85 lines
1.8 KiB
YAML
85 lines
1.8 KiB
YAML
|
---
|
|||
|
- name: Install unbound
|
|||
|
package:
|
|||
|
name: unbound
|
|||
|
state: present
|
|||
|
|
|||
|
- name: Add /var/log/unbound to fstab
|
|||
|
mount:
|
|||
|
path: /var/log/unbound
|
|||
|
src: tmpfs
|
|||
|
fstype: tmpfs
|
|||
|
opts: 'rw,size={{ unbound_log_size }},mode={{ unbound_log_mode }},uid={{ unbound_log_uid }},gid={{ unbound_log_gid }},late'
|
|||
|
state: mounted
|
|||
|
|
|||
|
- name: Create unbound service directories
|
|||
|
file:
|
|||
|
path: '/etc/s6-rc/service/{{ item }}'
|
|||
|
state: directory
|
|||
|
owner: root
|
|||
|
group: wheel
|
|||
|
mode: 0755
|
|||
|
with_items: '{{ unbound_service_dirs }}'
|
|||
|
notify:
|
|||
|
- Reload s6-rc
|
|||
|
- Restart unbound log
|
|||
|
- Restart unbound
|
|||
|
|
|||
|
- name: Generate unbound service scripts
|
|||
|
template:
|
|||
|
dest: '/etc/s6-rc/service/{{ item }}'
|
|||
|
src: '{{ item }}.j2'
|
|||
|
mode: 0555
|
|||
|
owner: root
|
|||
|
group: wheel
|
|||
|
with_items: '{{ unbound_service_scripts }}'
|
|||
|
notify:
|
|||
|
- Reload s6-rc
|
|||
|
- Restart unbound log
|
|||
|
- Restart unbound
|
|||
|
|
|||
|
- name: Generate unbound service configuration
|
|||
|
copy:
|
|||
|
dest: '/etc/s6-rc/service/{{ item.name }}'
|
|||
|
content: '{{ item.content }}'
|
|||
|
mode: 0444
|
|||
|
owner: root
|
|||
|
group: wheel
|
|||
|
loop_control:
|
|||
|
label: '{{ item.name }} = {{ item.content }}'
|
|||
|
notify:
|
|||
|
- Reload s6-rc
|
|||
|
- Restart unbound log
|
|||
|
- Restart unbound
|
|||
|
with_items: '{{ unbound_service_config }}'
|
|||
|
|
|||
|
- name: Configure unbound
|
|||
|
template:
|
|||
|
dest: /usr/local/etc/unbound/unbound.conf
|
|||
|
src: unbound.conf.j2
|
|||
|
mode: 0444
|
|||
|
owner: root
|
|||
|
group: wheel
|
|||
|
notify:
|
|||
|
- Reload unbound
|
|||
|
|
|||
|
- name: Flush handlers
|
|||
|
meta: flush_handlers
|
|||
|
|
|||
|
- name: Start unbound
|
|||
|
command: fdmove -c 2 1 s6-rc -u -v 2 -t 15000 change unbound
|
|||
|
register: change
|
|||
|
changed_when: change.stdout | length > 0
|
|||
|
|
|||
|
- name: Enable unbound
|
|||
|
lineinfile:
|
|||
|
path: /etc/s6-rc/service/enabled/contents
|
|||
|
regexp: "^unbound$"
|
|||
|
line: unbound
|
|||
|
state: present
|
|||
|
notify:
|
|||
|
- Reload s6-rc
|
|||
|
|
|||
|
- name: Flush handlers (again)
|
|||
|
meta: flush_handlers
|