From: Ralf Jung Date: Sun, 15 Apr 2018 16:26:57 +0000 (+0200) Subject: add unbound and more tools X-Git-Url: https://git.ralfj.de/ansible.git/commitdiff_plain/a85ed6da38d67a4817a98bcfbe6be1f951284d0b?ds=inline add unbound and more tools --- diff --git a/base.yml b/base.yml index cfc12e5..e43f77a 100644 --- a/base.yml +++ b/base.yml @@ -18,7 +18,7 @@ - name: install needrestart (from backports) apt: name=needrestart state=latest default_release={{ansible_distribution_release}}-backports - name: install some basic tools - apt: name=aptitude,rsync,git,mercurial,curl,apt-transport-https,psmisc state=latest + apt: name=aptitude,rsync,git,mercurial,curl,apt-transport-https,psmisc,dnsutils,tree,htop state=latest # server-scripts - name: clone server-scripts git repository git: diff --git a/roles/postfix/files/unbound/listen.conf b/roles/postfix/files/unbound/listen.conf new file mode 100644 index 0000000..99b0f29 --- /dev/null +++ b/roles/postfix/files/unbound/listen.conf @@ -0,0 +1,3 @@ +server: + # listen next to a possibly-also-running BIND + interface: 127.0.0.2 diff --git a/roles/postfix/handlers/main.yml b/roles/postfix/handlers/main.yml index d0865b9..47e0daf 100644 --- a/roles/postfix/handlers/main.yml +++ b/roles/postfix/handlers/main.yml @@ -2,3 +2,5 @@ service: name=opendkim state=restarted enabled=yes - name: postfix service: name=postfix state=restarted enabled=yes +- name: unbound + service: name=unbound state=restarted enabled=yes diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml index f71486e..45eb9ee 100644 --- a/roles/postfix/tasks/main.yml +++ b/roles/postfix/tasks/main.yml @@ -4,6 +4,8 @@ args: creates: "{{ postfix.paths.dh2048 }}" # daemons +- import_tasks: unbound.yml + tags: unbound - import_tasks: opendkim.yml tags: opendkim when: postfix.opendkim is defined diff --git a/roles/postfix/tasks/unbound.yml b/roles/postfix/tasks/unbound.yml new file mode 100644 index 0000000..2a91a80 --- /dev/null +++ b/roles/postfix/tasks/unbound.yml @@ -0,0 +1,17 @@ +# install +- name: install unbound + apt: name=unbound state=latest +# configure +- name: configure unbound + copy: + dest: /etc/unbound/unbound.conf.d/listen.conf + src: files/unbound/listen.conf + register: unbound_config +- name: restart unbound + # not a handler to make sure it succeeds before we go touch system DNS + when: unbound_config.changed + service: name=unbound state=restarted enabled=yes +- name: configure system DNS + copy: + dest: /etc/resolv.conf + content: "nameserver 127.0.0.2\n"