78 lines
1.8 KiB
YAML
78 lines
1.8 KiB
YAML
---
|
|
# Unbound DNS Server Playbook
|
|
#
|
|
# Usage: ansible-playbook -i inventory.ini playbooks/dns.yml
|
|
#
|
|
# Configures Unbound as a recursive resolver with local DNS records
|
|
# for the Nebula overlay network.
|
|
|
|
- name: Setup Unbound DNS Server
|
|
hosts: dns
|
|
become: true
|
|
tasks:
|
|
- name: Install unbound and bind-tools
|
|
community.general.pacman:
|
|
name:
|
|
- unbound
|
|
- bind # provides dig for verification
|
|
state: present
|
|
|
|
- name: Create unbound config directory
|
|
file:
|
|
path: /etc/unbound
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: '0755'
|
|
|
|
- name: Deploy main unbound configuration
|
|
template:
|
|
src: ../templates/unbound.conf.j2
|
|
dest: /etc/unbound/unbound.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
notify: Restart unbound
|
|
|
|
- name: Deploy local zones configuration
|
|
template:
|
|
src: ../templates/unbound-local-zones.conf.j2
|
|
dest: /etc/unbound/local-zones.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
notify: Restart unbound
|
|
|
|
- name: Deploy unbound systemd service
|
|
template:
|
|
src: ../templates/unbound.service.j2
|
|
dest: /etc/systemd/system/unbound.service
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
notify:
|
|
- Reload systemd
|
|
- Restart unbound
|
|
|
|
- name: Enable and start unbound
|
|
systemd:
|
|
name: unbound
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Verify unbound is responding
|
|
command: dig @127.0.0.1 dns.nebula +short
|
|
register: dns_test
|
|
changed_when: false
|
|
failed_when: dns_test.stdout != hostvars['dns']['nebula_ip']
|
|
|
|
handlers:
|
|
- name: Reload systemd
|
|
systemd:
|
|
daemon_reload: true
|
|
|
|
- name: Restart unbound
|
|
systemd:
|
|
name: unbound
|
|
state: restarted
|