adding luna

DO1JLR · Jul 16, 2021 · 9f5e227 · 9f5e227
1 parent 1a2ab54
commit 9f5e227
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 2 deletions.
diff --git a/host_vars/luna.l3d.ch/vars.yml b/host_vars/luna.l3d.ch/vars.yml
@@ -0,0 +1,19 @@
+---
+# allow public DNS (in internal network)
+unbound_listen_addresses:
+  - '0.0.0.0@53'
+  - '::0@53'
+unbound_access_control:
+  - 'access-control: 192.168.255.0/24 allow'
+  - 'access-control: fe80::/64 allow'
+  - 'access-control: fd00::/8 allow'
+  - 'access-control: 127.0.0.1 allow'
+  - 'access-control: ::1 allow'
+
+# open firewall for WEB, SSH and DNS
+firewall_allowed_tcp_ports:
+  - "22"
+  - "53"
+  - "80"
+  - "443"
+firewall_allowed_udp_ports: ['53']
diff --git a/hosts.ini b/hosts.ini
@@ -3,3 +3,12 @@ web01.l3d.space
 
 [mail]
 mail01.l3d.space
+
+[home]
+luna.l3d.ch ansible_host=192.168.255.2
+
+[resolver]
+luna.l3d.ch ansible_host=192.168.255.2
+
+[resolver:children]
+mail
diff --git a/roles/unbound b/roles/unbound
diff --git a/site.yml b/site.yml
@@ -33,10 +33,14 @@
     - {role: do1jlr.gitea, tags: [web, gitea, git]}
     - {role: goaccess, tags: [web, goaccess]}
 
+- name: deploy dns resolver
+  hosts: resolver
+  roles:
+    - {role: unbound, tags: [mail, unbound]}
+
 - name: deploy mail config
   hosts: mail
   roles:
-    - {role: unbound, tags: [mail, unbound]}
     - {role: geerlingguy.mysql, tags: [mail, mysql, mariadb], become: true}
     - {role: do1jlr.webhost, tags: [mail, webhost], become: true}
     - {role: acmetool_fix, tags: [mail, acmetool]}
+4 −3		README.md
+4 −0		defaults/main.yml
+3 −2		files/unbound.conf
+1 −1		vars/main.yml