diff options
| author | Emil Renner Berthing <esmil@labitat.dk> | 2019-03-31 19:45:52 +0200 |
|---|---|---|
| committer | Emil Renner Berthing <esmil@labitat.dk> | 2019-04-01 13:07:23 +0200 |
| commit | 88756850d1a5cb28b897bdcc9337fcb6977aad0b (patch) | |
| tree | ebe21e61ac6e234fa19e2b555c21d1b647556d84 /roles/space_server/tasks | |
| parent | 48ffd1b69723dc6ddd023d803fc0edd8034ce386 (diff) | |
| download | labitat-ansible-88756850d1a5cb28b897bdcc9337fcb6977aad0b.tar.gz labitat-ansible-88756850d1a5cb28b897bdcc9337fcb6977aad0b.tar.xz labitat-ansible-88756850d1a5cb28b897bdcc9337fcb6977aad0b.zip | |
space_server: named: use named instead of unbound
This reverts commit 3b795796bd03488a385f3ad42b10b8c0d61282c1,
"space_server: unbound: use unbound instad of bind".
Unlike unbound, bind supports synthesizing DNS64 answers
only for certain clients, so only requests from the Labitat NAT64
network will get DNS64 answers.
Diffstat (limited to 'roles/space_server/tasks')
| -rw-r--r-- | roles/space_server/tasks/main.yml | 4 | ||||
| -rw-r--r-- | roles/space_server/tasks/named.yml | 55 | ||||
| -rw-r--r-- | roles/space_server/tasks/unbound.yml | 41 |
3 files changed, 57 insertions, 43 deletions
diff --git a/roles/space_server/tasks/main.yml b/roles/space_server/tasks/main.yml index bfa3bc6..374a8b6 100644 --- a/roles/space_server/tasks/main.yml +++ b/roles/space_server/tasks/main.yml @@ -28,8 +28,8 @@ - import_tasks: radius.yml tags: radius when: radius_passwords is defined -- import_tasks: unbound.yml - tags: unbound +- import_tasks: named.yml + tags: named - import_tasks: tayga.yml tags: tayga - import_tasks: avahi.yml diff --git a/roles/space_server/tasks/named.yml b/roles/space_server/tasks/named.yml new file mode 100644 index 0000000..143e8f0 --- /dev/null +++ b/roles/space_server/tasks/named.yml @@ -0,0 +1,55 @@ +--- +- name: Configure named + copy: + dest: '/etc/named.conf' + src: named.conf + owner: root + group: named + mode: 0640 + notify: + - restart named +- name: Create s zone + template: + dest: '/etc/named/s.zone' + src: s.zone.j2 + owner: root + group: named + mode: 0644 + notify: + - restart named + +- name: Create service drop-in directory + file: + dest: '/etc/systemd/system/named.service.d' + state: directory + owner: root + group: root + mode: 0755 +- name: Start named after networks are configured + copy: + dest: '/etc/systemd/system/named.service.d/wait-online.conf' + src: wait-online.conf + owner: root + group: root + mode: 0644 + +- name: Enable named service + systemd: + name: named.service + enabled: yes + masked: no + state: started + when: not chroot +- name: '- when in nspawn' + command: systemctl enable named.service + when: chroot + +- name: Use our own resolver + copy: + dest: /etc/resolv.conf + content: "nameserver 127.0.0.1\nnameserver ::1\noptions edns0\n" + owner: root + group: root + mode: 0644 + +# vim: set ts=2 sw=2 et ft=yaml: diff --git a/roles/space_server/tasks/unbound.yml b/roles/space_server/tasks/unbound.yml deleted file mode 100644 index 0de4c78..0000000 --- a/roles/space_server/tasks/unbound.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- name: Create /etc/resolv.conf - copy: - dest: '/etc/resolv.conf' - src: resolv.conf - owner: root - group: root - mode: 0644 - -- name: Configure unbound - template: - dest: '/etc/unbound/unbound.conf' - src: unbound.conf.j2 - owner: root - group: root - mode: 0644 - notify: - - restart unbound - -- name: Enable unbound service - systemd: - name: unbound.service - enabled: yes - masked: no - state: started - when: not chroot -- name: '- when in chroot' - command: systemctl enable unbound.service - args: - creates: '/etc/systemd/system/multi-user.target.wants/unbound.service' - when: chroot - -- name: Use our own resolver - copy: - dest: '/etc/resolv.conf' - content: "nameserver 127.0.0.1\nnameserver ::1\n" - owner: root - group: root - mode: 0644 - -# vim: set ts=2 sw=2 et: |