make unbound its own role

[ansible.git] / roles / unbound / tasks / main.yml

diff --git a/roles/unbound/tasks/main.yml b/roles/unbound/tasks/main.yml
new file mode 100644 (file)
index 0000000..c53cecb
--- /dev/null
+++ b/roles/unbound/tasks/main.yml
@@ -0,0 +1,36 @@
+# install
+- name: install unbound
+  apt: name=unbound state=latest
+# configure
+- name: configure unbound
+  register: unbound_config
+  copy:
+    dest: /etc/unbound/unbound.conf.d/listen.conf
+    src: files/listen.conf
+- name: configure systemd (create dir)
+  file: path=/etc/systemd/system/unbound.service.d state=directory
+- name: configure systemd (tweak unbound)
+  register: unbound_systemd
+  copy:
+    dest: /etc/systemd/system/unbound.service.d/override.conf
+    src: files/unbound.service.override
+- name: reload systemd
+  when: unbound_systemd.changed
+  command: systemctl daemon-reload
+- name: restart unbound
+  # not a handler to make sure it succeeds before we go touch system DNS
+  when: unbound_config.changed
+  service: name=unbound state=restarted enabled=yes
+# use as system DNS
+- name: detect DHCP client
+  stat: path=/etc/dhcp/dhclient.conf
+  register: dhclient
+- name: configure DHCP
+  when: dhclient.stat.exists == True
+  copy:
+    dest: /etc/dhcp/dhclient.conf
+    src: files/dhclient.conf
+- name: configure system DNS
+  copy:
+    dest: /etc/resolv.conf
+    content: "nameserver 127.0.0.2\n"