blaine
/
infra


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138
							---
- name: Install dhcp & dns packages
  dnf:
    name:
      - dhcp-server
      - unbound
    update_cache: no
    state: present

- name: Make services autorestart themselves on failure
  template:
    src: "{{ item }}.service.j2"
    dest: /etc/systemd/system/{{ item }}.service
    owner: root
    group: root
    mode: '0644'
  loop:
    - dhcpd
    - unbound
  notify:
    - Restart {{ item }}
    - Reload systemd services

- name: Enable dhcpd and unbound services
  systemd:
    name: "{{ item }}"
    enabled: yes
  loop:
    - dhcpd
    - unbound

- name: Set home as default zone
  shell:
    cmd: firewall-cmd --set-default-zone=home
  register: setdefaultzone
  changed_when: "'Warning: ZONE_ALREADY_SET' not in setdefaultzone.stderr"
  failed_when: "'success' not in setdefaultzone.stdout"

- name: Open ports
  firewalld:
    service: "{{ item }}"
    zone: home
    permanent: yes
    state: enabled
    immediate: yes
  loop:
    - dhcp
    - dns

- name: Copy dhcpd.conf
  template:
    src: dhcpd.conf.j2
    dest: /etc/dhcp/dhcpd.conf
    owner: root
    group: root
    mode: '0644'
  notify:
    - Restart dhcpd

- name: Copy unbound.conf
  template:
    src: unbound.conf.j2
    dest: /etc/unbound/unbound.conf
    owner: root
    group: unbound
    mode: '0644'
  notify:
    - Restart unbound

- name: Copy unbound resolution files
  template:
    src: "{{ item }}.j2"
    dest: /etc/unbound/local.d/{{ item }}
    owner: root
    group: unbound
    mode: '0640'
  loop:
    - lan-name-resolution.conf
    - plug-onion-addresses.conf
    - server.home.conf
    - local.conf
    - home-lan.conf
  notify:
    - Restart unbound

- name: Check adblock config file
  stat:
    path: /etc/unbound/local.d/ad-servers.conf
  register: adservers_conf

- set_fact:
    adservers_conf_age_in_days: "{{ (lookup('pipe', 'date +%s')|int - adservers_conf.stat.ctime|int) / 86400 }}"
  when:
    - adservers_conf.stat.exists

- name: Download fresh adblock config
  get_url:
    url: 'https://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&mimetype=plaintext'
    dest: /etc/unbound/local.d/ad-servers.conf
    owner: root
    group: unbound
    mode: '0644'
  when:
    - not adservers_conf.stat.exists or adservers_conf_age_in_days|int > 30
  notify:
    - Restart unbound

- name: Update /etc/hosts
  template:
    src: hosts.j2
    dest: /etc/hosts
    owner: root
    group: root
    mode: '0644'

- set_fact:
    ethernet: "{{ (ansible_interfaces | reject('search', 'podman') | list | sort)[0] }}"

- name: Configure static IP on {{ ethernet }}
  lineinfile:
    path: /etc/sysconfig/network-scripts/ifcfg-{{ ethernet }}
    regexp: "{{ item.regexp | default(omit) }}"
    line: "{{ item.line }}"
  loop:
    - { regexp: 'BOOTPROTO=', line: 'BOOTPROTO="none"' }
    - { regexp: 'IPADDR=', line: 'IPADDR="10.0.0.2"' }
    - { regexp: 'PREFIX=', line: 'PREFIX="24"' }
    - { regexp: 'GATEWAY=' ,line: 'GATEWAY="10.0.0.1"' }
    - { regexp: 'DNS1=', line: 'DNS1="{{ dns_primary }}"' }
    - { regexp: 'DNS2=', line: 'DNS2="{{ dns_secondary }}"' }
    - { regexp: 'IPV4_FAILURE_FATAL=', line: 'IPV4_FAILURE_FATAL="yes"' }
    - { regexp: 'IPV6INIT=', line: 'IPV6INIT="NO"' }
    - { regexp: 'ZONE=', line: 'ZONE="home"' }
  loop_control:
    label: "{{ item.line }}"
  notify:
    - Restart NetworkManager