From f3d9e52f7e51f3f267deb28edc5d41b6829508cc Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Sat, 15 Feb 2025 17:16:17 +0000 Subject: [PATCH] Fix install order on dna-gw hosts --- playbooks/dna-gw.yml | 90 +++++++++++++++++++------------------------- 1 file changed, 38 insertions(+), 52 deletions(-) diff --git a/playbooks/dna-gw.yml b/playbooks/dna-gw.yml index 7a8e99b..17cb310 100644 --- a/playbooks/dna-gw.yml +++ b/playbooks/dna-gw.yml @@ -14,7 +14,6 @@ roles: - base - - ifstated - dhcpd - nginx - role: nginx_site @@ -23,23 +22,6 @@ - websockify tasks: - - name: Use configured dns servers and domain name - ansible.builtin.copy: - dest: /etc/dhcpleased.conf - content: | - interface vio1 { - ignore dns - } - mode: "0644" - owner: root - group: "{{ ansible_wheel }}" - - - name: Disable resolvd - ansible.builtin.service: - name: resolvd - state: stopped - enabled: false - - name: Enable ip forwarding ansible.posix.sysctl: name: "{{ item }}" @@ -52,6 +34,44 @@ - name: Run handlers to get interfaces configured ansible.builtin.meta: flush_handlers + - name: Import ifstated role + ansible.builtin.import_role: + name: ifstated + + - name: Copy DNS private key + ansible.builtin.copy: + dest: "{{ tls_private }}/dns.home.foo.sh.key" + src: "{{ item }}" + mode: "0600" + owner: root + group: "{{ ansible_wheel }}" + with_first_found: + - /srv/letsencrypt/live/dns.home.foo.sh/privkey.pem + - "/srv/ca/private/{{ inventory_hostname }}.key" + tags: certificates + notify: Restart unbound + + - name: Copy DNS certificate and ca cert + ansible.builtin.copy: + dest: "{{ tls_certs }}/dns.home.foo.sh.crt" + src: "{{ item }}" + mode: "0644" + owner: root + group: "{{ ansible_wheel }}" + with_first_found: + - /srv/letsencrypt/live/dns.home.foo.sh/fullchain.pem + - "/srv/ca/certs/hosts/{{ inventory_hostname }}.crt" + tags: certificates + notify: Restart unbound + + - name: Import unbound role + ansible.builtin.import_role: + name: unbound + + - name: Import unbound_exporter role + ansible.builtin.import_role: + name: unbound_exporter + - name: Create tftp boot directories ansible.builtin.file: path: /srv/tftpboot/etc @@ -120,37 +140,3 @@ owner: root group: "{{ ansible_wheel }}" notify: Restart nginx - - - name: Copy DNS private key - ansible.builtin.copy: - dest: "{{ tls_private }}/dns.home.foo.sh.key" - src: "{{ item }}" - mode: "0600" - owner: root - group: "{{ ansible_wheel }}" - with_first_found: - - /srv/letsencrypt/live/dns.home.foo.sh/privkey.pem - - "/srv/ca/private/{{ inventory_hostname }}.key" - tags: certificates - notify: Restart unbound - - - name: Copy DNS certificate and ca cert - ansible.builtin.copy: - dest: "{{ tls_certs }}/dns.home.foo.sh.crt" - src: "{{ item }}" - mode: "0644" - owner: root - group: "{{ ansible_wheel }}" - with_first_found: - - /srv/letsencrypt/live/dns.home.foo.sh/fullchain.pem - - "/srv/ca/certs/hosts/{{ inventory_hostname }}.crt" - tags: certificates - notify: Restart unbound - - - name: Import unbound role - ansible.builtin.import_role: - name: unbound - - - name: Import unbound_exporter role - ansible.builtin.import_role: - name: unbound_exporter