nox/deploy.yaml

---
- name: Ensure base config is deployment on all hosts
  hosts: all
  roles:
    - base_config

- name: Ensure nftables configuration
  hosts: resolv-dns
  tasks:
    - name: deploy nftables config
      ansible.builtin.copy:
        src: "resources/{{ inventory_hostname }}/files/nftables.conf"
        dest: /etc/nftables.conf
        owner: root
        group: root
        mode: "0644"
      notify: Restart nftables service
      become: true
      
  handlers:
    - name: Restart nftables service
      ansible.builtin.service:
        name: nftables
        state: restarted
      become: true

- name: Deploy DHCP server
  hosts: dhcp
  tasks:
    - name: deploy kea dhcp server config
      ansible.builtin.copy:
        src: resources/dhcp/files/kea-dhcp4.conf
        dest: /etc/kea/kea-dhcp4.conf
        owner: root
        group: root
        mode: "0644"
      become: true
      notify: Restart Kea DHCP 4 server
      
  handlers:
    - name: Restart Kea DHCP 4 server
      ansible.builtin.service:
        name: kea-dhcp4-server
        state: restarted
      become: true

- name: Deploy Unbound DNS
  hosts: resolv-dns
  tasks:
    - name: deploy unbound server config
      ansible.builtin.copy:
        src: "resources/resolv-dns/files/unbound.conf.d/{{ item }}"
        dest: "/etc/unbound/unbound.conf.d/{{ item }}"
        owner: root
        group: root
        mode: "0644"
      become: true
      notify: Restart Unbound
      loop:
        - local-data.conf
        - noc.conf

    # Unbound exporter installed with go as the unbound_exporter user using:
    # go install github.com/letsencrypt/unbound_exporter@latest
    # to /home/unbound_exporter/go/unbound_exporter
    - name: deploy unbound exporter service
      ansible.builtin.copy:
        src: "resources/resolv-dns/files/unbound-exporter.service"
        dest: "/etc/systemd/system/unbound-exporter.service"
        owner: root
        group: root
        mode: "0644"
      become: true
      notify: Restart Unbound exporter service
      
  handlers:
    - name: Restart Unbound
      ansible.builtin.service:
        name: unbound
        state: restarted
      become: true

    - name: Restart Unbound exporter service
      ansible.builtin.systemd_service:
        name: unbound-exporter
        state: restarted
        daemon_reload: true
      become: true