ansible/roles/unbound/tasks/main.yml

---

# This is used to let unbound bind to the right IP addresses.
- name: set dns_host_suffix (main)
  set_fact:
    dns_host_suffix: "{{ dns_host_suffix_main }}"
  when: "'backup' not in inventory_hostname"

- name: set dns_host_suffix (backup)
  set_fact:
    dns_host_suffix: "{{ dns_host_suffix_backup }}"
  when: "'backup' in inventory_hostname"


- name: install unbound
  apt:
    update_cache: true
    name: unbound
    state: present
  register: unbound_install

- name: ensure unbound log directory exists
  file:
    path: /var/log/unbound
    state: directory
    mode: '0755'
    owner: unbound
    group: unbound
  notify: restart unbound

- name: add unbound-control configuration
  template:
    src: unbound-control.conf.j2
    dest: /etc/unbound/unbound.conf.d/unbound-control.conf
    mode: 0644
  notify: restart unbound

- name: setup main unbound config file
  template:
    src: unbound.conf.j2
    dest: /etc/unbound/unbound.conf
    mode: 0644
  notify: restart unbound


- name: ask apparmor to allow unbound to write to log file
  template:
    src: unbound-apparmor-config
    dest: /etc/apparmor.d/local/usr.sbin.unbound
    mode: '0644'
  notify: read unbound apparmor config

- name: setup unbound log rotation
  template:
    src: unbound-logrotate.j2
    dest: /etc/logrotate.d/unbound
    mode: 0644

- name: setup recursive DNS server config
  template:
    src: recursive.conf.j2
    dest: /etc/unbound/unbound.conf.d/recursive.conf
    mode: 0644
  notify: restart unbound
unbound: initial deployment 2020-04-13 16:35:09 +02:00			`---`

unbound: bind to the right addresses on backup hosts 2020-04-18 16:52:13 +02:00			`# This is used to let unbound bind to the right IP addresses.`
unbound: name set_fact tasks 2020-04-18 17:36:25 +02:00			`- name: set dns_host_suffix (main)`
			`set_fact:`
unbound: bind to the right addresses on backup hosts 2020-04-18 16:52:13 +02:00			`dns_host_suffix: "{{ dns_host_suffix_main }}"`
hosts: remove dhcp and recursive_dns groups Use patterns instead for now. 2020-05-09 10:15:28 +02:00			`when: "'backup' not in inventory_hostname"`
unbound: bind to the right addresses on backup hosts 2020-04-18 16:52:13 +02:00
unbound: name set_fact tasks 2020-04-18 17:36:25 +02:00			`- name: set dns_host_suffix (backup)`
			`set_fact:`
unbound: bind to the right addresses on backup hosts 2020-04-18 16:52:13 +02:00			`dns_host_suffix: "{{ dns_host_suffix_backup }}"`
hosts: remove dhcp and recursive_dns groups Use patterns instead for now. 2020-05-09 10:15:28 +02:00			`when: "'backup' in inventory_hostname"`
unbound: bind to the right addresses on backup hosts 2020-04-18 16:52:13 +02:00

unbound: initial deployment 2020-04-13 16:35:09 +02:00			`- name: install unbound`
			`apt:`
			`update_cache: true`
			`name: unbound`
			`state: present`
unbound: configure unbound-control 2020-04-28 20:21:47 +02:00			`register: unbound_install`

unbound: change task order Seems to be necessary to restart unbound manually for some reason?... 2020-05-07 18:49:31 +02:00			`- name: ensure unbound log directory exists`
			`file:`
			`path: /var/log/unbound`
			`state: directory`
			`mode: '0755'`
			`owner: unbound`
			`group: unbound`
			`notify: restart unbound`

unbound: configure unbound-control 2020-04-28 20:21:47 +02:00			`- name: add unbound-control configuration`
			`template:`
			`src: unbound-control.conf.j2`
			`dest: /etc/unbound/unbound.conf.d/unbound-control.conf`
			`mode: 0644`
unbound: use handlers Only restart unbound if the configuration was actually updated. 2020-05-02 16:43:44 +02:00			`notify: restart unbound`
unbound: initial deployment 2020-04-13 16:35:09 +02:00
			`- name: setup main unbound config file`
			`template:`
			`src: unbound.conf.j2`
			`dest: /etc/unbound/unbound.conf`
			`mode: 0644`
unbound: use handlers Only restart unbound if the configuration was actually updated. 2020-05-02 16:43:44 +02:00			`notify: restart unbound`
unbound: initial deployment 2020-04-13 16:35:09 +02:00
unbound: smarter logging - stop using journald, write to /var/log/unbound/ - set up frequent log rotation for the huge log files we are producing 2020-05-02 16:49:33 +02:00
			`- name: ask apparmor to allow unbound to write to log file`
			`template:`
			`src: unbound-apparmor-config`
			`dest: /etc/apparmor.d/local/usr.sbin.unbound`
			`mode: '0644'`
			`notify: read unbound apparmor config`

			`- name: setup unbound log rotation`
			`template:`
			`src: unbound-logrotate.j2`
			`dest: /etc/logrotate.d/unbound`
			`mode: 0644`

unbound: initial deployment 2020-04-13 16:35:09 +02:00			`- name: setup recursive DNS server config`
			`template:`
			`src: recursive.conf.j2`
			`dest: /etc/unbound/unbound.conf.d/recursive.conf`
			`mode: 0644`
unbound: use handlers Only restart unbound if the configuration was actually updated. 2020-05-02 16:43:44 +02:00			`notify: restart unbound`