Inicio Explorar Ayuda
Iniciar sesión
blaine
/
infra
1
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Árbol: 8ec1f6b1c8
Ramas Etiquetas
infra
/
roles
/
name-resolution
/
tasks
/
main.yml

main.yml 2.8 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129 
  1. ---
    2. 

  2. - name: Set openresolv to not configure /etc/resolv.conf
    3. 

  3.   ansible.builtin.lineinfile:
    4. 

  4.     path: /etc/resolvconf.conf
    5. 

  5.     regexp: '^resolvconf='
    6. 

  6.     line: 'resolvconf=NO'
    7. 

  7. 

  8. 

  9. - name: Configure DNS servers
    10. 

  10.   ansible.builtin.template:
    11. 

  11.     src: resolv.conf.j2
    12. 

  12.     dest: /etc/resolv.conf
    13. 

  13.     owner: root
    14. 

  14.     group: root
    15. 

  15.     mode: '0644'
    16. 

  16. 

  17. 

  18. - name: Install dhcp & dns packages
    19. 

  19.   ansible.builtin.package:
    20. 

  20.     name:
    21. 

  21.       - isc-dhcp-server
    22. 

  22.       - unbound
    23. 

  23.     update_cache: no
    24. 

  24.     state: present
    25. 

  25. 

  26. - name: Create custom service folders
    27. 

  27.   ansible.builtin.file:
    28. 

  28.     path: /etc/systemd/system/{{ item }}.service.d
    29. 

  29.     state: directory
    30. 

  30.     owner: root
    31. 

  31.     group: root
    32. 

  32.     mode: '0755'
    33. 

  33.   loop:
    34. 

  34.     - isc-dhcp-server
    35. 

  35.     - unbound
    36. 

  36. 

  37. #- name: Make services autorestart themselves on failure
    38. 

  38. #  template:
    39. 

  39. #    src: "custom-service-autorestart.j2"
    40. 

  40. ##    dest: /etc/systemd/system/{{ item }}.service.d/autorestart.conf
    41. 

  41. #    owner: root
    42. 

  42. #    group: root
    43. 

  43. #    mode: '0644'
    44. 

  44. #  loop:
    45. 

  45. #    - isc-dhcp-server
    46. 

  46. #    - unbound
    47. 

  47. #  notify:
    48. 

  48. #    - Restart {{ item }}
    49. 

  49. #    - Reload systemd services
    50. 

  50. 

  51. - name: Enable dhcpd and unbound services
    52. 

  52.   systemd:
    53. 

  53.     name: "{{ item }}"
    54. 

  54.     enabled: yes
    55. 

  55.   loop:
    56. 

  56.     - isc-dhcp-server
    57. 

  57.     - unbound
    58. 

  58. 

  59. 

  60. - name: Set dhcp to only run via ipv4
    61. 

  61.   ansible.builtin.lineinfile:
    62. 

  62.     path: /etc/default/isc-dhcp-server
    63. 

  63.     regexp: '^INTERFACESv4='
    64. 

  64.     line: 'INTERFACESv4="{{ dhcp_interface }}"'
    65. 

  65. 

  66. 

  67. - name: Copy dhcpd.conf
    68. 

  68.   template:
    69. 

  69.     src: dhcpd/dhcpd.conf.j2
    70. 

  70.     dest: /etc/dhcp/dhcpd.conf
    71. 

  71.     owner: root
    72. 

  72.     group: root
    73. 

  73.     mode: '0644'
    74. 

  74.   notify:
    75. 

  75.     - Restart dhcpd
    76. 

  76. 

  77. 

  78. #- name: Create unbound local.d directory
    79. 

  79. #  ansible.builtin.file:
    80. 

  80. #    path: /etc/unbound/local.d
    81. 

  81. #    state: directory
    82. 

  82. #    owner: root
    83. 

  83. #    group: unbound
    84. 

  84. #    mode: '0750'
    85. 

  85. 

  86. 

  87. - name: Copy unbound conf files
    88. 

  88.   template:
    89. 

  89.     src: "unbound/{{ item }}.j2"
    90. 

  90.     dest: /etc/unbound/unbound.conf.d/{{ item }}
    91. 

  91.     owner: root
    92. 

  92.     group: unbound
    93. 

  93.     mode: '0640'
    94. 

  94.   loop:
    95. 

  95.     - unbound.conf
    96. 

  96.     - local-domain.conf
    97. 

  97.     - plug-onion-addresses.conf
    98. 

  98.   notify:
    99. 

  99.     - Restart unbound
    100. 

  100. 

  101. - name: Check adblock config file
    102. 

  102.   stat:
    103. 

  103.     path: /etc/unbound/unbound.conf.d/ad-servers.conf
    104. 

  104.   register: adservers_conf
    105. 

  105. 

  106. - set_fact:
    107. 

  107.     adservers_conf_age_in_days: "{{ (lookup('pipe', 'date +%s')|int - adservers_conf.stat.ctime|int) / 86400 }}"
    108. 

  108.   when:
    109. 

  109.     - adservers_conf.stat.exists
    110. 

  110. 

  111. - name: Download fresh adblock config
    112. 

  112.   get_url:
    113. 

  113.     url: 'https://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&mimetype=plaintext'
    114. 

  114.     dest: /etc/unbound/unbound.conf.d/ad-servers.conf
    115. 

  115.     owner: root
    116. 

  116.     group: unbound
    117. 

  117.     mode: '0644'
    118. 

  118.   when:
    119. 

  119.     - not adservers_conf.stat.exists or adservers_conf_age_in_days|int > 30
    120. 

  120.   notify:
    121. 

  121.     - Restart unbound
    122. 

  122. 

  123. - name: Update /etc/hosts
    124. 

  124.   template:
    125. 

  125.     src: hosts.j2
    126. 

  126.     dest: /etc/hosts
    127. 

  127.     owner: root
    128. 

  128.     group: root
    129. 

  129.     mode: '0644'
    130.