Use built-in roles and move /etc/resolv.conf replacement into tasks

2020-05-16 22:10:28 +02:00 · 2020-05-16 22:10:28 +02:00 · fa51f71e57
parent 7e4eba3ac9
commit fa51f71e57
3 changed files with 21 additions and 54 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,18 +1,3 @@
- name: Reload unbound
-  systemd:
-        name: unbound
-        state: reloaded
- name: Enable unbound
-  systemd:
-        name: unbound
-        enabled: yes
-        state: restarted
-        daemon_reload: yes
- name: Set unbound as default dns
-  replace:
-        path: /etc/resolv.conf
-        regexp: "^nameserver.*$"
-        replace: "nameserver 127.0.0.1"
 - name: Disable systemd-resolved
  systemd:
        name: systemd-resolved
@ -21,8 +6,3 @@
  notify:
        - Enable unbound
        - Set unbound as default dns
- name: Save netfilter rules
-  command:
-        argv:
-                - '/usr/sbin/netfilter-persistent'
-                - 'save'
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,13 +1,3 @@
- name: Install Unbound
-  apt:
-        install_recommends: no
-        name: unbound
-        state: present
-        cache_valid_time: 3600
-  notify: Disable systemd-resolved
-  tags:
-        - setup
-        - packages
 - name: Copy configuration files
  loop:
        - internal.conf
@ -16,30 +6,16 @@
  template:
        follow: yes
        src: '{{ item }}.j2'
-        dest: /etc/unbound/{{ item }}
-  notify:
-        - Reload unbound
+        dest: "/etc/unbound/{{ item }}"
+  notify: Run service actions
  tags:
-        - update
+        - config
        - unbound
- name: Allow Unbound through iptables
-  loop:
-        - { ipv: 'ipv4', proto: 'tcp' }
-        - { ipv: 'ipv6', proto: 'tcp' }
-        - { ipv: 'ipv4', proto: 'udp' }
-        - { ipv: 'ipv6', proto: 'udp' }
-  iptables:
-        chain: INPUT
-        ctstate:
-                - NEW
-                - ESTABLISHED
-                - RELATED
-        destination_port: "53"
-        jump: ACCEPT
-        ip_version: '{{ item.ipv }}'
-        protocol: '{{ item.proto }}'
-  notify:
-        - Save netfilter rules
+- name: Set unbound as default dns
+  replace:
+        path: /etc/resolv.conf
+        regexp: "^nameserver.*$"
+        replace: "nameserver 127.0.0.1"
  tags:
-        - update
-        - firewall
+        - config
+        - unbound
--- a/vars/main.yml
+++ b/vars/main.yml
@ -0,0 +1,11 @@
+firewall:
+        - { port: 53, ipv: "v4", proto: "tcp" }
+        - { port: 53, ipv: "v4", proto: "udp" }
+        - { port: 53, ipv: "v6", proto: "tcp" }
+        - { port: 53, ipv: "v6", proto: "udp" }
+systemd:
+        services:
+                - { name: "systemd-resolved", state: stopped }
+                - { name: "unbound", enabled: true, state: reloaded }
+apt_packages:
+        - { package: "unbound", state: present }