-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.yml
46 lines (46 loc) · 1.65 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
---
# Fedora specific part; needed to even run Ansible
- name: Install python and deps for ansible modules
raw: dnf install -y python2 python2-dnf libselinux-python glibc-langpack-en
# - name: Update everything
# raw: dnf update -y
- name: Gather facts
setup:
# Setup OS
- name: Install list of packages
dnf: name={{item}} state=installed
with_items:
- fish # For friendly interactive usage :)
- nc # Debugging
- tmux # Essential tool for terminal
- bind # DNS server
- bind-utils # DNS utilities like dig
- rng-tools # To generate more entropy; needed for key generation
- git # For development purposes
- tcpdump # For debugging purposes
- psmisc # For debugging purposes
- python3-gnupg
- python3-unbound
- strace
- vim # For development purposes
- name: Prepare RNG sources
shell: rngd -r /dev/urandom
- name: Set global debug option for bind
shell: echo 'OPTIONS="-d 5"' >> /etc/sysconfig/named
- name: Set ip forwarding on in /proc and do not reload the sysctl file
sysctl:
name: net.ipv4.ip_forward
value: 1
sysctl_set: yes
- name: Turn off SELinux
shell: setenforce 0
- name: Change file permissions
shell: chmod -R go+rwx /vagrant
- name: Set variables
set_fact:
ta_file: '/vagrant/local-repo/trust-anchor'
ub_keys: '/var/lib/unbound/root.key'
- name: Append additional trust anchor
shell: grep "$(cat {{ ta_file }})" {{ ub_keys }} || cat {{ ta_file }} >> {{ ub_keys }}
- name: Copy repo configuration
shell: cp /vagrant/local-repo/local-repo.repo /etc/yum.repos.d/