added unbound as nameserver software
This commit is contained in:
rene
@@ -19,6 +19,8 @@ set_hosts: true
|
|||||||
unattended_upgrades: true
|
unattended_upgrades: true
|
||||||
web_server: true
|
web_server: true
|
||||||
netdata: true
|
netdata: true
|
||||||
|
bind: true
|
||||||
|
unbound: true
|
||||||
|
|
||||||
# VPN
|
# VPN
|
||||||
wireguard: true
|
wireguard: true
|
||||||
|
|||||||
1
hosts
1
hosts
@@ -40,6 +40,7 @@ tuxedo-book-xp1511.universe.local
|
|||||||
|
|
||||||
[nameserver]
|
[nameserver]
|
||||||
coruscant.universe.local
|
coruscant.universe.local
|
||||||
|
mewimeet.de
|
||||||
|
|
||||||
[photo_editing]
|
[photo_editing]
|
||||||
endor.universe.local
|
endor.universe.local
|
||||||
|
|||||||
15
roles/nameserver/tasks/configure_unbound_snmpd.yml
Normal file
15
roles/nameserver/tasks/configure_unbound_snmpd.yml
Normal file
@@ -0,0 +1,15 @@
|
|||||||
|
- name: nameserver | snmpd | get script
|
||||||
|
get_url:
|
||||||
|
url: "https://github.com/librenms/librenms-agent/raw/master/snmp/unbound"
|
||||||
|
dest: "/etc/snmp/unbound"
|
||||||
|
mode: "0755"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
|
||||||
|
- name: nameserver | snmpd | configure extend
|
||||||
|
lineinfile:
|
||||||
|
path: "/etc/snmp/snmpd.conf"
|
||||||
|
state: present
|
||||||
|
line: "extend unbound /etc/snmp/unbound"
|
||||||
|
insertafter: "# SECTION: Extends"
|
||||||
|
notify: restart_snmpd
|
||||||
12
roles/nameserver/tasks/install_unbound.yml
Normal file
12
roles/nameserver/tasks/install_unbound.yml
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
- name: nameserver | unbound | install packages
|
||||||
|
package:
|
||||||
|
name: "{{ unbound_package }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: nameserver | unbound | copy config
|
||||||
|
template:
|
||||||
|
src: "unbound_network.conf.j2"
|
||||||
|
dest: "etc/unbound/unbound.conf.d/network.conf"
|
||||||
|
mode: "0644"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
17
roles/nameserver/templates/unbound_network.conf.j2
Normal file
17
roles/nameserver/templates/unbound_network.conf.j2
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
server:
|
||||||
|
ip-freebind: yes
|
||||||
|
interface: {{ wg_local_ip | ipaddr('address') }}
|
||||||
|
interface: 127.0.0.1
|
||||||
|
interface: 127.0.0.53
|
||||||
|
interface: ::1
|
||||||
|
outgoing-interface: {{ ansible_default_ipv4.address }}
|
||||||
|
outgoing-interface: {{ ansible_default_ipv6.address }}
|
||||||
|
access-control: 192.168.1.0/24 allow
|
||||||
|
access-control: 192.168.3.0/24 allow
|
||||||
|
access-control: 172.16.0.0/24 allow
|
||||||
|
extended-statistics: yes
|
||||||
|
statistics-cumulative: yes
|
||||||
|
|
||||||
|
remote-control:
|
||||||
|
control-enable: yes
|
||||||
|
control-interface: 127.0.0.1
|
||||||
@@ -1,2 +1,3 @@
|
|||||||
bind_package: bind
|
bind_package: bind
|
||||||
|
unbound_package: unbound
|
||||||
perl_readbackwards: perl-file-readbackwards
|
perl_readbackwards: perl-file-readbackwards
|
||||||
@@ -1,2 +1,3 @@
|
|||||||
bind_package: bind9
|
bind_package: bind9
|
||||||
|
unbound_package: unbound
|
||||||
perl_readbackwards: libfile-readbackwards-perl
|
perl_readbackwards: libfile-readbackwards-perl
|
||||||
@@ -1,2 +1,3 @@
|
|||||||
bind_package: bind9
|
bind_package: bind9
|
||||||
|
unbound_package: unbound
|
||||||
perl_readbackwards: libfile-readbackwards-perl
|
perl_readbackwards: libfile-readbackwards-perl
|
||||||
Reference in New Issue
Block a user