From 786b7f8549208ab4e016d4366180988d7360f7df Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Thu, 25 Mar 2021 17:41:25 +0000
Subject: [PATCH] Add unbound to nms hosts

---
 group_vars/nms.yml              |  2 ++
 host_vars/nms01.home.foo.sh.yml |  2 ++
 host_vars/nms02.home.foo.sh.yml |  2 ++
 playbooks/nms.yml               | 15 +++++++++++++++
 4 files changed, 21 insertions(+)

diff --git a/group_vars/nms.yml b/group_vars/nms.yml
index 33851b3..a100060 100644
--- a/group_vars/nms.yml
+++ b/group_vars/nms.yml
@@ -13,6 +13,8 @@ network_vip_interfaces:
 firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22]}
   - {proto: tcp, port: 25, from: [172.20.25.0/24]}
+  - {proto: tcp, port: 53, from: [172.20.25.0/24]}
+  - {proto: udp, port: 53, from: [172.20.25.0/24]}
   - {proto: udp, port: 69, from: [172.20.25.0/24]}
   - {proto: udp, port: 123, from: [172.20.25.0/24]}
   - {proto: udp, port: 514, from: [172.20.25.0/24]}
diff --git a/host_vars/nms01.home.foo.sh.yml b/host_vars/nms01.home.foo.sh.yml
index f265c1e..a644173 100644
--- a/host_vars/nms01.home.foo.sh.yml
+++ b/host_vars/nms01.home.foo.sh.yml
@@ -4,11 +4,13 @@ network_interfaces:
   - device: eth0
     vlan: 20
     mac: "52:54:00:ac:dc:43"
+    nameservers: []
   - device: eth1
     vlan: 25
     ipaddr: 172.20.25.2
     netmask: 255.255.255.0
     proto: static
+    nameservers: [172.20.25.1, 172.20.25.2, 172.20.25.3]
   - device: eth2
     vlan: 103
     ipaddr: 192.168.100.2
diff --git a/host_vars/nms02.home.foo.sh.yml b/host_vars/nms02.home.foo.sh.yml
index dbebdc0..4e1a686 100644
--- a/host_vars/nms02.home.foo.sh.yml
+++ b/host_vars/nms02.home.foo.sh.yml
@@ -4,11 +4,13 @@ network_interfaces:
   - device: eth0
     vlan: 20
     mac: "52:54:00:ac:dc:44"
+    nameservers: []
   - device: eth1
     vlan: 25
     ipaddr: 172.20.25.3
     netmask: 255.255.255.0
     proto: static
+    nameservers: [172.20.25.1, 172.20.25.2, 172.20.25.3]
   - device: eth2
     vlan: 103
     ipaddr: 192.168.100.3
diff --git a/playbooks/nms.yml b/playbooks/nms.yml
index decff99..a28ab1f 100644
--- a/playbooks/nms.yml
+++ b/playbooks/nms.yml
@@ -36,6 +36,20 @@
       vars:
         relay_domains: [foo.sh]
 
+    - name: copy dns zone files
+      copy:
+        dest: "/var/lib/unbound/{{ item }}"
+        src: "/srv/dns/{{ item }}"
+        mode: 0644
+        owner: root
+        group: "{{ ansible_wheel }}"
+      notify: restart unbound
+      with_items:
+        - 25.20.172.in-addr.arpa
+        - oob.foo.sh
+    - import_role:
+        name: unbound
+
     # convert this to role for restart support
     - name: enable ntp server for oob network
       lineinfile:
@@ -55,3 +69,4 @@
         - sslscan
         - unzip
         - wget
+        state: installed