ansible-dns/tasks/main.yml

- name: Copy configuration files
  copy:
        follow: yes
        src: '{{ role_path }}/files/'
        dest: /etc/unbound/
  notify:
        - Reload unbound
  tags:
        - update
        - unbound
- name: Install Unbound
  apt:
        install_recommends: no
        name: unbound
        state: present
        cache_valid_time: 3600
  notify: Disable systemd-resolved
  tags:
        - setup
        - packages
- name: Allow Unbound through iptables
  loop:
        - { ipv: 'ipv4', proto: 'tcp' }
        - { ipv: 'ipv6', proto: 'tcp' }
        - { ipv: 'ipv4', proto: 'udp' }
        - { ipv: 'ipv6', proto: 'udp' }
  iptables:
        chain: INPUT
        ctstate:
                - NEW
                - ESTABLISHED
                - RELATED
        destination_port: "53"
        jump: ACCEPT
        ip_version: '{{ item.ipv }}'
        protocol: '{{ item.proto }}'
  notify:
        - Save netfilter rules
  tags:
        - update
        - firewall
Initial commit 2020-04-02 17:48:34 +00:00			`- name: Copy configuration files`
			`copy:`
			`follow: yes`
Set records and use role path 2020-04-09 16:31:42 +00:00			`src: '{{ role_path }}/files/'`
Initial commit 2020-04-02 17:48:34 +00:00			`dest: /etc/unbound/`
			`notify:`
Add notifies for trigger reloads and early service discovery/resolution example 2020-04-03 20:59:07 +00:00			`- Reload unbound`
Add tags, use templating for public dns and add (now empty) ip list 2020-04-10 14:09:26 +00:00			`tags:`
			`- update`
			`- unbound`
Add default nameserver setting, disabling resolved, copying configuration files first, disable cyberia dns temporarily, enable control, remove max cache, set default port to 53 and change hints and anchor paths 2020-04-07 20:01:27 +00:00			`- name: Install Unbound`
			`apt:`
			`install_recommends: no`
			`name: unbound`
			`state: present`
			`cache_valid_time: 3600`
			`notify: Disable systemd-resolved`
Add tags, use templating for public dns and add (now empty) ip list 2020-04-10 14:09:26 +00:00			`tags:`
			`- setup`
			`- packages`
Improved firewall loop 2020-04-14 20:51:57 +00:00			`- name: Allow Unbound through iptables`
Add iptables rules and run install check conditionally 2020-04-08 01:31:07 +00:00			`loop:`
Improved firewall loop 2020-04-14 20:51:57 +00:00			`- { ipv: 'ipv4', proto: 'tcp' }`
			`- { ipv: 'ipv6', proto: 'tcp' }`
			`- { ipv: 'ipv4', proto: 'udp' }`
			`- { ipv: 'ipv6', proto: 'udp' }`
Add iptables rules and run install check conditionally 2020-04-08 01:31:07 +00:00			`iptables:`
Improved firewall loop 2020-04-14 20:51:57 +00:00			`chain: INPUT`
			`ctstate:`
			`- NEW`
			`- ESTABLISHED`
			`- RELATED`
			`destination_port: "53"`
			`jump: ACCEPT`
			`ip_version: '{{ item.ipv }}'`
			`protocol: '{{ item.proto }}'`
Add iptables rules and run install check conditionally 2020-04-08 01:31:07 +00:00			`notify:`
Improved firewall loop 2020-04-14 20:51:57 +00:00			`- Save netfilter rules`
Add tags, use templating for public dns and add (now empty) ip list 2020-04-10 14:09:26 +00:00			`tags:`
			`- update`
			`- firewall`