From 1e74732f112bab419a191537ac96922d3d977ff2 Mon Sep 17 00:00:00 2001
From: Thomas Schneider <tschneider@asta.rwth-aachen.de>
Date: Mon, 3 Aug 2020 18:57:21 +0200
Subject: [PATCH] unbound: Add support for authoritative zones

---
 unbound/defaults/main.yml         |  3 +++
 unbound/tasks/main.yml            | 17 +++++++++++++++++
 unbound/templates/unbound.conf.j2 | 21 ++++++++++++++++++---
 3 files changed, 38 insertions(+), 3 deletions(-)
 create mode 100644 unbound/defaults/main.yml

diff --git a/unbound/defaults/main.yml b/unbound/defaults/main.yml
new file mode 100644
index 0000000..6af1741
--- /dev/null
+++ b/unbound/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+
+unbound_auth_zones: []
diff --git a/unbound/tasks/main.yml b/unbound/tasks/main.yml
index ccdecfb..70cfeaf 100644
--- a/unbound/tasks/main.yml
+++ b/unbound/tasks/main.yml
@@ -8,6 +8,23 @@
     - packages
     - unbound
 
+- name: Create directory for zones
+  file:
+    path: /etc/unbound/zones
+    state: directory
+  tags:
+    - unbound
+
+- name: Install authoritative zone files
+  copy:
+    src: "{{ item.file }}"
+    dest: "/etc/unbound/zones/{{ item.zone }}zone"
+  loop: "{{ unbound_auth_zones }}"
+  notify:
+    - restart unbound
+  tags:
+    - unbound
+
 - name: Install unbound config
   template:
     src: unbound.conf.j2
diff --git a/unbound/templates/unbound.conf.j2 b/unbound/templates/unbound.conf.j2
index ff7cb81..404cc55 100644
--- a/unbound/templates/unbound.conf.j2
+++ b/unbound/templates/unbound.conf.j2
@@ -2,14 +2,29 @@ server:
 	interface: 0.0.0.0
 	interface: ::
 	prefetch: yes
-	{% for i in unbound_allowed_hosts %}
-	access-control: {{i}} allow
+	{% for i in unbound_allowed_hosts -%}
+	access-control: {{ i }} allow
+	{% endfor -%}
+	{% for i in unbound_auth_zones if i.local_zone_transparent|default(False) -%}
+	local-zone: {{ i.zone }} transparent
 	{% endfor %}
 
+remote-control:
+	control-enable: yes
+
 {% if unbound_upstream_hosts is defined and unbound_upstream_hosts %}
 forward-zone:
 	name: "."
-	{% for i in unbound_upstream_hosts %}
+	{% for i in unbound_upstream_hosts -%}
 	forward-addr: {{i}}
 	{% endfor %}
 {% endif %}
+
+{% for i in unbound_auth_zones -%}
+auth-zone:
+	name: {{ i.zone }}
+	zonefile: zones/{{ i.zone }}zone
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}
-- 
GitLab