unbound: Add support for authoritative zones

1e74732f · Thomas Schneider · cb0e59f7 · 1e74732f · 1e74732f · 1e74732f
Commit 1e74732f authored 4 years ago by Thomas Schneider
--- a/unbound/defaults/main.yml
+++ b/unbound/defaults/main.yml
+---
+
+unbound_auth_zones: []
--- a/unbound/tasks/main.yml
+++ b/unbound/tasks/main.yml
@@ -8,6 +8,23 @@
    - packages
    - unbound

+- name: Create directory for zones
+  file:
+    path: /etc/unbound/zones
+    state: directory
+  tags:
+    - unbound
+
+- name: Install authoritative zone files
+  copy:
+    src: "{{ item.file }}"
+    dest: "/etc/unbound/zones/{{ item.zone }}zone"
+  loop: "{{ unbound_auth_zones }}"
+  notify:
+    - restart unbound
+  tags:
+    - unbound
+
 - name: Install unbound config
  template:
    src: unbound.conf.j2

--- a/unbound/templates/unbound.conf.j2
+++ b/unbound/templates/unbound.conf.j2
@@ -2,14 +2,29 @@ server:
 	interface: 0.0.0.0
 	interface: ::
 	prefetch: yes
-	{% for i in unbound_allowed_hosts %}
+	{% for i in unbound_allowed_hosts -%}
 	access-control: {{ i }} allow
+	{% endfor -%}
+	{% for i in unbound_auth_zones if i.local_zone_transparent|default(False) -%}
+	local-zone: {{ i.zone }} transparent
 	{% endfor %}

+remote-control:
+	control-enable: yes
+
 {% if unbound_upstream_hosts is defined and unbound_upstream_hosts %}
 forward-zone:
 	name: "."
-	{% for i in unbound_upstream_hosts %}
+	{% for i in unbound_upstream_hosts -%}
 	forward-addr: {{i}}
 	{% endfor %}
 {% endif %}
+
+{% for i in unbound_auth_zones -%}
+auth-zone:
+	name: {{ i.zone }}
+	zonefile: zones/{{ i.zone }}zone
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}