back to singular

2022-09-24 20:55:50 +02:00
parent 0e20f83a67
commit dd00b2840a
60 changed files with 51 additions and 51 deletions
--- a/roles/nameserver/tasks/configure_bind_snmpd.yml
+++ b/roles/nameserver/tasks/configure_bind_snmpd.yml
@@ -0,0 +1,44 @@
+- name: nameserver | snmpd | install needed modules
+  package:
+    name: "{{ perl_readbackwards }}"
+    state: present
+
+- name: nameserver | snmpd | get script
+  get_url:
+    url: "https://github.com/librenms/librenms-agent/raw/master/snmp/bind"
+    dest: "/etc/snmp/bind"
+    mode: "0755"
+    owner: "root"
+    group: "root"
+
+- name: nameserver | snmpd | create configuration
+  copy:
+    dest: "/etc/snmp/bind.conf"
+    src: "snmpd_bind.conf"
+    mode: "0644"
+    owner: "root"
+    group: "root"
+
+- name: nameserver | snmpd | create statistics file
+  file:
+    path: /var/cache/bind/stats
+    state: touch
+    owner: "bind"
+    group: "bind"
+
+- name: nameserver | snmpd | configure named for statistics
+  lineinfile:
+    path: "{{ named_conf_options }}"
+    state: present
+    line: '\tstatistics-file "/var/cache/bind/stats";\n\tzone-statistics yes;'
+    insertafter: "options {"
+    validate: "/usr/sbin/named-checkconf %s"
+  notify: restart_named
+
+- name: nameserver | snmpd | configure extend
+  lineinfile:
+    path: "{{ snmpd_conf }}"
+    state: present
+    line: "extend bind /etc/snmp/bind"
+    insertafter: "# SECTION: Extends"
+  notify: restart_snmpd
--- a/roles/nameserver/tasks/configure_unbound_snmpd.yml
+++ b/roles/nameserver/tasks/configure_unbound_snmpd.yml
@@ -0,0 +1,15 @@
+- name: nameserver | snmpd | get script
+  get_url:
+    url: "https://github.com/librenms/librenms-agent/raw/master/snmp/unbound"
+    dest: "/etc/snmp/unbound"
+    mode: "0755"
+    owner: "root"
+    group: "root"
+
+- name: nameserver | snmpd | configure extend
+  lineinfile:
+    path: "{{ snmpd_conf }}"
+    state: present
+    line: "extend unbound {{ sudo }} /etc/snmp/unbound"
+    insertafter: "# SECTION: Extends"
+  notify: restart_snmpd
--- a/roles/nameserver/tasks/disable-systemd-resolved.yml
+++ b/roles/nameserver/tasks/disable-systemd-resolved.yml
@@ -0,0 +1,23 @@
+- name: nameserver | systemd-resolved | edit config
+  lineinfile:
+    path: "/etc/systemd/resolved.conf"
+    regexp: "^.*DNSStubListener=.*$"
+    state: present
+    line: "DNSStubListener=no"
+
+- name: nameserver | systemd-resolved | stop and disable service
+  service:
+    name: "systemd-resolved"
+    state: stopped
+    enabled: false
+
+- name: nameserver | systemd-resolved | remove /etc/resolv.conf (symlink)
+  file:
+    path: "/etc/resolv.conf"
+    state: absent
+
+- name: nameserver | systemd-resolved | create new /etc/resolv.conf
+  copy:
+    dest: "/etc/resolv.conf"
+    content: |
+      nameserver 127.0.0.1
--- a/roles/nameserver/tasks/install_bind.yml
+++ b/roles/nameserver/tasks/install_bind.yml
@@ -0,0 +1,26 @@
+- name: nameserver | bind | install packages
+  package:
+    name: "{{ bind_package }}"
+    state: present
+
+- name: nameserver | bind | basic configuration
+  replace:
+    path: "{{ named_conf_options }}"
+    regexp: "{{ item.regexp }}"
+    replace: "{{ item.option }}"
+    validate: "{{ named_checkconf }} %s"
+  loop:
+    - { regexp: '^\s*listen-on \{(?:[\s\n]*(?:\d{1,3}\.){3}\d{1,3};)*[\s\n]*\};', option: "\tlisten-on { {{ ansible_default_ipv4.address }}; };"}
+    - { regexp: '^\s*listen-on-v6 \{[\s\n]*any;[\s\n]*\};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"}
+    - { regexp: '^\s*listen-on-v6 \{(?:[\s\n]*[\da-z:]*;)[\s\n]*\};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"}
+  notify: restart_named
+
+- name: nameserver | bind | basic configuration cont'd
+  lineinfile:
+    path: "{{ named_conf_options }}"
+    regexp: '^\s*listen-on \{.*\};'
+    state: present
+    line: "\tlisten-on { {{ ansible_default_ipv4.address }}; };"
+    insertafter: "options {"
+    validate: "{{ named_checkconf }} %s"
+  notify: restart_named
--- a/roles/nameserver/tasks/install_unbound.yml
+++ b/roles/nameserver/tasks/install_unbound.yml
@@ -0,0 +1,19 @@
+- name: nameserver | unbound | install packages
+  package:
+    name: "{{ unbound_package }}"
+    state: present
+
+- name: nameserver | unbound | copy config
+  template:
+    src: "unbound_network.conf.j2"
+    dest: "/etc/unbound/unbound.conf.d/network.conf"
+    mode: "0644"
+    owner: "root"
+    group: "root"
+    validate: "unbound-checkconf %s"
+
+- name: nameserver | unbound | enable service
+  service:
+    name: "unbound"
+    state: started
+    enabled: True
--- a/roles/nameserver/tasks/main.yml
+++ b/roles/nameserver/tasks/main.yml
@@ -0,0 +1,21 @@
+# Load distro-specific variables
+- include_vars: "{{ ansible_distribution }}.yml"
+  tags: always
+
+- block:
+  - block:
+    - include_tasks: install_unbound.yml
+    - include_tasks: configure_unbound_snmpd.yml
+    when: unbound == true
+
+  - name: nameserver | unbound | disable systemd-resolved
+    include_tasks: disable-systemd-resolved.yml
+    when: bind == true or unbound == true
+
+  - block:
+    - include_tasks: install_bind.yml
+    - include_tasks: configure_bind_snmpd.yml
+    when: bind == true
+
+  rescue:
+    - set_fact: task_failed=true