| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 |
- ---
- - name: Install dhcp & dns packages
- dnf:
- name:
- - dhcp-server
- - unbound
- update_cache: no
- state: present
- - name: Create custom service folders
- file:
- path: /etc/systemd/system/{{ item }}.service.d
- state: directory
- owner: root
- group: root
- mode: '0755'
- loop:
- - dhcpd
- - unbound
- - name: Make services autorestart themselves on failure
- template:
- src: "custom-service-autorestart.j2"
- dest: /etc/systemd/system/{{ item }}.service.d/autorestart.conf
- owner: root
- group: root
- mode: '0644'
- loop:
- - dhcpd
- - unbound
- notify:
- - Restart {{ item }}
- - Reload systemd services
- - name: Enable dhcpd and unbound services
- systemd:
- name: "{{ item }}"
- enabled: yes
- loop:
- - dhcpd
- - unbound
- - name: Set home as default zone
- shell:
- cmd: firewall-cmd --set-default-zone=home
- register: setdefaultzone
- changed_when: "'Warning: ZONE_ALREADY_SET' not in setdefaultzone.stderr"
- failed_when: "'success' not in setdefaultzone.stdout"
- - name: Open ports
- firewalld:
- service: "{{ item }}"
- zone: home
- permanent: yes
- state: enabled
- immediate: yes
- loop:
- - dhcp
- - dns
- - name: Copy dhcpd.conf
- template:
- src: dhcpd/dhcpd.conf.j2
- dest: /etc/dhcp/dhcpd.conf
- owner: root
- group: root
- mode: '0644'
- notify:
- - Restart dhcpd
- - name: Copy unbound.conf
- template:
- src: unbound/unbound.conf.j2
- dest: /etc/unbound/unbound.conf
- owner: root
- group: unbound
- mode: '0644'
- notify:
- - Restart unbound
- - name: Copy unbound resolution files
- template:
- src: "unbound/{{ item }}.j2"
- dest: /etc/unbound/local.d/{{ item }}
- owner: root
- group: unbound
- mode: '0640'
- loop:
- - server.home.conf
- - home-lan.conf
- - lan-name-resolution.conf
- - plug-onion-addresses.conf
- notify:
- - Restart unbound
- - name: Check adblock config file
- stat:
- path: /etc/unbound/local.d/ad-servers.conf
- register: adservers_conf
- - set_fact:
- adservers_conf_age_in_days: "{{ (lookup('pipe', 'date +%s')|int - adservers_conf.stat.ctime|int) / 86400 }}"
- when:
- - adservers_conf.stat.exists
- - name: Download fresh adblock config
- get_url:
- url: 'https://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&mimetype=plaintext'
- dest: /etc/unbound/local.d/ad-servers.conf
- owner: root
- group: unbound
- mode: '0644'
- when:
- - not adservers_conf.stat.exists or adservers_conf_age_in_days|int > 30
- notify:
- - Restart unbound
- - name: Update /etc/hosts
- template:
- src: hosts.j2
- dest: /etc/hosts
- owner: root
- group: root
- mode: '0644'
- - set_fact:
- ethernet: "{{ (ansible_interfaces | reject('search', 'podman') | list | sort)[0] }}"
- - name: Configure static IP on {{ ethernet }}
- nmcli:
- conn_name: "{{ ethernet }}"
- ifname: "{{ ethernet }}"
- type: ethernet
- state: present
- ip4: "{{ gateway_server_ip }}"
- gw4: "{{ actual_gateway_ip }}"
- mtu: 9000
- dns4:
- - "{{ dns_primary }}"
- - "{{ dns_secondary }}"
- notify:
- - Restart NetworkManager
|
