107 lines
No EOL
2.6 KiB
YAML
107 lines
No EOL
2.6 KiB
YAML
---
|
|
- name: Ensure base config is deployment on all hosts
|
|
hosts: all
|
|
roles:
|
|
- base_config
|
|
|
|
- name: Ensure nftables configuration
|
|
hosts: resolv-dns
|
|
tasks:
|
|
- name: deploy nftables config
|
|
ansible.builtin.copy:
|
|
src: "resources/{{ inventory_hostname }}/files/nftables.conf"
|
|
dest: /etc/nftables.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify: Restart nftables service
|
|
become: true
|
|
|
|
handlers:
|
|
- name: Restart nftables service
|
|
ansible.builtin.service:
|
|
name: nftables
|
|
state: restarted
|
|
become: true
|
|
|
|
- name: Deploy DHCP server
|
|
hosts: dhcp
|
|
tasks:
|
|
- name: deploy kea dhcp server config
|
|
ansible.builtin.copy:
|
|
src: resources/dhcp/files/kea-dhcp4.conf
|
|
dest: /etc/kea/kea-dhcp4.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
become: true
|
|
notify: Restart Kea DHCP 4 server
|
|
|
|
handlers:
|
|
- name: Restart Kea DHCP 4 server
|
|
ansible.builtin.service:
|
|
name: kea-dhcp4-server
|
|
state: restarted
|
|
become: true
|
|
|
|
- name: Deploy Unbound DNS
|
|
hosts: resolv-dns
|
|
tasks:
|
|
- name: deploy unbound server config
|
|
ansible.builtin.copy:
|
|
src: "resources/resolv-dns/files/unbound.conf.d/{{ item }}"
|
|
dest: "/etc/unbound/unbound.conf.d/{{ item }}"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
become: true
|
|
notify: Restart Unbound
|
|
loop:
|
|
- local-data.conf
|
|
- noc.conf
|
|
|
|
# Unbound exporter installed with go as the unbound_exporter user using:
|
|
# go install github.com/letsencrypt/unbound_exporter@latest
|
|
# to /home/unbound_exporter/go/unbound_exporter
|
|
- name: deploy unbound exporter service
|
|
ansible.builtin.copy:
|
|
src: "resources/resolv-dns/files/unbound-exporter.service"
|
|
dest: "/etc/systemd/system/unbound-exporter.service"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
become: true
|
|
notify: Restart Unbound exporter service
|
|
|
|
handlers:
|
|
- name: Restart Unbound
|
|
ansible.builtin.service:
|
|
name: unbound
|
|
state: restarted
|
|
become: true
|
|
|
|
- name: Restart Unbound exporter service
|
|
ansible.builtin.systemd_service:
|
|
name: unbound-exporter
|
|
state: restarted
|
|
daemon_reload: true
|
|
become: true
|
|
|
|
|
|
- name: Install Alloy
|
|
hosts: resolv-dns
|
|
become: true
|
|
|
|
tasks:
|
|
- name: Install Alloy
|
|
ansible.builtin.include_role:
|
|
name: grafana.grafana.alloy
|
|
|
|
- name: Install Alloy
|
|
hosts: dhcp
|
|
become: true
|
|
|
|
tasks:
|
|
- name: Install Alloy
|
|
ansible.builtin.include_role:
|
|
name: grafana.grafana.alloy |