unbound: configure unbound-control
This commit is contained in:
parent
bac131791b
commit
b4482b6d3b
2 changed files with 46 additions and 0 deletions
|
@ -17,6 +17,29 @@
|
||||||
update_cache: true
|
update_cache: true
|
||||||
name: unbound
|
name: unbound
|
||||||
state: present
|
state: present
|
||||||
|
register: unbound_install
|
||||||
|
|
||||||
|
- name: check if unbound-control certificate exists
|
||||||
|
stat:
|
||||||
|
path: /etc/unbound/unbound_control.pem
|
||||||
|
register: ubc_control_pem
|
||||||
|
|
||||||
|
|
||||||
|
- name: check if unbound server certificate exists
|
||||||
|
stat:
|
||||||
|
path: /etc/unbound/unbound_server.pem
|
||||||
|
register: ubc_server_pem
|
||||||
|
|
||||||
|
- name: run unbound-control-setup if a certificate is missing
|
||||||
|
command: unbound-control-setup
|
||||||
|
become: yes
|
||||||
|
when: ubc_control_pem.stat.exists == False or ubc_server_pem.stat.exists == False
|
||||||
|
|
||||||
|
- name: add unbound-control configuration
|
||||||
|
template:
|
||||||
|
src: unbound-control.conf.j2
|
||||||
|
dest: /etc/unbound/unbound.conf.d/unbound-control.conf
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
- name: setup main unbound config file
|
- name: setup main unbound config file
|
||||||
template:
|
template:
|
||||||
|
|
23
roles/unbound/templates/unbound-control.conf.j2
Normal file
23
roles/unbound/templates/unbound-control.conf.j2
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
remote-control:
|
||||||
|
# Enable remote control with unbound-control(8) here.
|
||||||
|
# set up the keys and certificates with unbound-control-setup.
|
||||||
|
control-enable: yes
|
||||||
|
|
||||||
|
# what interfaces are listened to for remote control.
|
||||||
|
# give 0.0.0.0 and ::0 to listen to all interfaces.
|
||||||
|
control-interface: 127.0.0.1
|
||||||
|
|
||||||
|
# port number for remote control operations.
|
||||||
|
control-port: 8953
|
||||||
|
|
||||||
|
# unbound server key file.
|
||||||
|
server-key-file: "/etc/unbound/unbound_server.key"
|
||||||
|
|
||||||
|
# unbound server certificate file.
|
||||||
|
server-cert-file: "/etc/unbound/unbound_server.pem"
|
||||||
|
|
||||||
|
# unbound-control key file.
|
||||||
|
control-key-file: "/etc/unbound/unbound_control.key"
|
||||||
|
|
||||||
|
# unbound-control certificate file.
|
||||||
|
control-cert-file: "/etc/unbound/unbound_control.pem"
|
Loading…
Reference in a new issue