mirror of
https://github.com/roles-ansible/ansible_role_unbound.git
synced 2024-08-16 13:39:49 +02:00
44 lines
1.2 KiB
YAML
44 lines
1.2 KiB
YAML
---
|
|
- name: Copy snipet to protect for DNS rebinding
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: 'templates/snippets/private-addresses.conf'
|
|
dest: '/etc/unbound/unbound.conf.d/'
|
|
owner: root
|
|
group: root
|
|
mode: 'u=rw,g=r,o=r'
|
|
notify: 'Systemctl restart unbound'
|
|
when: unbount__dns_rebind_protection | bool
|
|
|
|
- name: Copy snipet for qname privacy
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: 'templates/snippets/qname-minimisation.conf'
|
|
dest: '/etc/unbound/unbound.conf.d/'
|
|
owner: root
|
|
group: root
|
|
mode: 'u=rw,g=r,o=r'
|
|
notify: 'Systemctl restart unbound'
|
|
when: unbount__dns_qname_minimisation | bool
|
|
|
|
- name: Copy anchor snippet
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: 'templates/snippets/root-auto-trust-anchor-file.conf'
|
|
dest: '/etc/unbound/unbound.conf.d/'
|
|
owner: root
|
|
group: root
|
|
mode: 'u=rw,g=r,o=r'
|
|
notify: 'Systemctl restart unbound'
|
|
when: unbound__auto_trust_anchor | bool
|
|
|
|
- name: Transfer main unbound configuration
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: 'templates/unbound.conf'
|
|
dest: '/etc/unbound/unbound.conf'
|
|
owner: root
|
|
group: root
|
|
mode: 'u=rw,g=r,o=r'
|
|
validate: unbound-checkconf %s
|
|
notify: 'Systemctl restart unbound'
|