Initial commit
This commit is contained in:
Philip (a-0)
commit
97737b3186
7 changed files with 92 additions and 0 deletions
4
defaults/main.yml
Normal file
4
defaults/main.yml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
unbound_os_supported: False
|
||||
|
||||
unbound_ip4_subnet: "192.168.0.0/24"
|
||||
1
handlers/main.yml
Normal file
1
handlers/main.yml
Normal file
|
|
@ -0,0 +1 @@
|
|||
---
|
||||
2
meta/main.yml
Normal file
2
meta/main.yml
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
galaxy_info:
|
||||
42
tasks/main.yml
Normal file
42
tasks/main.yml
Normal file
|
|
@ -0,0 +1,42 @@
|
|||
---
|
||||
- name: Set OS dependent variables
|
||||
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_distribution | lower }}_{{ ansible_distribution_version | lower }}.yml"
|
||||
- "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version | lower }}.yml"
|
||||
- "{{ ansible_distribution | lower }}.yml"
|
||||
- "{{ ansible_os_family | lower }}.yml"
|
||||
- "{{ ansible_system | lower }}.yml"
|
||||
paths:
|
||||
- '{{ role_path }}/vars'
|
||||
ignore_errors: True
|
||||
|
||||
- name: OS is supported
|
||||
ansible.builtin.assert:
|
||||
that: __os_supported
|
||||
quiet: True
|
||||
vars:
|
||||
__os_supported: "{{ lookup('vars', '{}_os_supported'.format(role_name)) | bool }}"
|
||||
|
||||
- name: Install unbound
|
||||
apt:
|
||||
name: unbound
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Set unbound config file
|
||||
template:
|
||||
src: default.conf.j2
|
||||
dest: "{{ unbound_conf_dir }}unbound.conf.d/default.conf"
|
||||
|
||||
- name: Set unbound logrotate config
|
||||
template:
|
||||
src: unbound_logrotate.conf.j2
|
||||
dest: "{{ unbound_logrotate_dir }}unbound"
|
||||
|
||||
- name: Restart unbound
|
||||
service:
|
||||
name: unbound
|
||||
state: restarted
|
||||
29
templates/default.conf.j2
Normal file
29
templates/default.conf.j2
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
server:
|
||||
interface: {{ unbound_ip4 }}
|
||||
port: {{ unbound_port }}
|
||||
access-control: {{ unbound_ip4_subnet }} allow_snoop
|
||||
verbosity: 2
|
||||
|
||||
logfile: "/var/log/unbound/unbound.log"
|
||||
log-time-ascii: yes
|
||||
statistics-cumulative: yes
|
||||
|
||||
# Optimization
|
||||
num-threads: 3
|
||||
msg-cache-slabs: 2
|
||||
rrset-cache-slabs: 2
|
||||
infra-cache-slabs: 2
|
||||
key-cache-slabs: 2
|
||||
|
||||
rrset-cache-size: 257051306
|
||||
msg-cache-size: 128525653
|
||||
|
||||
so-reuseport: yes
|
||||
|
||||
minimal-responses: yes
|
||||
|
||||
prefetch: yes
|
||||
prefetch-key: yes
|
||||
|
||||
serve-expired: yes
|
||||
cache-max-ttl: 3600
|
||||
9
templates/unbound_logrotate.conf.j2
Normal file
9
templates/unbound_logrotate.conf.j2
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
/var/log/unbound/unbound.log {
|
||||
daily
|
||||
missingok
|
||||
rotate 30
|
||||
compress
|
||||
delaycompress
|
||||
notifempty
|
||||
create 640 root root
|
||||
}
|
||||
5
vars/debian.yml
Normal file
5
vars/debian.yml
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
unbound_os_supported: True
|
||||
|
||||
unbound_conf_dir: /etc/unbound/
|
||||
unbound_logrotate_dir: /etc/logrotate.d/
|
||||
Loading…
Add table
Add a link
Reference in a new issue