feat: Create role

2022-10-03 17:20:34 +02:00
parent f8ba73f84d
commit 9134f68038
12 changed files with 276 additions and 6 deletions
--- a/tasks/configuration.yml
+++ b/tasks/configuration.yml
@@ -0,0 +1,61 @@
+---
+# tasks file for dnsmasq
+
+- name: Create path to override systemd-resolved
+  ansible.builtin.file:
+    path: "{{ dnsmasq_resolved_directory }}"
+    state: directory
+    owner: root
+    group: root
+    mode: u=rwX,g=rX,o=rX
+  become: true
+  notify: Restart systemd-resolved.service
+
+- name: Disable stub resolver of systemd-resolved
+  ansible.builtin.template:
+    src: stub-listener.conf.j2
+    dest: "{{ dnsmasq_resolved_directory }}/stub-listener.conf"
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  become: true
+  notify: Restart systemd-resolved.service
+
+- name: Flush handlers
+  meta: flush_handlers
+
+- name: Create records directory
+  ansible.builtin.file:
+    path: "{{ dnsmasq_records_directory }}"
+    state: directory
+    owner: dnsmasq
+    group: root
+    mode: u=rwX,g=rX,o=rX
+  become: true
+
+- name: Remove old configuration
+  ansible.builtin.file:
+    path: "{{ dnsmasq_conf_directory }}/cache.conf"
+    state: absent
+  become: true
+
+- name: Deploy configuration
+  ansible.builtin.template:
+    src: dnsmasq.conf.j2
+    dest: "{{ dnsmasq_conf_directory }}/dns.conf"
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  become: true
+  notify: Restart dnsmasq.service
+
+- name: Deploy specific records
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/records_specific.conf.j2"
+    dest: "{{ dnsmasq_records_directory }}/specific.conf"
+    owner: dnsmasq
+    group: root
+    mode: u=rw,g=r,o=r
+  when: dnsmasq_specifics | length > 0
+  become: true
+  notify: Restart dnsmasq.service
--- a/tasks/installation.yml
+++ b/tasks/installation.yml
@@ -0,0 +1,32 @@
+---
+# tasks file for dnsmasq
+
+- name: Install dnsmasq
+  ansible.builtin.package:
+    name: dnsmasq
+  when: ansible_facts['pkg_mgr'] == "apt"
+  become: true
+
+- name: Install dnsmasq
+  ansible.builtin.command:
+    argv:
+      - /usr/bin/rpm-ostree
+      - install
+      - --allow-inactive
+      - --assumeyes
+      - --idempotent
+      - dnsmasq
+    creates: /usr/sbin/dnsmasq
+  when: ansible_facts['pkg_mgr'] == "atomic_container"
+  become: true
+  notify: Apply installation
+
+- name: Flush handlers
+  meta: flush_handlers
+
+- name: Enable dnsmasq.service
+  ansible.builtin.systemd_service:
+    name: dnsmasq.service
+    masked: false
+    enabled: true
+  become: true
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+# tasks file for dnsmasq
+
+- name: Include installation tasks
+  ansible.builtin.include_tasks:
+    file: installation.yml
+
+- name: Import configuration tasks
+  ansible.builtin.import_tasks:
+    file: configuration.yml
+
+- name: Import records deployment tasks
+  ansible.builtin.import_tasks:
+    file: records.yml
--- a/tasks/records.yml
+++ b/tasks/records.yml
@@ -0,0 +1,18 @@
+---
+# tasks file for security
+
+- name: Deploy records from ansible group
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/records_auto.conf.j2"
+    dest: "{{ dnsmasq_records_directory }}/auto-{{ dnsmasq_ansible_group }}.conf"
+    owner: dnsmasq
+    group: root
+    mode: u=rw,g=r,o=r
+  when: dnsmasq_hosts | length > 0
+  become: true
+  delegate_to: "{{ dnsserver }}"
+  loop: "{{ dnsmasq_hosts }}"
+  loop_control:
+    loop_var: dnsserver
+  run_once: true
+  notify: Restart dnsmasq.service on dns servers