- name: install needrestart (from backports)
apt: name=needrestart state=latest default_release={{ansible_distribution_release}}-backports
- name: install some basic tools
- apt: name=aptitude,rsync,git,mercurial,curl,apt-transport-https,psmisc state=latest
+ apt: name=aptitude,rsync,git,mercurial,curl,apt-transport-https,psmisc,dnsutils,tree,htop state=latest
# server-scripts
- name: clone server-scripts git repository
git:
--- /dev/null
+server:
+ # listen next to a possibly-also-running BIND
+ interface: 127.0.0.2
service: name=opendkim state=restarted enabled=yes
- name: postfix
service: name=postfix state=restarted enabled=yes
+- name: unbound
+ service: name=unbound state=restarted enabled=yes
args:
creates: "{{ postfix.paths.dh2048 }}"
# daemons
+- import_tasks: unbound.yml
+ tags: unbound
- import_tasks: opendkim.yml
tags: opendkim
when: postfix.opendkim is defined
--- /dev/null
+# install
+- name: install unbound
+ apt: name=unbound state=latest
+# configure
+- name: configure unbound
+ copy:
+ dest: /etc/unbound/unbound.conf.d/listen.conf
+ src: files/unbound/listen.conf
+ register: unbound_config
+- name: restart unbound
+ # not a handler to make sure it succeeds before we go touch system DNS
+ when: unbound_config.changed
+ service: name=unbound state=restarted enabled=yes
+- name: configure system DNS
+ copy:
+ dest: /etc/resolv.conf
+ content: "nameserver 127.0.0.2\n"
projects / ansible.git / commitdiff