imfreedom/ansible

create a role for unbound

2021-11-23, Gary Kramlich
8cd603b36ce7
Parents 844d93849280
Children 328311faa7fc
create a role for unbound
5 files changed, 43 insertions(+), 4 deletions(-)
  • +2 -0
    roles/mail/meta/main.yaml
  • +10 -4
    roles/mail/tasks/main.yaml
  • +8 -0
    roles/unbound/files/unbound.conf
  • +5 -0
    roles/unbound/handlers/main.yaml
  • +18 -0
    roles/unbound/tasks/main.yaml
    • --- a/roles/mail/meta/main.yaml Tue Nov 23 02:31:27 2021 -0600
    +++ b/roles/mail/meta/main.yaml Tue Nov 23 03:27:35 2021 -0600
    @@ -1,3 +1,5 @@
    +---
    dependencies:
    - common
    - apache2
    + - rspamd
    --- a/roles/mail/tasks/main.yaml Tue Nov 23 02:31:27 2021 -0600
    +++ b/roles/mail/tasks/main.yaml Tue Nov 23 03:27:35 2021 -0600
    @@ -7,6 +7,14 @@
    - "mail"
    tags:
    - "always"
    +- include_tasks: "certbot.yaml"
    + args:
    + apply:
    + tags:
    + - "certbot"
    + - "mail"
    + tags:
    + - "always"
    - include_tasks: "dovecot.yaml"
    args:
    apply:
    @@ -15,11 +23,9 @@
    - "mail"
    tags:
    - "always"
    -- include_tasks: "certbot.yaml"
    +- include_tasks: "mailman.yaml"
    args:
    apply:
    tags:
    - "mail"
    - - "certbot"
    - tags:
    - - "always"
    + - "mailman"
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/roles/unbound/files/unbound.conf Tue Nov 23 03:27:35 2021 -0600
    @@ -0,0 +1,8 @@
    +server:
    + interface: 127.0.0.1
    + interface: ::1
    + access-control: 127.0.0.0/8 allow
    + access-control: ::1/128 allow
    +
    +remote-control:
    + control-enable: no
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/roles/unbound/handlers/main.yaml Tue Nov 23 03:27:35 2021 -0600
    @@ -0,0 +1,5 @@
    +---
    +- name: "reload unbound"
    + systemd:
    + name: "unbound"
    + state: "reloaded"
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/roles/unbound/tasks/main.yaml Tue Nov 23 03:27:35 2021 -0600
    @@ -0,0 +1,18 @@
    +---
    +- name: "debian install"
    + apt:
    + name: "unbound"
    + state: "present"
    + cache_valid_time: 3600
    + force_apt_get: "yes"
    + when: ansible_facts['os_family'] == "Debian"
    + tags:
    + - "unbound"
    +- name: "install config"
    + copy:
    + src: "unbound.conf"
    + dest: "/etc/unbound/unbound.conf"
    + mode: 0644
    + notify:
    + - "reload unbound"
    +- meta: flush_handlers