From 07c1734d2c00ce0a52830533b19a02faed678364 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 3 Dec 2018 03:45:59 +0100
Subject: Install unbound on metal hosts.

(A validating, recursive, caching DNS resolver.)
---
 roles/common/tasks/unbound.yml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 roles/common/tasks/unbound.yml

(limited to 'roles/common/tasks/unbound.yml')

diff --git a/roles/common/tasks/unbound.yml b/roles/common/tasks/unbound.yml
new file mode 100644
index 0000000..b4554ac
--- /dev/null
+++ b/roles/common/tasks/unbound.yml
@@ -0,0 +1,32 @@
+- name: Install unbound
+  apt: pkg={{ packages }}
+  vars:
+    packages:
+    - unbound
+    - dns-root-data
+
+- name: Copy unbound configuration
+  template: src=templates/etc/unbound/unbound.conf.j2
+            dest=/etc/unbound/unbound.conf
+            owner=root group=root
+            mode=0644
+  register: r
+  notify:
+    - Restart unbound
+
+- name: Start unbound
+  service: name=unbound state=started
+  when: not r.changed
+
+#- meta: flush_handlers
+
+- name: Use the local DNS server
+  lineinfile: dest=/etc/resolv.conf create=yes
+              regexp='^nameserver\s+127\.0\.0\.1\s*$'
+              line='nameserver 127.0.0.1'
+              insertbefore='^\s*#*?nameserver\s'
+              firstmatch=yes
+  tags:
+    - resolver
+  notify:
+    - Restart Postfix
-- 
cgit v1.2.3