diff options
Diffstat (limited to 'roles/common/tasks')
| -rw-r--r-- | roles/common/tasks/logging.yml | 6 | ||||
| -rw-r--r-- | roles/common/tasks/main.yml | 5 | ||||
| -rw-r--r-- | roles/common/tasks/resolved.yml | 36 | ||||
| -rw-r--r-- | roles/common/tasks/unbound.yml | 11 |
4 files changed, 44 insertions, 14 deletions
diff --git a/roles/common/tasks/logging.yml b/roles/common/tasks/logging.yml index 2b4a42a..699c6e3 100644 --- a/roles/common/tasks/logging.yml +++ b/roles/common/tasks/logging.yml @@ -40,7 +40,7 @@ - name: Configure logcheck (1) copy: src=etc/logcheck/{{ item }} dest=/etc/logcheck/{{ item }} - owner=root group=logcheck + owner=root group=root mode=0644 with_items: - logcheck.conf @@ -59,8 +59,8 @@ line={{ item }} state=present create=yes - owner=root group=logcheck - mode=0640 + owner=root group=root + mode=0644 with_items: - /var/log/syslog - /var/log/auth.log diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index a6795ba..1dc286e 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -19,6 +19,11 @@ when: "'webmail' in group_names and 'LDAP_provider' not in group_names" - import_tasks: auditd.yml tags: auditd +- import_tasks: resolved.yml + tags: + - resolv + - resolved + - dns - import_tasks: unbound.yml tags: - unbound diff --git a/roles/common/tasks/resolved.yml b/roles/common/tasks/resolved.yml new file mode 100644 index 0000000..2834eaa --- /dev/null +++ b/roles/common/tasks/resolved.yml @@ -0,0 +1,36 @@ +- name: Install systemd-resolved + apt: pkg={{ packages }} + vars: + packages: + - systemd-resolved + - libnss-resolve + - libnss-myhostname + +- name: Create directory /etc/systemd/resolved.conf.d + file: path=/etc/systemd/resolved.conf.d + state=directory + owner=root group=root + mode=0755 + +- name: Configure systemd-resolved + template: src=etc/systemd/resolved.conf.d/local.conf.j2 + dest=/etc/systemd/resolved.conf.d/local.conf + owner=root group=root + mode=0644 + notify: + - Restart systemd-resolved + +- name: Start systemd-resolved + service: name=systemd-resolved.service enabled=true state=started + +- meta: flush_handlers + +- name: Remove resolvconf + apt: pkg=resolvconf state=absent purge=yes + +- name: Configure /etc/nsswitch.conf + lineinfile: "dest=/etc/nsswitch.conf create=no + regexp='^(hosts:\\s+).*' + line='\\1resolve [!UNAVAIL=return] files myhostname dns' + backrefs=true" + tags: nsswitch diff --git a/roles/common/tasks/unbound.yml b/roles/common/tasks/unbound.yml index b4554ac..dda6769 100644 --- a/roles/common/tasks/unbound.yml +++ b/roles/common/tasks/unbound.yml @@ -19,14 +19,3 @@ when: not r.changed #- meta: flush_handlers - -- name: Use the local DNS server - lineinfile: dest=/etc/resolv.conf create=yes - regexp='^nameserver\s+127\.0\.0\.1\s*$' - line='nameserver 127.0.0.1' - insertbefore='^\s*#*?nameserver\s' - firstmatch=yes - tags: - - resolver - notify: - - Restart Postfix |