Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
blaine
/
infra
1
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Мод: a8a902baae
Салаанууд Тагууд
infra
/
roles
/
name-resolution
/
tasks
/
main.yml

main.yml 2.8 KB
Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121 
  1. ---
    2. 

  2. - name: Set openresolv to not configure /etc/resolv.conf
    3. 

  3.   ansible.builtin.lineinfile:
    4. 

  4.     path: /etc/resolvconf.conf
    5. 

  5.     regexp: '^resolvconf='
    6. 

  6.     line: 'resolvconf=NO'
    7. 

  7. 

  8. 

  9. - name: Configure DNS servers
    10. 

  10.   ansible.builtin.template:
    11. 

  11.     src: resolv.conf.j2
    12. 

  12.     dest: /etc/resolv.conf
    13. 

  13.     owner: root
    14. 

  14.     group: root
    15. 

  15.     mode: '0644'
    16. 

  16. 

  17. 

  18. - name: Install dhcp & dns packages
    19. 

  19.   ansible.builtin.package:
    20. 

  20.     name:
    21. 

  21.       - isc-dhcp-server
    22. 

  22.       - unbound
    23. 

  23.     update_cache: no
    24. 

  24.     state: present
    25. 

  25. 

  26. - name: Create custom service folders
    27. 

  27.   ansible.builtin.file:
    28. 

  28.     path: /etc/systemd/system/{{ item }}.service.d
    29. 

  29.     state: directory
    30. 

  30.     owner: root
    31. 

  31.     group: root
    32. 

  32.     mode: '0755'
    33. 

  33.   loop:
    34. 

  34.     - isc-dhcp-server
    35. 

  35.     - unbound
    36. 

  36. 

  37. - name: Make services autorestart themselves on failure
    38. 

  38.   ansible.builtin.template:
    39. 

  39.     src: "custom-service-autorestart.j2"
    40. 

  40.     dest: /etc/systemd/system/{{ item }}.service.d/autorestart.conf
    41. 

  41.     owner: root
    42. 

  42.     group: root
    43. 

  43.     mode: '0644'
    44. 

  44.   loop:
    45. 

  45.     - isc-dhcp-server
    46. 

  46.     - unbound
    47. 

  47.   notify:
    48. 

  48.     - Reload systemd services
    49. 

  49.     - Restart {{ item }}
    50. 

  50. 

  51. - name: Enable dhcpd and unbound services
    52. 

  52.   ansible.builtin.systemd_service:
    53. 

  53.     name: "{{ item }}"
    54. 

  54.     enabled: yes
    55. 

  55.   loop:
    56. 

  56.     - isc-dhcp-server
    57. 

  57.     - unbound
    58. 

  58. 

  59. 

  60. - name: Set dhcp to only run via ipv4
    61. 

  61.   ansible.builtin.lineinfile:
    62. 

  62.     path: /etc/default/isc-dhcp-server
    63. 

  63.     regexp: '^INTERFACESv4='
    64. 

  64.     line: 'INTERFACESv4="{{ dhcp_interface }}"'
    65. 

  65. 

  66. 

  67. - name: Copy dhcpd.conf
    68. 

  68.   ansible.builtin.template:
    69. 

  69.     src: dhcpd/dhcpd.conf.j2
    70. 

  70.     dest: /etc/dhcp/dhcpd.conf
    71. 

  71.     owner: root
    72. 

  72.     group: root
    73. 

  73.     mode: '0644'
    74. 

  74.   notify:
    75. 

  75.     - Restart isc-dhcp-server
    76. 

  76. 

  77. 

  78. - name: Copy unbound conf files
    79. 

  79.   ansible.builtin.template:
    80. 

  80.     src: "unbound/{{ item }}.j2"
    81. 

  81.     dest: /etc/unbound/unbound.conf.d/{{ item }}
    82. 

  82.     owner: root
    83. 

  83.     group: unbound
    84. 

  84.     mode: '0640'
    85. 

  85.   loop:
    86. 

  86.     - unbound.conf
    87. 

  87.     - local-domain.conf
    88. 

  88.     - plug-onion-addresses.conf
    89. 

  89.   notify:
    90. 

  90.     - Restart unbound
    91. 

  91. 

  92. - name: Check adblock config file
    93. 

  93.   ansible.builtin.stat:
    94. 

  94.     path: /etc/unbound/unbound.conf.d/ad-servers.conf
    95. 

  95.   register: adservers_conf
    96. 

  96. 

  97. - ansible.builtin.set_fact:
    98. 

  98.     adservers_conf_age_in_days: "{{ (lookup('pipe', 'date +%s')|int - adservers_conf.stat.ctime|int) / 86400 }}"
    99. 

  99.   when:
    100. 

  100.     - adservers_conf.stat.exists
    101. 

  101. 

  102. - name: Download fresh adblock config
    103. 

  103.   ansible.builtin.get_url:
    104. 

  104.     url: 'https://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&mimetype=plaintext'
    105. 

  105.     dest: /etc/unbound/unbound.conf.d/ad-servers.conf
    106. 

  106.     owner: root
    107. 

  107.     group: unbound
    108. 

  108.     mode: '0644'
    109. 

  109.   when:
    110. 

  110.     #- not adservers_conf.stat.exists or adservers_conf_age_in_days|int > 30
    111. 

  111.     - not adservers_conf.stat.exists
    112. 

  112.   notify:
    113. 

  113.     - Restart unbound
    114. 

  114. 

  115. - name: Update /etc/hosts
    116. 

  116.   ansible.builtin.template:
    117. 

  117.     src: hosts.j2
    118. 

  118.     dest: /etc/hosts
    119. 

  119.     owner: root
    120. 

  120.     group: root
    121. 

  121.     mode: '0644'
    122.