add unbound and more tools

diff --git a/base.yml b/base.yml
index cfc12e5208dac929d769c06e74379a1ab25b3a8b..e43f77a58a2cc8e0586cd865d4733ec0112788ba 100644 (file)
--- a/base.yml
+++ b/base.yml
@@ -18,7 +18,7 @@
   - name: install needrestart (from backports)
     apt: name=needrestart state=latest default_release={{ansible_distribution_release}}-backports
   - name: install some basic tools
   - name: install needrestart (from backports)
     apt: name=needrestart state=latest default_release={{ansible_distribution_release}}-backports
   - name: install some basic tools

-    apt: name=aptitude,rsync,git,mercurial,curl,apt-transport-https,psmisc state=latest
+    apt: name=aptitude,rsync,git,mercurial,curl,apt-transport-https,psmisc,dnsutils,tree,htop state=latest

   # server-scripts
   - name: clone server-scripts git repository
     git:
   # server-scripts
   - name: clone server-scripts git repository
     git:

diff --git a/roles/postfix/files/unbound/listen.conf b/roles/postfix/files/unbound/listen.conf
new file mode 100644 (file)
index 0000000..99b0f29
--- /dev/null
+++ b/roles/postfix/files/unbound/listen.conf
@@ -0,0 +1,3 @@
+server:
+    # listen next to a possibly-also-running BIND
+    interface: 127.0.0.2

diff --git a/roles/postfix/handlers/main.yml b/roles/postfix/handlers/main.yml
index d0865b951e9cb0d13eb0668974451c184e0e38af..47e0daf494a89b9d4cda217c6adeeba3a49c3aa4 100644 (file)
--- a/roles/postfix/handlers/main.yml
+++ b/roles/postfix/handlers/main.yml
@@ -2,3 +2,5 @@
   service: name=opendkim state=restarted enabled=yes
 - name: postfix
   service: name=postfix state=restarted enabled=yes
   service: name=opendkim state=restarted enabled=yes
 - name: postfix
   service: name=postfix state=restarted enabled=yes

+- name: unbound
+  service: name=unbound state=restarted enabled=yes

diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml
index f71486e77c66edef061cb4175d04f713eed9d2a2..45eb9ee4999e564feba774254dc70bc6b2cc6adf 100644 (file)
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -4,6 +4,8 @@
   args:
     creates: "{{ postfix.paths.dh2048 }}"
 # daemons
   args:
     creates: "{{ postfix.paths.dh2048 }}"
 # daemons

+- import_tasks: unbound.yml
+  tags: unbound

 - import_tasks: opendkim.yml
   tags: opendkim
   when: postfix.opendkim is defined
 - import_tasks: opendkim.yml
   tags: opendkim
   when: postfix.opendkim is defined

diff --git a/roles/postfix/tasks/unbound.yml b/roles/postfix/tasks/unbound.yml
new file mode 100644 (file)
index 0000000..2a91a80
--- /dev/null
+++ b/roles/postfix/tasks/unbound.yml
@@ -0,0 +1,17 @@
+# install
+- name: install unbound
+  apt: name=unbound state=latest
+# configure
+- name: configure unbound
+  copy:
+    dest: /etc/unbound/unbound.conf.d/listen.conf
+    src: files/unbound/listen.conf
+  register: unbound_config
+- name: restart unbound
+  # not a handler to make sure it succeeds before we go touch system DNS
+  when: unbound_config.changed
+  service: name=unbound state=restarted enabled=yes
+- name: configure system DNS
+  copy:
+    dest: /etc/resolv.conf
+    content: "nameserver 127.0.0.2\n"