From fbb65b84e6756b2c98963384e794c50586ef8c43 Mon Sep 17 00:00:00 2001 From: L3D Date: Fri, 16 Jul 2021 19:53:55 +0200 Subject: [PATCH] Allow configureation of access-control --- README.md | 7 ++++--- defaults/main.yml | 4 ++++ files/unbound.conf | 5 +++-- vars/main.yml | 2 +- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index b1777f0..18f7500 100644 --- a/README.md +++ b/README.md @@ -10,9 +10,10 @@ Variables | variable | default | explaination | | -------- | ------- | ------------ | -| ``unbound_listen_addresses:`` | ``['127.0.0.1@53','::1@53']`` | define interfaces and ports where unbound should listen | -| ``unbound__state:`` | ``present`` | Package state. *(use ``latest`` for explicit update)* -| ``submodules_versioncheck:`` | ``false`` | run basic versions check. ``true`` is recomended. | +| ``unbound_listen_addresses`` | ``['127.0.0.1@53','::1@53']`` | define interfaces and ports where unbound should listen | +| ``unbound_access_control`` | ``['access-control: 127.0.0.1 allow', 'access-control: ::1 allow']`` | define access control | +| ``unbound__state`` | ``present`` | Package state. *(use ``latest`` for explicit update)* +| ``submodules_versioncheck`` | ``false`` | run basic versions check. ``true`` is recomended. | Files ------- diff --git a/defaults/main.yml b/defaults/main.yml index ce7b7c9..1a9945e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -6,4 +6,8 @@ unbound_listen_addresses: - '127.0.0.1@53' - '::1@53' +unbound_access_control: + - 'access-control: 127.0.0.1 allow' + - 'access-control: ::1 allow' + unbound__state: 'present' diff --git a/files/unbound.conf b/files/unbound.conf index add780a..3eec9e2 100644 --- a/files/unbound.conf +++ b/files/unbound.conf @@ -7,8 +7,9 @@ server: {% for address in unbound_listen_addresses %} interface: {{ address }} {% endfor %} - access-control: 127.0.0.1 allow - access-control: ::1 allow +{% for accesscontrol in unbound_access_control %} + {{ accesscontrol }} +{% endfor %} chroot: "" diff --git a/vars/main.yml b/vars/main.yml index f8a5c8c..c4e666a 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,3 +1,3 @@ --- -playbook_version_number: 66 # should be integer +playbook_version_number: 67 # should be integer playbook_version_path: 'role-unbound_roles-ansible_github.com.version'