debops.unbound default variables

APT packages

unbound__base_packages

List of default APT packages to install for Unbound support.

unbound__base_packages: [ 'unbound' ]
unbound__packages

List of additional APT packages to install with Unbound.

unbound__packages: []

Server (main) configuration

These variables can be used to configure main unbound configuration options. See Default variable details: unbound__server for more details.

unbound__default_server

The default Unbound 'server' configuration defined by the role.

unbound__default_server:

  - name: 'localhost-allow_snoop'
    option: 'access-control'
    comment: |
      By default unbound blocks non-recursive queries to prevent abuse; this
      prevents commands like 'dig +trace' from working correctly. Since query
      tracing is a useful debugging and diagnostic tool, non-recursive queries
      will be allowed when the host is managed locally with assumption that
      this is an administrator's machine.
    value:

      - name: '127.0.0.0/8'
        args: 'allow_snoop'

      - name: '::1/128'
        args: 'allow_snoop'

    state: '{{ "present"
               if (unbound__fact_ansible_connection == "local")
               else "ignore" }}'
unbound__server

The Unbound 'server' configuration which should be present on all hosts in the Ansible inventory.

unbound__server: []
unbound__group_server

The Unbound 'server' configuration which should be present on hosts in a specific Ansible inventory group.

unbound__group_server: []
unbound__host_server

The Unbound 'server' configuration which should be present on specific hosts in the Ansible inventory.

unbound__host_server: []
unbound__combined_server

This variable combines the 'server' configuration from other variables and passes it to the configuration file template.

unbound__combined_server: '{{ unbound__default_server
                              + unbound__server
                              + unbound__group_server
                              + unbound__host_server }}'

Remote control configuration

These variables can be used to configure unbound-control configuration options. The syntax is the same as the 'server' configuration. See Default variable details: unbound__server for more details.

unbound__remote_control

The Unbound 'remote-control' configuration which should be present on all hosts in the Ansible inventory.

unbound__remote_control: []
unbound__group_remote_control

The Unbound 'remote-control' configuration which should be present on hosts in a specific Ansible inventory group.

unbound__group_remote_control: []
unbound__host_remote_control

The Unbound 'remote-control' configuration which should be present on specific hosts in the Ansible inventory.

unbound__host_remote_control: []
unbound__combined_remote_control

This variable combines the 'remote-control' configuration from other variables and passes it to the configuration file template.

unbound__combined_remote_control: '{{ unbound__remote_control
                                      + unbound__group_remote_control
                                      + unbound__host_remote_control }}'

Custom forward/stub DNS zones

These variables configure custom 'forward' or 'stub' DNS zones served by Unbound. See unbound__zones for more details.

unbound__zones

List of forward or stub DNS zones which should be defined on all hosts in the Ansible inventory.

unbound__zones: []
unbound__group_zones

List of forward or stub DNS zones which should be defined on hosts in specific Ansible inventory group.

unbound__group_zones: []
unbound__host_zones

List of forward or stub DNS zones which should be defined on specific hosts in the Ansible inventory.

unbound__host_zones: []
unbound__combined_zones

The variable that combines the zone configuration from other variables.

unbound__combined_zones: '{{ unbound__zones
                             + unbound__group_zones
                             + unbound__host_zones }}'
unbound__parsed_zones

The variable that parses the combined zone configuration and is used in the Ansible tasks to manage the DNS zone files.

unbound__parsed_zones: '{{ unbound__combined_zones
                                | parse_kv_items }}'

Configuration for other Ansible roles

unbound__python__dependent_packages3

Configuration for the debops.python Ansible role.

unbound__python__dependent_packages3:

  - 'python3-unbound'
unbound__python__dependent_packages2

Configuration for the debops.python Ansible role.

unbound__python__dependent_packages2:

  - 'python-unbound'
unbound__apt_preferences__dependent_list

Configuration for the debops.apt_preferences.

unbound__apt_preferences__dependent_list:

  - packages:  [ 'unbound', 'unbound-*', 'libunbound*' ]
    backports: [ 'wheezy', 'jessie' ]
    reason:    'Feature parity with the next Debian release'
    by_role:   'debops.unbound'
unbound__etc_services__dependent_list

Configuration for the debops.etc_services.

unbound__etc_services__dependent_list:

  - name: 'unbound-ctrl'
    port: '8953'
    comment: 'Unbound control service'