ansible-install-server/roles/fai/tasks/unbound.yml

- name: "Ensure systemd-resolved is stopped and disabled"
  ansible.builtin.service:
    name: systemd-resolved
    enabled: false
    state: stopped
  when:
    - "'systemd-resolved' in ansible_facts.packages"
  tags:
    - systemd-resolved_disable

- name: "Install DNS - unbound server"
  become: true
  ansible.builtin.package:
    name: unbound
    state: latest
  tags:
    - unbound_install

- name: "Configure DNS - remote control"
  become: true
  ansible.builtin.template:
    src: "etc/unbound/unbound.conf.d/remote.conf"
    dest: "/etc/unbound/unbound.conf.d/remote.conf"
    mode: '0644'
    owner: root
    group: root
    validate: "unbound-checkconf %s"
  notify: restart unbound
  when:
    - false
  tags:
    - unbound_configure

- name: "Configure DNS - zone '{{ domain_name }}'"
  become: true
  ansible.builtin.template:
    src: "etc/unbound/unbound.conf.d/fai.conf"
    dest: "/etc/unbound/unbound.conf.d/fai.conf"
    mode: '0644'
    owner: root
    group: root
    validate: "unbound-checkconf %s"
  notify: restart unbound
  tags:
    - unbound_configure

- name: "Configure DNS - disable IPv6 to avoid trouble with vagrant"
  become: true
  ansible.builtin.copy:
    content: |
      server:
        ### DISABLE BIND TO IPV6 TO AVOID TROUBLE WITH VAGRANT
        do-ip6: no
    dest: "/etc/unbound/unbound.conf.d/ipv6_disabled.conf"
    mode: '0644'
    owner: root
    group: root
    validate: "unbound-checkconf %s"
  notify: restart unbound
  tags:
    - unbound_configure

- name: "Start and enable unbound"
  become: true
  ansible.builtin.service:
    name: unbound
    enabled: true
    state: started
  tags:
    - unbound_enable
Mayor refactoring 2022-12-07 13:52:06 +00:00			`- name: "Ensure systemd-resolved is stopped and disabled"`
Fix typo 2022-12-10 18:58:32 +00:00			`ansible.builtin.service:`
Mayor refactoring 2022-12-07 13:52:06 +00:00			`name: systemd-resolved`
			`enabled: false`
			`state: stopped`
			`when:`
			`- "'systemd-resolved' in ansible_facts.packages"`
Sastify ansible-lint 2022-12-07 22:46:27 +00:00			`tags:`
			`- systemd-resolved_disable`
Mayor refactoring 2022-12-07 13:52:06 +00:00
			`- name: "Install DNS - unbound server"`
			`become: true`
Touch anything * Add quoting * Use fully qualified community names (FQCNs) * Use quoted octal unix-permissions * Replace module "synchronize" with "copy" * Add and fix names to tasks and handlers 2022-05-01 20:31:20 +00:00			`ansible.builtin.package:`
Initial 2020-08-26 10:10:36 +00:00			`name: unbound`
Mayor refactoring 2022-12-07 13:52:06 +00:00			`state: latest`
			`tags:`
			`- unbound_install`

			`- name: "Configure DNS - remote control"`
			`become: true`
			`ansible.builtin.template:`
			`src: "etc/unbound/unbound.conf.d/remote.conf"`
			`dest: "/etc/unbound/unbound.conf.d/remote.conf"`
			`mode: '0644'`
			`owner: root`
			`group: root`
			`validate: "unbound-checkconf %s"`
			`notify: restart unbound`
			`when:`
			`- false`
Sastify ansible-lint 2022-12-07 22:46:27 +00:00			`tags:`
			`- unbound_configure`
Mayor refactoring 2022-12-07 13:52:06 +00:00
			`- name: "Configure DNS - zone '{{ domain_name }}'"`
			`become: true`
			`ansible.builtin.template:`
			`src: "etc/unbound/unbound.conf.d/fai.conf"`
			`dest: "/etc/unbound/unbound.conf.d/fai.conf"`
			`mode: '0644'`
			`owner: root`
			`group: root`
			`validate: "unbound-checkconf %s"`
			`notify: restart unbound`
			`tags:`
			`- unbound_configure`
Initial 2020-08-26 10:10:36 +00:00
Mayor refactoring 2022-12-07 13:52:06 +00:00			`- name: "Configure DNS - disable IPv6 to avoid trouble with vagrant"`
			`become: true`
Touch anything * Add quoting * Use fully qualified community names (FQCNs) * Use quoted octal unix-permissions * Replace module "synchronize" with "copy" * Add and fix names to tasks and handlers 2022-05-01 20:31:20 +00:00			`ansible.builtin.copy:`
Initial 2020-08-26 10:10:36 +00:00			`content: \|`
			`server:`
Mayor refactoring 2022-12-07 13:52:06 +00:00			`### DISABLE BIND TO IPV6 TO AVOID TROUBLE WITH VAGRANT`
			`do-ip6: no`
			`dest: "/etc/unbound/unbound.conf.d/ipv6_disabled.conf"`
Touch anything * Add quoting * Use fully qualified community names (FQCNs) * Use quoted octal unix-permissions * Replace module "synchronize" with "copy" * Add and fix names to tasks and handlers 2022-05-01 20:31:20 +00:00			`mode: '0644'`
Initial 2020-08-26 10:10:36 +00:00			`owner: root`
			`group: root`
Mayor refactoring 2022-12-07 13:52:06 +00:00			`validate: "unbound-checkconf %s"`
			`notify: restart unbound`
			`tags:`
			`- unbound_configure`
Initial 2020-08-26 10:10:36 +00:00
Mayor refactoring 2022-12-07 13:52:06 +00:00			`- name: "Start and enable unbound"`
			`become: true`
Touch anything * Add quoting * Use fully qualified community names (FQCNs) * Use quoted octal unix-permissions * Replace module "synchronize" with "copy" * Add and fix names to tasks and handlers 2022-05-01 20:31:20 +00:00			`ansible.builtin.service:`
Some extensions - add offline mode - removed wan config - add apt.faiserver.lan domain to unbound - website apt.faiserver.lan in nginx to point to apt-cacher apt-repo 2020-10-08 18:17:01 +00:00			`name: unbound`
			`enabled: true`
Mayor refactoring 2022-12-07 13:52:06 +00:00			`state: started`
			`tags:`
			`- unbound_enable`