Timo Makinen
964e841c1d
Currently unbound_exporter doesn't support TLS connections so proxy connections through stunnel.
60 lines
1.4 KiB
YAML
60 lines
1.4 KiB
YAML
---
|
|
- name: Install packages
|
|
ansible.builtin.package:
|
|
name: "{{ item }}"
|
|
state: installed
|
|
with_items:
|
|
- stunnel
|
|
- unbound_exporter
|
|
|
|
- name: Add user to hostkey group
|
|
ansible.builtin.user:
|
|
name: _unboundexporter
|
|
groups: hostkey
|
|
append: true
|
|
create_home: false
|
|
notify: Restart unbound_exporter_stunnel
|
|
|
|
- name: Create config directory
|
|
ansible.builtin.file:
|
|
path: /etc/unbound_exporter
|
|
state: directory
|
|
mode: "0755"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: Create stunnel config
|
|
ansible.builtin.template:
|
|
dest: /etc/unbound_exporter/stunnel.conf
|
|
src: stunnel.conf.j2
|
|
mode: "0644"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: Restart unbound_exporter_stunnel
|
|
|
|
- name: Enable service
|
|
ansible.builtin.service:
|
|
name: unbound_exporter
|
|
state: started
|
|
enabled: true
|
|
arguments: >-
|
|
-unbound.ca
|
|
-unbound.cert
|
|
-unbound.host unix:///var/run/unbound.sock
|
|
-web.listen-address 127.0.0.1:9167
|
|
notify: Restart unbound_exporter
|
|
|
|
- name: Create stunnel service config
|
|
ansible.builtin.copy:
|
|
dest: /etc/rc.d/unbound_exporter_stunnel
|
|
src: unbound_exporter_stunnel.sh
|
|
mode: "0755"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: Restart unbound_exporter_stunnel
|
|
|
|
- name: Enable stunnel service
|
|
ansible.builtin.service:
|
|
name: unbound_exporter_stunnel
|
|
state: started
|
|
enabled: true
|