CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 7 Pull requests 9 Wiki Activity Actions

unbound(role): use existing deploy_systemd_resolved_config role and some reordering

Browse source
This commit is contained in:
bitwhisker 2026-05-26 10:06:52 +02:00
commit 0a74ac02c2
Signed by: bitwhisker
SSH key fingerprint: SHA256:KybIk/tusSKao6eLGY+ILlFa1rCrzwx66/acBAcKUqE
5 changed files with 22 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

3
inventories/z9/hosts.yaml
View file

@ -17,6 +17,9 @@ all:
z9-router: z9-router:
ansible_host: z9-router.ccchh.net ansible_host: z9-router.ccchh.net
ansible_user: chaos ansible_user: chaos
base_config_hosts:
hosts:
z9-router:
certbot_hosts: certbot_hosts:
hosts: hosts:
dooris: dooris:

7
roles/unbound/handlers/main.yml
View file

@ -18,10 +18,3 @@
name: prometheus-unbound-exporter.service name: prometheus-unbound-exporter.service
state: restarted state: restarted
enabled: true enabled: true
- name: prometheus-unbound-exporter.enabled
become: true
ansible.builtin.systemd:
name: prometheus-unbound-exporter.service
enabled: true
daemon_reload: true

24
roles/unbound/tasks/main.yml
View file

@ -7,11 +7,6 @@
ansible.builtin.package: ansible.builtin.package:
name: unbound name: unbound
- name: install extra dns tooling
become: true
ansible.builtin.package:
name: [ bind ] # the bind package includes tools like dig in archlinux
- name: ensure correct directory permissions - name: ensure correct directory permissions
become: true become: true
ansible.builtin.file: ansible.builtin.file:
@ -40,23 +35,10 @@
enabled: true enabled: true
- name: disable systemd-resolved - name: disable systemd-resolved
become: true
when: unbound_disable_systemd_networkd when: unbound_disable_systemd_networkd
ansible.builtin.systemd: ansible.builtin.include_role:
name: systemd-resolved.service name: deploy_systemd_resolved_config
state: stopped vars_from: deploy_systemd_resolved_config
enabled: false
- name: configure system resolver to point to local unbound
become: true
when: unbound_disable_systemd_networkd
ansible.builtin.copy:
src: no-resolved.resolv.conf
dest: /etc/resolv.conf
owner: unbound
group: unbound
mode: u=rw,g=r,o=r
- name: install and configure prometheus-exporter for unbound - name: install and configure prometheus-exporter for unbound
ansible.builtin.import_tasks: prometheus-exporter.yml ansible.builtin.import_tasks: prometheus-exporter.yml

8
roles/unbound/tasks/prometheus-exporter.yml
View file

@ -3,7 +3,13 @@
become: true become: true
ansible.builtin.package: ansible.builtin.package:
name: prometheus-unbound-exporter name: prometheus-unbound-exporter
notify: prometheus-unbound-exporter.enabled
- name: enable unbound prometheus exporter
become: true
ansible.builtin.systemd:
name: prometheus-unbound-exporter.service
enabled: true
daemon_reload: true
- name: configure unbound exporter - name: configure unbound exporter
become: true become: true

9
roles/unbound/vars/deploy_systemd_resolved_config.yaml Normal file
View file

@ -0,0 +1,9 @@
---
deploy_systemd_resolved_config__enable: false
deploy_systemd_resolved_config__dns:
- 127.0.0.1
deploy_systemd_resolved_config__fallback_dns: # Fux DNS Server
- 185.161.128.66
- 2a07:c481:0:4::2
- 185.161.128.67
- 2a07:c481:0:4::3