blob: ec6f123e0fd54585c5e4884ed9a4e726a02375fe (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
---
- name: "template out configs"
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
loop:
- src: unbound.conf.j2
dest: /var/unbound/etc/unbound.conf
- src: resolv.conf.j2
dest: /etc/resolv.conf.j2
- src: hostname.vether0.j2
dest: /etc/hostname.vether0
# we need a separate virtual network interface for binding the dns resolver to since ocserv doesn't creates tunnel interface for each separate connected client, it does not create a primary interface
# unbound will fail if there's nonexisting interface in config
- name: "create vether0 interface"
ansible.builtin.shell: "sh /etc/netstart vether0"
when: inventory_hostname in (groups['ocserv']|default([])) + (groups['all_vpns']|default([]))
- name: "setup log file"
ansible.builtin.file:
path: /var/log/unbound.log
state: touch
mode: "0600"
# pure convenience
- name: "obsd : dns : symlink it to /etc"
ansible.builtin.file:
src: /var/unbound/etc/unbound.conf
dest: /etc/unbound.conf
state: link
- name: "obsd : dns : not exists. generate..."
ansible.builtin.command: /usr/sbin/unbound-anchor -a /var/unbound/db/root.key
args:
creates: /var/unbound/db/root.key
failed_when: false
- name: "obsd : dns : get root hints"
ansible.builtin.command: ftp -o /var/unbound/etc/root.hints https://www.internic.net/domain/named.root
args:
creates: /var/unbound/db/root.key
notify:
- restart_unbound
|
