ansible-ffibk/roles/service-bind-slave/tasks/main.yml

114 lines
2.4 KiB
YAML
Raw Normal View History

2017-10-02 23:34:53 +02:00
---
- name: install dns server packages
package:
2017-10-02 23:34:53 +02:00
name: "{{ item }}"
state: present
loop:
2017-10-02 23:34:53 +02:00
- bind9
- bind9-doc
- bind9utils
- stunnel
2017-10-02 23:34:53 +02:00
- name: write named.conf
template:
src: named.conf.j2
dest: /etc/bind/named.conf
owner: root
group: bind
mode: 0644
notify: restart bind9
- name: write named.conf.options
template:
src: named.conf.options.j2
dest: /etc/bind/named.conf.options
owner: root
group: bind
mode: 0644
notify: restart bind9
- name: write named.conf.logging
template:
src: named.conf.logging.j2
dest: /etc/bind/named.conf.logging
owner: root
group: bind
mode: 0644
notify: restart bind9
- name: write named.conf.ffmwu-zones
2017-10-02 23:34:53 +02:00
template:
src: named.conf.ffmwu-zones.j2
dest: /etc/bind/named.conf.ffmwu-zones
2017-10-02 23:34:53 +02:00
owner: root
group: bind
mode: 0644
notify: restart bind9
- name: write stunnel4 dnstls.conf
template:
src: dnstls.conf.j2
dest: /etc/stunnel/dnstls.conf
owner: root
group: stunnel4
mode: 0644
notify: restart stunnel4
- name: enable stunnel4
lineinfile:
dest: "/etc/default/stunnel4"
regexp: '^ENABLED=0$'
line: 'ENABLED=1'
notify: restart stunnel4
2017-10-02 23:34:53 +02:00
- name: write initial icvpn bind config
shell: /usr/bin/python3 /home/admin/clones/icvpn-scripts/mkdns -f bind -x mwu -x bingen -s /home/admin/clones/icvpn-meta > /etc/bind/named.conf.icvpn
args:
chdir: /home/admin/clones/icvpn-scripts
creates: /etc/bind/named.conf.icvpn
notify: restart bind9
- name: set file attributes for icvpn config
file:
path: /etc/bind/named.conf.icvpn
2017-10-02 23:34:53 +02:00
mode: 0644
owner: admin
group: bind
2017-10-02 23:34:53 +02:00
notify: restart bind9
- name: write systemd unit icvpn-dns-update.service
template:
src: icvpn-dns-update.service.j2
dest: /etc/systemd/system/icvpn-dns-update.service
owner: root
group: root
mode: 0644
notify: reload systemd
- name: write systemd timer icvpn-dns-update.timer
template:
src: icvpn-dns-update.timer.j2
dest: /etc/systemd/system/icvpn-dns-update.timer
owner: root
group: root
mode: 0644
notify: reload systemd
- name: configure systemd unit/timer icvpn-dns-update
systemd:
name: icvpn-dns-update.timer
enabled: yes
state: started
2017-10-26 22:35:55 +02:00
- name: enable systemd unit bind9
systemd:
name: bind9
enabled: yes
state: started
- name: enable systemd unit stunnel4
systemd:
name: stunnel4
enabled: yes
state: started