Getting started

Example inventory

Hosts added to the debops_service_dnsmasq inventory group will have the dnsmasq installed and configured.

[debops_service_dnsmasq]
hostname

Example playbook

If you are using this role without DebOps, here's an example Ansible playbook that uses the debops.dnsmasq role:

---

- name: Configure dnsmasq
  hosts: [ 'debops_service_dnsmasq' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  roles:

    - role: debops.ferm
      tags: [ 'role::ferm' ]
      ferm__dependent_rules:
        - '{{ dnsmasq__ferm__dependent_rules }}'

    - role: debops.tcpwrappers
      tags: [ 'role::tcpwrappers' ]

    - role: debops.dnsmasq
      tags: [ 'role::dnsmasq' ]

If you are using this role without DebOps, here's an example Ansible playbook that uses debops.dnsmasq together with the debops.persistent_paths role:

---

- name: Configure dnsmasq and ensure persistence
  hosts: [ 'debops_service_dnsmasq_persistent_paths' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  roles:

    - role: debops.ferm
      tags: [ 'role::ferm' ]
      ferm__dependent_rules:
        - '{{ dnsmasq__ferm__dependent_rules }}'

    - role: debops.tcpwrappers
      tags: [ 'role::tcpwrappers' ]

    - role: debops.dnsmasq
      tags: [ 'role::dnsmasq' ]

    - role: debops.persistent_paths
      tags: [ 'role::persistent_paths' ]
      persistent_paths__dependent_paths: '{{ dnsmasq__persistent_paths__dependent_paths }}'

If you are using this role without DebOps, here's an example Ansible playbook that uses debops.dnsmasq together with the debops-contrib.apparmor role:

---

## Basically the same playbook as the one in DebOps core with the difference
## that this playbook also uses the debops-contrib.apparmor role to configure
## AppArmor.

- name: Configure AppArmor for dnsmasq
  hosts: [ 'debops_contrib_service_dnsmasq' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  roles:

    - role: debops.dnsmasq/env
      tags: [ 'role::apparmor' ]

    - role: debops-contrib.apparmor
      tags: [ 'role::apparmor' ]
      apparmor__local_dependent_config: '{{ dnsmasq__apparmor__local_dependent_config }}'


- name: Configure dnsmasq
  hosts: [ 'debops_contrib_service_dnsmasq' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  roles:

    - role: debops.ferm
      tags: [ 'role::ferm' ]
      ferm__dependent_rules:
        - '{{ dnsmasq__ferm__dependent_rules }}'

    - role: debops.dnsmasq
      tags: [ 'role::dnsmasq' ]

debops.persistent_paths support

In case the host in question happens to be a TemplateBasedVM on Qubes OS or another system where persistence is not the default, it should be absent in debops_service_dnsmasq and instead be added to the debops_service_dnsmasq_persistent_paths Ansible inventory group so that the changes can be made persistent:

[debops_service_dnsmasq_persistent_paths]
hostname

The dnsmasq__base_packages are expected to be present (typically installed in the TemplateVM).

Note that you will need to set core__unsafe_writes to True when you attempt to update the configuration on a system that uses bind mounts for persistence. You can set core__unsafe_writes directly in your inventory without the need to run the debops.core role for this special case. Refer to Templating or updating persistent files for details.