adding luna

host_vars/luna.l3d.ch/vars.yml

@@ -0,0 +1,19 @@
+---
+# allow public DNS (in internal network)
+unbound_listen_addresses:
+  - '0.0.0.0@53'
+  - '::0@53'
+unbound_access_control:
+  - 'access-control: 192.168.255.0/24 allow'
+  - 'access-control: fe80::/64 allow'
+  - 'access-control: fd00::/8 allow'
+  - 'access-control: 127.0.0.1 allow'
+  - 'access-control: ::1 allow'
+
+# open firewall for WEB, SSH and DNS
+firewall_allowed_tcp_ports:
+  - "22"
+  - "53"
+  - "80"
+  - "443"
+firewall_allowed_udp_ports: ['53']

hosts.ini

@@ -3,3 +3,12 @@ web01.l3d.space
 
 [mail]
 mail01.l3d.space
+
+[home]
+luna.l3d.ch ansible_host=192.168.255.2
+
+[resolver]
+luna.l3d.ch ansible_host=192.168.255.2
+
+[resolver:children]
+mail

roles/unbound

@@ -1 +1 @@
-Subproject commit 6948f130f37c5c84a09ef5c2e7ce7ab5278c92ad
+Subproject commit fbb65b84e6756b2c98963384e794c50586ef8c43

site.yml

@@ -33,10 +33,14 @@
     - {role: do1jlr.gitea, tags: [web, gitea, git]}
     - {role: goaccess, tags: [web, goaccess]}
 
+- name: deploy dns resolver
+  hosts: resolver
+  roles:
+    - {role: unbound, tags: [mail, unbound]}
+
 - name: deploy mail config
   hosts: mail
   roles:
-    - {role: unbound, tags: [mail, unbound]}
     - {role: geerlingguy.mysql, tags: [mail, mysql, mariadb], become: true}
     - {role: do1jlr.webhost, tags: [mail, webhost], become: true}
     - {role: acmetool_fix, tags: [mail, acmetool]}