32 allow
+    access-control: 172.20.25.0/24 refuse_non_local
+
+    hide-identity: yes
+    hide-version: yes
+
+    chroot: ""
+
+    unblock-lan-zones: yes
+
+remote-control:
+    control-enable: yes
+    control-interface: /var/run/unbound.sock
+
+forward-zone:
+    name: "."
+    forward-addr: 172.20.20.10
+    forward-addr: 172.20.21.1
+    forward-addr: 172.20.21.2
+
+auth-zone:
+    name: "oob.foo.sh"
+    zonefile: "/var/lib/unbound/oob.foo.sh"
+auth-zone:
+    name: "25.20.172.in-addr.arpa"
+    zonefile: "/var/lib/unbound/25.20.172.in-addr.arpa"
--- a/roles/unbound/templates/unbound.conf.nms02.home.foo.sh.j2
+++ b/roles/unbound/templates/unbound.conf.nms02.home.foo.sh.j2
@ -0,0 +1 @@
+unbound.conf.nms01.home.foo.sh.j2
--- a/roles/unbound/templates/unbound.conf.print01.home.foo.sh.j2
+++ b/roles/unbound/templates/unbound.conf.print01.home.foo.sh.j2
@ -0,0 +1,35 @@
+
+server:
+    interface: 0.0.0.0
+    interface: ::0
+
+    access-control: 127.0.0.0/8 allow
+    access-control: ::1 allow
+    access-control: 172.20.24.1/32 allow
+    access-control: 172.20.24.2/32 allow
+    access-control: 172.20.24.3/32 allow
+    access-control: 172.20.24.0/24 refuse_non_local
+
+    hide-identity: yes
+    hide-version: yes
+
+    chroot: ""
+
+    unblock-lan-zones: yes
+
+remote-control:
+    control-enable: yes
+    control-interface: /var/run/unbound.sock
+
+forward-zone:
+    name: "."
+    forward-addr: 172.20.20.10
+    forward-addr: 172.20.21.1
+    forward-addr: 172.20.21.2
+
+auth-zone:
+    name: "print.foo.sh"
+    zonefile: "/var/lib/unbound/print.foo.sh"
+auth-zone:
+    name: "24.20.172.in-addr.arpa"
+    zonefile: "/var/lib/unbound/24.20.172.in-addr.arpa"
--- a/roles/unbound/templates/unbound.conf.zm02.home.foo.sh.j2
+++ b/roles/unbound/templates/unbound.conf.zm02.home.foo.sh.j2
@ -0,0 +1,35 @@
+
+server:
+    interface: 0.0.0.0
+    interface: ::0
+
+    access-control: 127.0.0.0/8 allow
+    access-control: ::1 allow
+    access-control: 172.20.26.1/32 allow
+    access-control: 172.20.26.2/32 allow
+    access-control: 172.20.26.3/32 allow
+    access-control: 172.20.26.0/24 refuse_non_local
+
+    hide-identity: yes
+    hide-version: yes
+
+    chroot: ""
+
+    unblock-lan-zones: yes
+
+remote-control:
+    control-enable: yes
+    control-interface: /var/run/unbound.sock
+
+forward-zone:
+    name: "."
+    forward-addr: 172.20.20.10
+    forward-addr: 172.20.21.1
+    forward-addr: 172.20.21.2
+
+auth-zone:
+    name: "cam.foo.sh"
+    zonefile: "/var/lib/unbound/cam.foo.sh"
+auth-zone:
+    name: "26.20.172.in-addr.arpa"
+    zonefile: "/var/lib/unbound/26.20.172.in-addr.arpa"