diff --git a/groups_vars/all b/groups_vars/all new file mode 100644 index 0000000..a47a9a4 --- /dev/null +++ b/groups_vars/all @@ -0,0 +1 @@ +snmpd_conf: /etc/snmp/snmpd.conf \ No newline at end of file diff --git a/roles/database/tasks/configure_snmpd.yml b/roles/database/tasks/configure_snmpd.yml index c76685d..a260fba 100644 --- a/roles/database/tasks/configure_snmpd.yml +++ b/roles/database/tasks/configure_snmpd.yml @@ -44,7 +44,7 @@ - name: database | snmpd | configure extend lineinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" state: present line: "extend postgres /usr/bin/sudo -u postgres /etc/snmp/postgres" insertafter: "# SECTION: Extends" @@ -53,7 +53,7 @@ - name: database | snmpd | configure extend lineinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" state: present line: "extend mysql /etc/snmp/mysql" insertafter: "# SECTION: Extends" diff --git a/roles/nameserver/tasks/configure_bind_snmpd.yml b/roles/nameserver/tasks/configure_bind_snmpd.yml index a795ef6..7598c79 100644 --- a/roles/nameserver/tasks/configure_bind_snmpd.yml +++ b/roles/nameserver/tasks/configure_bind_snmpd.yml @@ -28,16 +28,16 @@ - name: nameserver | snmpd | configure named for statistics lineinfile: - path: "/etc/bind/named.conf.options" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). + path: "{{ named_conf_options }}" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). state: present line: 'statistics-file "/var/cache/bind/stats"; zone-statistics yes;' - insertafter: "options {" + insertbefore: "};" validate: /usr/sbin/named-checkconf %s notify: restart_named - name: nameserver | snmpd | configure extend lineinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" state: present line: "extend bind /etc/snmp/bind" insertafter: "# SECTION: Extends" diff --git a/roles/nameserver/tasks/configure_unbound_snmpd.yml b/roles/nameserver/tasks/configure_unbound_snmpd.yml index d152264..cbb0dbc 100644 --- a/roles/nameserver/tasks/configure_unbound_snmpd.yml +++ b/roles/nameserver/tasks/configure_unbound_snmpd.yml @@ -8,7 +8,7 @@ - name: nameserver | snmpd | configure extend lineinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" state: present line: "extend unbound /usr/bin/sudo /etc/snmp/unbound" insertafter: "# SECTION: Extends" diff --git a/roles/nameserver/tasks/disable-systemd-resolved.yml b/roles/nameserver/tasks/disable-systemd-resolved.yml new file mode 100644 index 0000000..3d15fa8 --- /dev/null +++ b/roles/nameserver/tasks/disable-systemd-resolved.yml @@ -0,0 +1,22 @@ +- name: nameserver | systemd-resolved | edit config + lineinfile: + path: "/etc/systemd/resolved.conf" + regexp: "^.*DNSStubListener=.*$" + state: present + line: "DNSStubListener=no" + +- name: nameserver | systemd-resolved | stop and disable service + service: + name: "systemd-resolved" + state: stopped + enabled: false + +- name: nameserver | systemd-resolved | remove /etc/resolv.conf (symlink) + file: + path: "/etc/resolv.conf" + state: absent + +- name: nameserver | systemd-resolved | create new /etc/resolv.conf + copy: + dest: "/etc/resolv.conf" + content: nameserver 127.0.0.1 \ No newline at end of file diff --git a/roles/nameserver/tasks/install_unbound.yml b/roles/nameserver/tasks/install_unbound.yml index e6b8020..aa5ab6a 100644 --- a/roles/nameserver/tasks/install_unbound.yml +++ b/roles/nameserver/tasks/install_unbound.yml @@ -10,4 +10,5 @@ mode: "0644" owner: "root" group: "root" + verify: "unbound-checkconf /etc/unbound/unbound.conf.d/network.conf" notify: restart_unbound \ No newline at end of file diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index 83b8455..9788e09 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -3,14 +3,11 @@ tags: always - block: - - debug: - msg: Debug + - name: nameserver | unbound | disable systemd-resolved + include_tasks: disable-systemd-resolved.yml + when: bind == true or unbound == true - # # import role - # - import_role: - # name: # required. The name of the role to be executed. - block: - # install software - include_tasks: install_bind.yml - include_tasks: configure_bind_snmpd.yml rescue: diff --git a/roles/nameserver/vars/Archlinux.yml b/roles/nameserver/vars/Archlinux.yml index fdc6336..cf3109b 100644 --- a/roles/nameserver/vars/Archlinux.yml +++ b/roles/nameserver/vars/Archlinux.yml @@ -1,3 +1,8 @@ bind_package: bind unbound_package: unbound -perl_readbackwards: perl-file-readbackwards \ No newline at end of file +perl_readbackwards: perl-file-readbackwards + +# named / bind specific +named_conf_zones: /etc/named.conf +named_conf_options: /etc/named.conf +named_conf_local: /etc/named.conf \ No newline at end of file diff --git a/roles/nameserver/vars/Debian.yml b/roles/nameserver/vars/Debian.yml index be7d2f2..857da7d 100644 --- a/roles/nameserver/vars/Debian.yml +++ b/roles/nameserver/vars/Debian.yml @@ -1,3 +1,8 @@ bind_package: bind9 unbound_package: unbound -perl_readbackwards: libfile-readbackwards-perl \ No newline at end of file +perl_readbackwards: libfile-readbackwards-perl + +# named / bind specific +named_conf_zones: /etc/bind/named.conf.default-zones +named_conf_options: /etc/bind/named.conf.options +named_conf_local: /etc/bind/named.conf.local \ No newline at end of file diff --git a/roles/nameserver/vars/Ubuntu.yml b/roles/nameserver/vars/Ubuntu.yml index be7d2f2..857da7d 100644 --- a/roles/nameserver/vars/Ubuntu.yml +++ b/roles/nameserver/vars/Ubuntu.yml @@ -1,3 +1,8 @@ bind_package: bind9 unbound_package: unbound -perl_readbackwards: libfile-readbackwards-perl \ No newline at end of file +perl_readbackwards: libfile-readbackwards-perl + +# named / bind specific +named_conf_zones: /etc/bind/named.conf.default-zones +named_conf_options: /etc/bind/named.conf.options +named_conf_local: /etc/bind/named.conf.local \ No newline at end of file diff --git a/roles/server/tasks/utilities/snmpd.yml b/roles/server/tasks/utilities/snmpd.yml index 8eba7af..23c25f0 100644 --- a/roles/server/tasks/utilities/snmpd.yml +++ b/roles/server/tasks/utilities/snmpd.yml @@ -17,7 +17,7 @@ - name: server | snmpd | insert anchors to snmpd.conf blockinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" marker: "# {mark} ANSIBLE MANAGED BLOCK" # not required. The marker line template. C({mark}) will be replaced with the values C(in marker_begin) (default="BEGIN") and C(marker_end) (default="END"). Using a custom marker without the C({mark}) variable may result in the block being repeatedly inserted on subsequent playbook runs. block: | ################################################################################ @@ -35,13 +35,13 @@ - name: server | snmpd | setup ACLs lineinfile: - path: "/etc/snmp/snmpd.conf" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). + path: "{{ snmpd_conf }}" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). line: "rouser {{snmp_user }} authpriv" insertafter: "# SECTION: custom settings" - name: server | snmpd | enable service on wireguard interface lineinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" regexp: "^agentaddress.*$" state: present line: "agentaddress 127.0.0.1,{{ wg_local_ip | ipaddr('address') }},[::1]" @@ -49,7 +49,7 @@ - name: server | snmpd | enable service on all interfaces lineinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" regexp: "^agentaddress.*$" state: present line: "agentaddress udp:161,udp6:[::1]:161" @@ -63,7 +63,7 @@ - name: server | snmpd | configure extends lineinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" state: present line: "extend {{ item.service }} '{{ item.script }}'" insertafter: "# SECTION: custom settings" diff --git a/roles/webserver/tasks/configure_nginx_snmpd.yml b/roles/webserver/tasks/configure_nginx_snmpd.yml index 139c6a3..7a15834 100644 --- a/roles/webserver/tasks/configure_nginx_snmpd.yml +++ b/roles/webserver/tasks/configure_nginx_snmpd.yml @@ -8,7 +8,7 @@ - name: webserver | snmpd | configure extend lineinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" state: present line: "extend nginx /etc/snmp/nginx" insertafter: "# SECTION: custom settings"