2021-09-30 00:22:27 +02:00
|
|
|
---
|
2022-11-17 23:46:33 +01:00
|
|
|
- name: Copy snipet to protect for DNS rebinding
|
2021-09-30 00:22:27 +02:00
|
|
|
become: true
|
2022-11-17 23:46:33 +01:00
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: 'templates/snippets/private-addresses.conf'
|
|
|
|
|
dest: '/etc/unbound/unbound.conf.d/'
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 'u=rw,g=r,o=r'
|
|
|
|
|
notify: 'Systemctl restart unbound'
|
|
|
|
|
when: unbount__dns_rebind_protection | bool
|
|
|
|
|
|
|
|
|
|
- name: Copy snipet for qname privacy
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: 'templates/snippets/qname-minimisation.conf'
|
2021-09-30 00:22:27 +02:00
|
|
|
dest: '/etc/unbound/unbound.conf.d/'
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
2022-11-17 23:46:33 +01:00
|
|
|
mode: 'u=rw,g=r,o=r'
|
|
|
|
|
notify: 'Systemctl restart unbound'
|
|
|
|
|
when: unbount__dns_qname_minimisation | bool
|
|
|
|
|
|
|
|
|
|
- name: Copy anchor snippet
|
|
|
|
|
become: true
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: 'templates/snippets/root-auto-trust-anchor-file.conf'
|
|
|
|
|
dest: '/etc/unbound/unbound.conf.d/'
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 'u=rw,g=r,o=r'
|
|
|
|
|
notify: 'Systemctl restart unbound'
|
|
|
|
|
when: unbound__auto_trust_anchor | bool
|
2021-09-30 00:22:27 +02:00
|
|
|
|
2022-11-17 23:46:33 +01:00
|
|
|
- name: Transfer main unbound configuration
|
2021-09-30 00:22:27 +02:00
|
|
|
become: true
|
|
|
|
|
ansible.builtin.template:
|
2022-11-17 23:46:33 +01:00
|
|
|
src: 'templates/unbound.conf'
|
2021-09-30 00:22:27 +02:00
|
|
|
dest: '/etc/unbound/unbound.conf'
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 'u=rw,g=r,o=r'
|
|
|
|
|
validate: unbound-checkconf %s
|
2022-11-17 23:46:33 +01:00
|
|
|
notify: 'Systemctl restart unbound'
|
