72 lines
1.6 KiB
YAML
72 lines
1.6 KiB
YAML
- name: "Ensure systemd-resolved is stopped and disabled"
|
|
ansible.builtin.service:
|
|
name: systemd-resolved
|
|
enabled: false
|
|
state: stopped
|
|
when:
|
|
- "'systemd-resolved' in ansible_facts.packages"
|
|
tags:
|
|
- systemd-resolved_disable
|
|
|
|
- name: "Install DNS - unbound server"
|
|
become: true
|
|
ansible.builtin.package:
|
|
name: unbound
|
|
state: latest
|
|
tags:
|
|
- unbound_install
|
|
|
|
- name: "Configure DNS - remote control"
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: "etc/unbound/unbound.conf.d/remote.conf"
|
|
dest: "/etc/unbound/unbound.conf.d/remote.conf"
|
|
mode: '0644'
|
|
owner: root
|
|
group: root
|
|
validate: "unbound-checkconf %s"
|
|
notify: restart unbound
|
|
when:
|
|
- false
|
|
tags:
|
|
- unbound_configure
|
|
|
|
- name: "Configure DNS - zone '{{ domain_name }}'"
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: "etc/unbound/unbound.conf.d/fai.conf"
|
|
dest: "/etc/unbound/unbound.conf.d/fai.conf"
|
|
mode: '0644'
|
|
owner: root
|
|
group: root
|
|
validate: "unbound-checkconf %s"
|
|
notify: restart unbound
|
|
tags:
|
|
- unbound_configure
|
|
|
|
- name: "Configure DNS - disable IPv6 to avoid trouble with vagrant"
|
|
become: true
|
|
ansible.builtin.copy:
|
|
content: |
|
|
server:
|
|
### DISABLE BIND TO IPV6 TO AVOID TROUBLE WITH VAGRANT
|
|
do-ip6: no
|
|
dest: "/etc/unbound/unbound.conf.d/ipv6_disabled.conf"
|
|
mode: '0644'
|
|
owner: root
|
|
group: root
|
|
validate: "unbound-checkconf %s"
|
|
notify: restart unbound
|
|
tags:
|
|
- unbound_configure
|
|
|
|
- name: "Start and enable unbound"
|
|
become: true
|
|
ansible.builtin.service:
|
|
name: unbound
|
|
enabled: true
|
|
state: started
|
|
tags:
|
|
- unbound_enable
|
|
|