init unbound

ansible/dns.yaml

@@ -0,0 +1,6 @@
+---
+# file: dns.yaml
+- hosts: dns
+  roles:
+    - common
+    - unbound

ansible/inventories/production/hosts.ini

@@ -1,2 +1,5 @@
 [gitea]
 git.jthan.io
+
+[dns]
+rpi0.home.jthan.io

ansible/roles/unbound/handlers/main.yaml

@@ -0,0 +1,5 @@
+- name: Restart nginx
+  service:
+    name: unbound
+    state: restarted
+

ansible/roles/unbound/tasks/main.yaml

@@ -0,0 +1,28 @@
+- name: Install unbound
+  package:
+    name: "unbound"
+    state: present
+
+- name: Enable unbound service
+  service:
+    name: unbound
+    enabled: yes
+    state: started
+
+- name: Permit traffic in default zone on port 53/udp
+  ansible.posix.firewalld:
+    port: 53/udp
+    source: 192.0.1.0/24
+    permanent: true
+    state: enabled
+    immediate: true
+    offline: true
+
+- name: Permit traffic in default zone on port 53/tcp
+  ansible.posix.firewalld:
+    port: 53/tcp
+    source: 192.0.1.0/24
+    permanent: true
+    state: enabled
+    immediate: true
+    offline: true

ansible/site.yaml

@@ -2,3 +2,4 @@
 # file: site.yaml
 - import_playbook: webservers.yaml
 - import_playbook: gitea.yaml
+- import_playbook: dns.yaml