roles/unbound/tasks/main.yml

   1 # install
   2 - name: install unbound
   3   apt: name=unbound state=latest
   4 # configure
   5 - name: configure unbound
   6   register: unbound_config
   7   copy:
   8     dest: /etc/unbound/unbound.conf.d/listen.conf
   9     src: files/listen.conf
  10 - name: configure systemd (create dir)
  11   file: path=/etc/systemd/system/unbound.service.d state=directory
  12 - name: configure systemd (tweak unbound)
  13   register: unbound_systemd
  14   copy:
  15     dest: /etc/systemd/system/unbound.service.d/override.conf
  16     src: files/unbound.service.override
  17 - name: reload systemd
  18   when: unbound_systemd.changed
  19   command: systemctl daemon-reload
  20 - name: restart unbound
  21   # not a handler to make sure it succeeds before we go touch system DNS
  22   when: unbound_config.changed
  23   service: name=unbound state=restarted enabled=yes
  24 # use as system DNS
  25 - name: detect DHCP client
  26   stat: path=/etc/dhcp/dhclient.conf
  27   register: dhclient
  28 - name: configure DHCP
  29   when: dhclient.stat.exists == True
  30   copy:
  31     dest: /etc/dhcp/dhclient.conf
  32     src: files/dhclient.conf
  33 - name: configure system DNS
  34   copy:
  35     dest: "{{ item }}"
  36     content: "nameserver 127.0.0.2\noptions trust-ad\noptions edns0\n"
  37   loop:
  38   - /etc/resolv.conf.unbound
  39   - /etc/resolv.conf
  40 # some providers need extra hacks to make our DNS persistent
  41 - name: install DNS-fix cronjob
  42   template:
  43     dest: /etc/cron.hourly/fix-dns
  44     src: templates/fix-dns
  45     mode: +x