unbound: Initial version of role
This commit is contained in:
parent
1efe20a55c
commit
c41495066b
5 changed files with 105 additions and 0 deletions
35
roles/unbound/files/unbound.conf.nms01.home.foo.sh
Normal file
35
roles/unbound/files/unbound.conf.nms01.home.foo.sh
Normal file
|
|
@ -0,0 +1,35 @@
|
||||||
|
|
||||||
|
server:
|
||||||
|
interface: 0.0.0.0
|
||||||
|
interface: ::0
|
||||||
|
|
||||||
|
access-control: 127.0.0.0/8 allow
|
||||||
|
access-control: ::1 allow
|
||||||
|
access-control: 172.20.25.1/32 allow
|
||||||
|
access-control: 172.20.25.2/32 allow
|
||||||
|
access-control: 172.20.25.3/32 allow
|
||||||
|
access-control: 172.20.25.0/24 refuse_non_local
|
||||||
|
|
||||||
|
hide-identity: yes
|
||||||
|
hide-version: yes
|
||||||
|
|
||||||
|
chroot: ""
|
||||||
|
|
||||||
|
unblock-lan-zones: yes
|
||||||
|
|
||||||
|
remote-control:
|
||||||
|
control-enable: yes
|
||||||
|
control-interface: /var/run/unbound.sock
|
||||||
|
|
||||||
|
forward-zone:
|
||||||
|
name: "."
|
||||||
|
forward-addr: 172.20.20.10
|
||||||
|
forward-addr: 172.20.21.1
|
||||||
|
forward-addr: 172.20.21.2
|
||||||
|
|
||||||
|
auth-zone:
|
||||||
|
name: "oob.foo.sh"
|
||||||
|
zonefile: "/var/lib/unbound/oob.foo.sh"
|
||||||
|
auth-zone:
|
||||||
|
name: "25.20.172.in-addr.arpa"
|
||||||
|
zonefile: "/var/lib/unbound/25.20.172.in-addr.arpa"
|
||||||
1
roles/unbound/files/unbound.conf.nms02.home.foo.sh
Symbolic link
1
roles/unbound/files/unbound.conf.nms02.home.foo.sh
Symbolic link
|
|
@ -0,0 +1 @@
|
||||||
|
unbound.conf.nms01.home.foo.sh
|
||||||
35
roles/unbound/files/unbound.conf.print01.home.foo.sh
Normal file
35
roles/unbound/files/unbound.conf.print01.home.foo.sh
Normal file
|
|
@ -0,0 +1,35 @@
|
||||||
|
|
||||||
|
server:
|
||||||
|
interface: 0.0.0.0
|
||||||
|
interface: ::0
|
||||||
|
|
||||||
|
access-control: 127.0.0.0/8 allow
|
||||||
|
access-control: ::1 allow
|
||||||
|
access-control: 172.20.24.1/32 allow
|
||||||
|
access-control: 172.20.24.2/32 allow
|
||||||
|
access-control: 172.20.24.3/32 allow
|
||||||
|
access-control: 172.20.24.0/24 refuse_non_local
|
||||||
|
|
||||||
|
hide-identity: yes
|
||||||
|
hide-version: yes
|
||||||
|
|
||||||
|
chroot: ""
|
||||||
|
|
||||||
|
unblock-lan-zones: yes
|
||||||
|
|
||||||
|
remote-control:
|
||||||
|
control-enable: yes
|
||||||
|
control-interface: /var/run/unbound.sock
|
||||||
|
|
||||||
|
forward-zone:
|
||||||
|
name: "."
|
||||||
|
forward-addr: 172.20.20.10
|
||||||
|
forward-addr: 172.20.21.1
|
||||||
|
forward-addr: 172.20.21.2
|
||||||
|
|
||||||
|
auth-zone:
|
||||||
|
name: "print.foo.sh"
|
||||||
|
zonefile: "/var/lib/unbound/print.foo.sh"
|
||||||
|
auth-zone:
|
||||||
|
name: "24.20.172.in-addr.arpa"
|
||||||
|
zonefile: "/var/lib/unbound/24.20.172.in-addr.arpa"
|
||||||
5
roles/unbound/handlers/main.yml
Normal file
5
roles/unbound/handlers/main.yml
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: restart unbound
|
||||||
|
service:
|
||||||
|
name: unbound
|
||||||
|
state: restarted
|
||||||
29
roles/unbound/tasks/main.yml
Normal file
29
roles/unbound/tasks/main.yml
Normal file
|
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
- name: install packages
|
||||||
|
package:
|
||||||
|
name: unbound
|
||||||
|
state: installed
|
||||||
|
when: ansible_os_family != "OpenBSD"
|
||||||
|
|
||||||
|
- name: create control keys
|
||||||
|
command:
|
||||||
|
argv:
|
||||||
|
- unbound-control-setup
|
||||||
|
creates: /etc/unbound/unbound_control.key
|
||||||
|
notify: restart unbound
|
||||||
|
|
||||||
|
- name: copy config
|
||||||
|
copy:
|
||||||
|
dest: /etc/unbound/unbound.conf
|
||||||
|
src: "unbound.conf.{{ inventory_hostname }}"
|
||||||
|
mode: 0644
|
||||||
|
owner: root
|
||||||
|
group: "{{ ansible_wheel }}"
|
||||||
|
validate: "unbound-checkconf %s"
|
||||||
|
notify: restart unbound
|
||||||
|
|
||||||
|
- name: enable service
|
||||||
|
service:
|
||||||
|
name: unbound
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
Loading…
Add table
Reference in a new issue