unbound: configure unbound-control

This commit is contained in:
Yohaï-Eliel BERREBY 2020-04-28 20:21:47 +02:00
parent bac131791b
commit b4482b6d3b
2 changed files with 46 additions and 0 deletions

View file

@ -17,6 +17,29 @@
update_cache: true update_cache: true
name: unbound name: unbound
state: present state: present
register: unbound_install
- name: check if unbound-control certificate exists
stat:
path: /etc/unbound/unbound_control.pem
register: ubc_control_pem
- name: check if unbound server certificate exists
stat:
path: /etc/unbound/unbound_server.pem
register: ubc_server_pem
- name: run unbound-control-setup if a certificate is missing
command: unbound-control-setup
become: yes
when: ubc_control_pem.stat.exists == False or ubc_server_pem.stat.exists == False
- name: add unbound-control configuration
template:
src: unbound-control.conf.j2
dest: /etc/unbound/unbound.conf.d/unbound-control.conf
mode: 0644
- name: setup main unbound config file - name: setup main unbound config file
template: template:

View file

@ -0,0 +1,23 @@
remote-control:
# Enable remote control with unbound-control(8) here.
# set up the keys and certificates with unbound-control-setup.
control-enable: yes
# what interfaces are listened to for remote control.
# give 0.0.0.0 and ::0 to listen to all interfaces.
control-interface: 127.0.0.1
# port number for remote control operations.
control-port: 8953
# unbound server key file.
server-key-file: "/etc/unbound/unbound_server.key"
# unbound server certificate file.
server-cert-file: "/etc/unbound/unbound_server.pem"
# unbound-control key file.
control-key-file: "/etc/unbound/unbound_control.key"
# unbound-control certificate file.
control-cert-file: "/etc/unbound/unbound_control.pem"