Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Initial support for stub zones #16

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Initial support for stub zones #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e811da2
fix: ensure log file exists in an idempotent way.
Jan 31, 2020
6362ca7
fix: ensure AppArmor is aware of Unbound's log file.
Jan 31, 2020
f10b2c8
feat: initial support for stub-zone in Unbound.
Jan 31, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,9 @@ unbound_forward_zone:
# quadrant resolver
- "12.159.2.159@853#dns-tls.qis.io"

unbound_stub_zone_active: false
unbound_stub_zone: {}

# Package states: installed or latest
unbound_pkg_state: present

Expand All @@ -70,4 +73,3 @@ unbound_service_state: started

# Service enabled on startup: yes or no
unbound_service_enabled: yes

2 changes: 2 additions & 0 deletions handlers/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,5 @@
- name: reload unbound
service: name=unbound state=reloaded

- name: reload apparmor
command: apparmor_parser -r /etc/apparmor.d/usr.sbin.unbound
20 changes: 18 additions & 2 deletions tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,16 +15,33 @@
tags: ["configuration","unbound"]

- name: Ensure log file exist
file: path={{unbound_logfile}} state=touch mode=755 owner=unbound
file:
path: "{{ unbound_logfile }}"
state: touch
mode: 0644
owner: unbound
modification_time: preserve
access_time: preserve
notify: restart unbound
tags: ["configuration","unbound"]

- name: Configure AppArmor for the log file
template:
src=usr.sbin.unbound.j2
dest="/etc/apparmor.d/local/usr.sbin.unbound"
notify:
- restart unbound
- reload apparmor
when: unbound_only_zones == false
tags: ["configuration","unbound"]

- name: configure add independant config file
template:
src={{item}}.j2
dest="/etc/unbound/conf.d/{{item}}"
with_items:
- 01general.conf
- 98stub_zone.conf
- 99forward_zone.conf
notify: restart unbound
when: unbound_only_zones == false
Expand Down Expand Up @@ -59,4 +76,3 @@
enabled={{ unbound_service_enabled }}
pattern="unbound"
tags: ["service","unbound"]

11 changes: 11 additions & 0 deletions templates/98stub_zone.conf.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# {{ ansible_managed }}

{% if unbound_stub_zone_active %}
{% for stub_zone in unbound_stub_zone %}
stub-zone:
name: "{{ stub_zone.name }}"
{% for stub_addr in stub_zone.addr -%}
stub-addr: {{ stub_addr }}
{% endfor %}
{% endfor %}
{% endif %}
2 changes: 2 additions & 0 deletions templates/usr.sbin.unbound.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# vim:syntax=apparmor
{{ unbound_logfile }} rw,