unbound: Initial version of role

2021-03-25 17:38:21 +00:00 · 2021-03-25 17:38:21 +00:00 · c41495066b
commit c41495066b
parent 1efe20a55c
5 changed files with 105 additions and 0 deletions
--- a/roles/unbound/files/unbound.conf.nms01.home.foo.sh
+++ b/roles/unbound/files/unbound.conf.nms01.home.foo.sh
@ -0,0 +1,35 @@
+
+server:
+    interface: 0.0.0.0
+    interface: ::0
+
+    access-control: 127.0.0.0/8 allow
+    access-control: ::1 allow
+    access-control: 172.20.25.1/32 allow
+    access-control: 172.20.25.2/32 allow
+    access-control: 172.20.25.3/32 allow
+    access-control: 172.20.25.0/24 refuse_non_local
+
+    hide-identity: yes
+    hide-version: yes
+
+    chroot: ""
+
+    unblock-lan-zones: yes
+
+remote-control:
+    control-enable: yes
+    control-interface: /var/run/unbound.sock
+
+forward-zone:
+    name: "."
+    forward-addr: 172.20.20.10
+    forward-addr: 172.20.21.1
+    forward-addr: 172.20.21.2
+
+auth-zone:
+    name: "oob.foo.sh"
+    zonefile: "/var/lib/unbound/oob.foo.sh"
+auth-zone:
+    name: "25.20.172.in-addr.arpa"
+    zonefile: "/var/lib/unbound/25.20.172.in-addr.arpa"
--- a/roles/unbound/files/unbound.conf.nms02.home.foo.sh
+++ b/roles/unbound/files/unbound.conf.nms02.home.foo.sh
@ -0,0 +1 @@
+unbound.conf.nms01.home.foo.sh
--- a/roles/unbound/files/unbound.conf.print01.home.foo.sh
+++ b/roles/unbound/files/unbound.conf.print01.home.foo.sh
@ -0,0 +1,35 @@
+
+server:
+    interface: 0.0.0.0
+    interface: ::0
+
+    access-control: 127.0.0.0/8 allow
+    access-control: ::1 allow
+    access-control: 172.20.24.1/32 allow
+    access-control: 172.20.24.2/32 allow
+    access-control: 172.20.24.3/32 allow
+    access-control: 172.20.24.0/24 refuse_non_local
+
+    hide-identity: yes
+    hide-version: yes
+
+    chroot: ""
+
+    unblock-lan-zones: yes
+
+remote-control:
+    control-enable: yes
+    control-interface: /var/run/unbound.sock
+
+forward-zone:
+    name: "."
+    forward-addr: 172.20.20.10
+    forward-addr: 172.20.21.1
+    forward-addr: 172.20.21.2
+
+auth-zone:
+    name: "print.foo.sh"
+    zonefile: "/var/lib/unbound/print.foo.sh"
+auth-zone:
+    name: "24.20.172.in-addr.arpa"
+    zonefile: "/var/lib/unbound/24.20.172.in-addr.arpa"
--- a/roles/unbound/handlers/main.yml
+++ b/roles/unbound/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: restart unbound
+  service:
+    name: unbound
+    state: restarted
--- a/roles/unbound/tasks/main.yml
+++ b/roles/unbound/tasks/main.yml
@ -0,0 +1,29 @@
+---
+- name: install packages
+  package:
+    name: unbound
+    state: installed
+  when: ansible_os_family != "OpenBSD"
+
+- name: create control keys
+  command:
+    argv:
+      - unbound-control-setup
+    creates: /etc/unbound/unbound_control.key
+  notify: restart unbound
+
+- name: copy config
+  copy:
+    dest: /etc/unbound/unbound.conf
+    src: "unbound.conf.{{ inventory_hostname }}"
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+    validate: "unbound-checkconf %s"
+  notify: restart unbound
+
+- name: enable service
+  service:
+    name: unbound
+    state: started
+    enabled: true