Replaced external unbound roles with internal role

roles/external/jdauphant.unbound/.travis.yml

@@ -1,12 +0,0 @@
----
-language: python
-python: "2.7"
-before_install:
- - sudo apt-get update -qq
- - sudo apt-get install -qq python-apt python-pycurl
-install:
-  - pip install ansible
-script:
-  - echo localhost > inventory
-  - ansible-playbook -i inventory --syntax-check --list-tasks role.yml
-  - ansible-playbook -i inventory --connection=local --sudo -vvvv role.yml

roles/external/jdauphant.unbound/LICENSE

@@ -1,23 +0,0 @@
-Copyright (c) 2014, DAUPHANT Julien
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-
-* Redistributions in binary form must reproduce the above copyright notice, this
-  list of conditions and the following disclaimer in the documentation and/or
-  other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
-ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

roles/external/jdauphant.unbound/README.md

@@ -1,98 +0,0 @@
-ansible-role-unbound
-====================
-
-Ansible role for Unbound DNS Server and resolver
-
-
-# Supports
-- Add DNS entries
-- Generation of DNS entries from ansible inventory (A entries and reverse)
-- Forward to another dns
-- IPv4 only for reverse
-
-# Information :
-- Test on Ubuntu
-- Untested on debian and fedora
-
-# Example :
-
-## Simple forward on localhost :
-```
-# Activate forward (activate by default)
-unbound_forward_zone_active : true
-# Forward server to google DNS (activate by default)
-unbound_forward_zone:
-   - 8.8.8.8 #Google DNS 1
-   - 8.8.4.4 #Google DNS 2
-```
-
-## Generate entries and reverse from the inventory (need ansible_ssh_host set on all host)
-```
-# Listen interface
-unbound_interfaces: 
-    - 127.0.0.1
-    - 192.168.0.10
-
-# Authorized IPs
-unbound_access_control:
-    - 127.0.0.1 allow
-    - 192.168.0.0/24 allow
-
-# Create entries from inventory (reverse  also created by default)
-unbound_inventory_domain:
-    all: 'internal.domain' # All hosts
-
-# Create reverse entries from inventory
-unbound_inventory_reverse_domain:
-    all: 'internal.domain' # All hosts
-
-# Activate forward (activate by default)
-unbound_forward_zone_active : true
-# Forward server to google DNS (activate by default)
-unbound_forward_zone:
-   - 8.8.8.8 #Google DNS 1
-   - 8.8.4.4 #Google DNS 2
-
-```
-
-## More complete example (need ansible_ssh_host set on all host)
-```
-# Listen interface
-unbound_interfaces: 
-    - 127.0.0.1
-    - 192.168.0.10
-
-# Authorized IPs
-unbound_access_control:
-    - 127.0.0.1 allow
-    - 192.168.0.0/24 allow
-
-# Simple DNS entries
-unbound_domains:
-    - domain_name: "example.com"
-      host1: IN A 127.0.0.1
-      www: IN CNAME host1
-
-# Create entry and reverse
-unbound_domains_with_reverses:
-    - domain_name: "reversed.example.com"
-      host1: 127.0.0.1
-      host2: 127.0.0.2
-      host3: 127.0.0.3
-
-# Create entries from inventory
-unbound_inventory_domain:
-    all: 'localdomain' # All hosts
-    webserver: 'webserver.localdomain' # Hosts in webserver
-
-# Create reverse entries from inventory
-unbound_inventory_reverse_domain:
-    dbserver: 'dbserver.localdomain' # Hosts in dbserver
-    webserver: 'webserver.localdomain' # Hosts in webserver
-
-# Type of local host (default : static )
-unbound_local_zone_type:
-    example.com: "transparent"
-    reversed.example.com: "static"
-
-```

roles/external/jdauphant.unbound/ansible.cfg

@@ -1,2 +0,0 @@
-[defaults]
-roles_path = ../

roles/external/jdauphant.unbound/defaults/main.yml

@@ -1,57 +0,0 @@
----
-unbound_logfile: "/var/log/unbound.log"
-unbound_configuration:
-    - verbosity: 1
-    - do-ip4: "yes"
-    - do-ip6: "no"
-    - num-threads: 1
-    - pidfile: "/var/run/unbound.pid"
-    - logfile: "{{unbound_logfile}}"
-
-unbound_zone_name: "default"
-unbound_only_zones: false
-
-unbound_interfaces: 
-    - 127.0.0.1
-
-unbound_access_control:
-    - 127.0.0.1 allow
-
-unbound_private_address:
-    - 10.0.0.0/8
-    - 172.16.0.0/12
-    - 192.168.0.0/16
-    - 169.254.0.0/16 
-    - "fd00::/8"
-    - "fe80::/10"
-
-unbound_domains: {}
-
-unbound_domains_with_reverses: []
-
-unbound_inventory_domain: {}
-
-unbound_local_zone_type: {}
-unbound_local_zone: []
-
-unbound_default_local_zone: "static"
-
-unbound_inventory_domain_with_reverse: true
-
-unbound_zones: 
-    - name: "default"
-
-unbound_forward_zone_active : true
-unbound_forward_zone:
-   - 8.8.8.8 #Google DNS 1
-   - 8.8.4.4 #Google DNS 2
-
-# Package states: installed or latest
-unbound_pkg_state: installed
-
-# Service states: started or stopped
-unbound_service_state: started
-
-# Service enabled on startup: yes or no
-unbound_service_enabled: yes
-

roles/external/jdauphant.unbound/handlers/main.yml

@@ -1,7 +0,0 @@
----
-- name: restart unbound
-  service: name=unbound state=restarted
-
-- name: reload unbound
-  service: name=unbound state=reloaded
-

roles/external/jdauphant.unbound/meta/.galaxy_install_info

@@ -1 +0,0 @@
-{install_date: 'Sat Dec 19 23:08:18 2015', version: v1.0.1}

roles/external/jdauphant.unbound/meta/main.yml

@@ -1,27 +0,0 @@
----
-galaxy_info:
-  author: "DAUPHANT Julien"
-  license: BSD
-  min_ansible_version: 1.4
-  platforms:
-   - name: EL
-     versions:
-      - 5
-      - 6
-   - name: Fedora
-     versions:
-      - 16
-      - 17
-      - 18
-   - name: Ubuntu
-     versions:
-      - precise
-      - quantal
-      - raring
-      - saucy
-      - trusty
-  categories:
-   - networking
-   - system
-dependencies: []
-

roles/external/jdauphant.unbound/role.yml

@@ -1,4 +0,0 @@
-- hosts: localhost
-  remote_user: root
-  roles:
-    - ansible-role-unbound

roles/external/jdauphant.unbound/tasks/main.yml

@@ -1,62 +0,0 @@
----
-- name: install unbound for Debian OS family
-  apt: pkg=unbound state={{ unbound_pkg_state }}
-  when: ansible_os_family == 'Debian' and unbound_only_zones == false
-  tags: ["packages","unbound"]
-
-- name: install unbound for RedHat OS family
-  yum: name=unbound state={{ unbound_pkg_state }}
-  when: ansible_os_family == 'RedHat' and unbound_only_zones == false
-  tags: ["packages","unbound"]
-
-- name: Ensure zones folder exist
-  file: path=/etc/unbound/conf.d state=directory mode=755
-  notify: restart unbound
-  tags: ["configuration","unbound"]
-
-- name: Ensure log file exist
-  file: path={{unbound_logfile}} state=touch mode=755 owner=unbound
-  notify: restart unbound
-  tags: ["configuration","unbound"]
-
-- name: configure add independant config file
-  template: 
-     src={{item}}.j2
-     dest="/etc/unbound/conf.d/{{item}}"
-  with_items: 
-     - 01general.conf
-     - 99forward_zone.conf
-  notify: restart unbound
-  when: unbound_only_zones == false
-  tags: ["configuration","unbound"]
-
-- name: configure unbound zones
-  template: 
-     src=10zone.conf.j2
-     dest="/etc/unbound/conf.d/10{{item.name}}.conf"
-  with_items: unbound_zones
-  notify: restart unbound
-  tags: ["configuration","unbound"]
-
-- name: retreive unbound conf file list
-  shell: /bin/ls /etc/unbound/conf.d/
-  register: unbound_conf_list
-  always_run: true
-  tags: ["configuration","unbound"]
-
-- name: configure unbound.conf to include all configuration
-  template: 
-     src=unbound.conf.j2
-     dest=/etc/unbound/unbound.conf
-     validate="/usr/sbin/unbound-checkconf %s"
-  notify: restart unbound
-  tags: ["configuration","unbound"]
-
-- name: ensure unbound is started/stopped
-  service: 
-     name=unbound
-     state={{ unbound_service_state }}
-     enabled={{ unbound_service_enabled }}
-     pattern="unbound"
-  tags: ["service","unbound"]
-

roles/external/jdauphant.unbound/templates/01general.conf.j2

@@ -1,19 +0,0 @@
-# {{ ansible_managed }}
-
-{% for config in unbound_configuration %}
-    {{ config.keys().0 }}: {{ config.values().0 }}
-{% endfor %}
-    auto-trust-anchor-file: "/var/lib/unbound/root.key"
-{% for interface in unbound_interfaces %}
-    interface: {{interface}}
-{% endfor %}
-{% for access_control in unbound_access_control %}
-    access-control: {{access_control}}
-{% endfor %}
-
-    hide-identity: yes
-    hide-version: yes
-
-{% for private_address in unbound_private_address %}
-    private-address: {{private_address}}
-{% endfor %}

roles/external/jdauphant.unbound/templates/10zone.conf.j2

@@ -1,42 +0,0 @@
-# {{ ansible_managed }}
-
-{% set local_zone_type = item.local_zone_type | default(unbound_local_zone) %}
-{% set domains_with_reverses = item.domains_with_reverses | default(unbound_domains_with_reverses) %}
-{% set local_zones = item.local_zones | default(unbound_local_zone) %}
-{% set inventory_domain = item.inventory_domain | default(unbound_inventory_domain) %}
-{% set domains = item.domains | default(unbound_domains) %}
-{% set inventory_domain_with_reverse = item.inventory_domain_with_reverse|default(unbound_inventory_domain_with_reverse) %}
-
-
-{% for domain in domains_with_reverses %}
-    local-zone: "{{domain.domain_name}}." {{local_zone_type[domain.domain_name] | default(unbound_default_local_zone)}}
-{% for subdomain, ip in domain.iteritems() %}
-{% if subdomain != "domain_name" %}
-    local-data: "{{ subdomain }}.{{ domain.domain_name }}. IN A {{ ip }}"
-    local-data-ptr: "{{ ip }} {{ subdomain }}.{{ domain.domain_name }}"
-{% endif %}
-{% endfor %}
-{% endfor %}
-
-{% for domain in local_zones %}
-    local-zone: "{{domain}}." {{local_zone_type[domain] | default(unbound_default_local_zone)}}
-{% endfor %}
-
-{% for group, domain in inventory_domain.iteritems() %}
-    # Group {{group}}
-{% for host in groups[group] %}
-    local-data: "{{ hostvars[host]['inventory_hostname_short'] }}.{{ domain }}. IN A {{ hostvars[host][ 'ansible_ssh_host'] }}"
-{% if inventory_domain_with_reverse %}
-	local-data-ptr: "{{ hostvars[host]['ansible_ssh_host'] }} {{ hostvars[host]['inventory_hostname_short'] }}.{{ domain }}."
-{% endif %}
-{% endfor %}
-{% endfor %}
-
-{% for domain in domains %}
-#    local-zone: "{{domain.domain_name}}." {{local_zone_type[domain.domain_name] | default(unbound_default_local_zone)}}
-{% for subdomain, entry in domain.iteritems() %}
-{% if subdomain != "domain_name" %}
-    local-data: "{{ subdomain }}.{{ domain.domain_name }}. {{ entry }}"
-{% endif %}
-{% endfor %}
-{% endfor %}

roles/external/jdauphant.unbound/templates/99forward_zone.conf.j2

@@ -1,9 +0,0 @@
-# {{ ansible_managed }}
-
-{% if unbound_forward_zone_active %}
-    forward-zone:
-        name: "."
-{% for forward_addr in unbound_forward_zone %}
-        forward-addr: {{forward_addr}}
-{% endfor %}      
-{% endif %}

roles/external/jdauphant.unbound/templates/unbound.conf.j2

@@ -1,14 +0,0 @@
-# {{ ansible_managed }}
-# See the unbound.conf(5) man page.
-#
-# See /usr/share/doc/unbound/examples/unbound.conf for a commented
-# reference config file.
-
-server:
-    # The following line will configure unbound to perform cryptographic
-    # DNSSEC validation using the root trust anchor.
-
-{% for include in unbound_conf_list.stdout_lines %}
-    include: "/etc/unbound/conf.d/{{include}}"
-{% endfor %}
-

roles/external/jdauphant.unbound/vars/main.yml

@@ -1,3 +0,0 @@
----
-
-

roles/internal/ff-unbound/defaults/main.yml

@@ -1,2 +0,0 @@
----
-# defaults file for ff-dns

roles/internal/ff-unbound/handlers/main.yml

@@ -1,2 +0,0 @@
----
-# handlers file for ff-dns

roles/internal/ff-unbound/tasks/main.yml

@@ -1,8 +0,0 @@
----
-# tasks file for ff-dns
-
-- name: Ensure unbound config already exists
-  file: dest=/etc/unbound/conf.d state=directory recurse=yes
-
-- name: Install unbound domain config
-  template: src=unbound.domain.j2 dest=/etc/unbound/conf.d/supernode.conf

roles/internal/ff-unbound/templates/unbound.domain.j2

@@ -1,6 +0,0 @@
-server:
-  local-zone: "services.{{supernode_top_domain}}." static
-  {% for backbone in supernodes %}
-  local-data: "{{loop.index}}.ntp.services.{{supernode_top_domain}}. A {{backbone.mesh_ip_v4|ipaddr('address')}}"
-  local-data: "{{loop.index}}.ntp.services.{{supernode_top_domain}}. AAAA {{backbone.mesh_ip_v6|ipaddr('address')}}"
-  {% endfor %}

roles/internal/ffdo.supernode/meta/main.yml

@@ -19,5 +19,4 @@ dependencies:
 - ffdo.dhcp
 - ffdo.radvd
 - dereulenspiegel.alfred
-- ff-unbound
-- jdauphant.unbound
+- ffdo.unbound

roles/internal/ffdo.unbound/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+# defaults file for ff-dns
+
+ffruhr_update_server: 2a03:2260:50:1::14

roles/internal/ffdo.unbound/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+# handlers file for ff-dns
+
+- name: Restart unbound
+  service: name=unbound state=restarted

roles/internal/ffdo.unbound/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+# tasks file for ff-dns
+
+- name: Ensure unbound is installed
+  apt: name=unbound state=present
+
+- name: Ensure unbound config already exists
+  file: dest=/etc/unbound/unbound.conf.d state=directory recurse=yes
+
+- name: Install unbound configs
+  template: src={{item.src}} dest={{item.dest}}
+  with_items:
+  - src: unbound.conf.j2
+    dest: /etc/unbound/unbound.conf
+  - src: unbound-supernode.conf.j2
+    dest: /etc/unbound/unbound.conf.d/supernode.conf
+  notify:
+  - Restart unbound
+
+- name: Ensure unbound is started and enabled
+  service: name=unbound state=started enabled=yes

roles/internal/ffdo.unbound/templates/unbound-supernode.conf.j2

@@ -0,0 +1,21 @@
+server:
+  # Disables DNSSEC
+  module-config: "iterator"
+  interface: 0.0.0.0
+  interface: ::0
+  access-control: {{mesh_ipv4|ipaddr('net')}} allow
+  access-control: {{mesh_ipv6|ipaddr('net')}} allow
+  access-control: fe80::/10 allow
+
+local-zone: "services.ffdo.de." static
+{% for host in groups['supernodes'] %}
+local-data: "{{loop.index}}.ntp.services.ffdo.de. A {{host.mesh_ipv4|ipaddr('address')}}"
+local-data: "{{loop.index}}.ntp.services.ffdo.de. AAAA {{host.mesh_ipv6|ipaddr('address')}}"
+{% endfor %}
+local-data: "update.services.ffdo.de. AAAA {{ffruhr_update_server}}"
+
+forward-zone:
+  name: .
+{% for dns in ffruhr_dns_servers %}
+  forward-addr: {{dns}}
+{% endfor %}

roles/internal/ffdo.unbound/templates/unbound.conf.j2

@@ -0,0 +1,10 @@
+# Unbound configuration file for Debian.
+#
+# See the unbound.conf(5) man page.
+#
+# See /usr/share/doc/unbound/examples/unbound.conf for a commented
+# reference config file.
+#
+# The following line includes additional configuration files from the
+# /etc/unbound/unbound.conf.d directory.
+include: "/etc/unbound/unbound.conf.d/*.conf"

roles/thirdparty_roles.yml

@@ -2,8 +2,6 @@
   version: v1.4.1
   name: usermanage
 
-- src: jdauphant.unbound
-
 - src: dereulenspiegel.fastd
 
 - src: dereulenspiegel.alfred