letsencrypt now generates certificates that include the chain
[ansible.git] / roles / unbound / tasks / main.yml
1 # install
2 - name: install unbound
3   apt: name=unbound state=latest
4 # configure
5 - name: configure unbound
6   register: unbound_config
7   copy:
8     dest: /etc/unbound/unbound.conf.d/listen.conf
9     src: files/listen.conf
10 - name: configure systemd (create dir)
11   file: path=/etc/systemd/system/unbound.service.d state=directory
12 - name: configure systemd (tweak unbound)
13   register: unbound_systemd
14   copy:
15     dest: /etc/systemd/system/unbound.service.d/override.conf
16     src: files/unbound.service.override
17 - name: reload systemd
18   when: unbound_systemd.changed
19   command: systemctl daemon-reload
20 - name: restart unbound
21   # not a handler to make sure it succeeds before we go touch system DNS
22   when: unbound_config.changed
23   service: name=unbound state=restarted enabled=yes
24 # use as system DNS
25 - name: detect DHCP client
26   stat: path=/etc/dhcp/dhclient.conf
27   register: dhclient
28 - name: configure DHCP
29   when: dhclient.stat.exists == True
30   copy:
31     dest: /etc/dhcp/dhclient.conf
32     src: files/dhclient.conf
33 - name: configure system DNS
34   copy:
35     dest: /etc/resolv.conf
36     content: "nameserver 127.0.0.2\n"
37 # some providers need extra hacks to make our DNS persistent
38 - name: install DNS-fix cronjob
39   template:
40     dest: /etc/cron.hourly/fix-dns
41     src: templates/fix-dns
42     mode: +x