diff --git a/roles/unbound/tasks/main.yml b/roles/unbound/tasks/main.yml index 6b116cd..7374281 100644 --- a/roles/unbound/tasks/main.yml +++ b/roles/unbound/tasks/main.yml @@ -19,22 +19,6 @@ state: present register: unbound_install -- name: check if unbound-control certificate exists - stat: - path: /etc/unbound/unbound_control.pem - register: ubc_control_pem - - -- name: check if unbound server certificate exists - stat: - path: /etc/unbound/unbound_server.pem - register: ubc_server_pem - -- name: run unbound-control-setup if a certificate is missing - command: unbound-control-setup - become: yes - when: ubc_control_pem.stat.exists == False or ubc_server_pem.stat.exists == False - - name: add unbound-control configuration template: src: unbound-control.conf.j2 diff --git a/roles/unbound/templates/unbound-control.conf.j2 b/roles/unbound/templates/unbound-control.conf.j2 index edaa6c2..a3ba77a 100644 --- a/roles/unbound/templates/unbound-control.conf.j2 +++ b/roles/unbound/templates/unbound-control.conf.j2 @@ -10,14 +10,6 @@ remote-control: # port number for remote control operations. control-port: 8953 - # unbound server key file. - server-key-file: "/etc/unbound/unbound_server.key" - - # unbound server certificate file. - server-cert-file: "/etc/unbound/unbound_server.pem" - - # unbound-control key file. - control-key-file: "/etc/unbound/unbound_control.key" - - # unbound-control certificate file. - control-cert-file: "/etc/unbound/unbound_control.pem" + # Disable the use of certificates for unbound-control. + # It's only listening locally, there's no need for the added complexity. + control-use-cert: "no"