rc/servers
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects 1 Releases Wiki Activity
servers/roles/dnsmasq/tasks/main.yml
Timotej Lazar 7b1c2cb41d dnsmasq: drop dhcp-proxy option 
Instead add firewall rules to allow direct communication from client networks.
2024-11-09 20:06:58 +01:00

48 lines
948 B
YAML
Raw Blame History

- name: Install packages
package:
name:
- dnsmasq
- bind-tools
- krb5
- py3-pexpect
- name: Configure kerberos
template:
dest: /etc/krb5.conf
src: krb5.conf.j2
- name: Init kerberos keytab
expect:
command: ktutil
responses:
'.*:':
- 'add_entry -password -p {{ password.ldap_user }} -k 1 -e aes256-cts-hmac-sha1-96'
- '{{ password.ldap_pass }}'
- 'write_kt /etc/krb5.keytab'
- 'exit'
args:
creates: /etc/krb5.keytab
- name: Copy DNS updater script
template:
dest: "/usr/local/bin/dns-update"
src: "dns-update.j2"
mode: 0700
- name: Configure dnsmasq
template:
dest: '/etc/dnsmasq.d/{{ item }}'
src: '{{ item }}.j2'
loop:
- 00-options.conf
- 10-ranges.conf
notify: restart dnsmasq
- name: Configure nftables
template:
dest: '/etc/nftables.d/dnsmasq.nft'
src: 'dnsmasq.nft.j2'
notify: reload nftables
# TODO netboot config
Reference in a new issue View git blame Copy permalink