Move nms host roles to adm hosts

2025-07-12 13:18:18 +00:00 · 2025-07-12 13:18:18 +00:00 · fe5444052b
commit fe5444052b
parent 4c32ae71da
6 changed files with 140 additions and 1 deletions
--- a/roles/unbound/templates/unbound.conf.oob.j2
+++ b/roles/unbound/templates/unbound.conf.oob.j2
@ -0,0 +1,38 @@
+
+server:
+    interface: eth1
+
+    access-control: 127.0.0.0/8 allow
+    access-control: ::1 allow
+    access-control: 172.20.25.1/32 allow
+    access-control: 172.20.25.2/32 allow
+    access-control: 172.20.25.3/32 allow
+    access-control: 172.20.25.0/24 refuse_non_local
+
+    extended-statistics: yes
+
+    hide-identity: yes
+    hide-version: yes
+
+    tls-upstream: yes
+    tls-cert-bundle: {{ tls_bundle }}
+
+    chroot: ""
+
+    unblock-lan-zones: yes
+
+remote-control:
+    control-enable: yes
+    control-interface: /var/run/unbound.sock
+
+forward-zone:
+    name: "."
+    forward-addr: 172.20.20.10@853#dns.home.foo.sh
+    forward-addr: 172.20.20.11@853#dns.home.foo.sh
+    forward-addr: 172.20.20.12@853#dns.home.foo.sh
+
+{% for zone in unbound_zones %}
+auth-zone:
+    name: "{{ zone }}"
+    zonefile: "{{ unbound_zonedir }}/{{ zone }}"
+{% endfor %}