add unbound and more tools
authorRalf Jung <post@ralfj.de>
Sun, 15 Apr 2018 16:26:57 +0000 (18:26 +0200)
committerRalf Jung <post@ralfj.de>
Sun, 15 Apr 2018 16:27:40 +0000 (18:27 +0200)
base.yml
roles/postfix/files/unbound/listen.conf [new file with mode: 0644]
roles/postfix/handlers/main.yml
roles/postfix/tasks/main.yml
roles/postfix/tasks/unbound.yml [new file with mode: 0644]

index cfc12e5..e43f77a 100644 (file)
--- a/base.yml
+++ b/base.yml
@@ -18,7 +18,7 @@
   - name: install needrestart (from backports)
     apt: name=needrestart state=latest default_release={{ansible_distribution_release}}-backports
   - name: install some basic tools
-    apt: name=aptitude,rsync,git,mercurial,curl,apt-transport-https,psmisc state=latest
+    apt: name=aptitude,rsync,git,mercurial,curl,apt-transport-https,psmisc,dnsutils,tree,htop state=latest
   # server-scripts
   - name: clone server-scripts git repository
     git:
diff --git a/roles/postfix/files/unbound/listen.conf b/roles/postfix/files/unbound/listen.conf
new file mode 100644 (file)
index 0000000..99b0f29
--- /dev/null
@@ -0,0 +1,3 @@
+server:
+    # listen next to a possibly-also-running BIND
+    interface: 127.0.0.2
index d0865b9..47e0daf 100644 (file)
@@ -2,3 +2,5 @@
   service: name=opendkim state=restarted enabled=yes
 - name: postfix
   service: name=postfix state=restarted enabled=yes
+- name: unbound
+  service: name=unbound state=restarted enabled=yes
index f71486e..45eb9ee 100644 (file)
@@ -4,6 +4,8 @@
   args:
     creates: "{{ postfix.paths.dh2048 }}"
 # daemons
+- import_tasks: unbound.yml
+  tags: unbound
 - import_tasks: opendkim.yml
   tags: opendkim
   when: postfix.opendkim is defined
diff --git a/roles/postfix/tasks/unbound.yml b/roles/postfix/tasks/unbound.yml
new file mode 100644 (file)
index 0000000..2a91a80
--- /dev/null
@@ -0,0 +1,17 @@
+# install
+- name: install unbound
+  apt: name=unbound state=latest
+# configure
+- name: configure unbound
+  copy:
+    dest: /etc/unbound/unbound.conf.d/listen.conf
+    src: files/unbound/listen.conf
+  register: unbound_config
+- name: restart unbound
+  # not a handler to make sure it succeeds before we go touch system DNS
+  when: unbound_config.changed
+  service: name=unbound state=restarted enabled=yes
+- name: configure system DNS
+  copy:
+    dest: /etc/resolv.conf
+    content: "nameserver 127.0.0.2\n"