From 5fcd532b648824d947ec009d8d63508b9d3be7fa Mon Sep 17 00:00:00 2001
From: Aaron LI <aly@aaronly.me>
Date: Sat, 24 Feb 2018 17:49:06 +0800
Subject: dns/unbound: update config and enable remote-control

---
 roles/dns/tasks/main.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'roles/dns/tasks')

diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml
index 04c45f3..d6bfb2f 100644
--- a/roles/dns/tasks/main.yml
+++ b/roles/dns/tasks/main.yml
@@ -22,6 +22,15 @@
     "https://www.internic.net/domain/named.cache"
   notify: reload-unbound
 
+- name: unbound - check existence of control key/cert
+  stat:
+    path: /usr/local/etc/unbound/unbound_control.key
+  register: stat_result
+
+- name: unbound - generate self-signed key/cert for control
+  command: unbound-control-setup
+  when: stat_result.stat.exists == False
+
 - name: unbound - copy configuration
   copy:
     src: unbound.conf
@@ -36,6 +45,9 @@
     src: resolv.conf
     dest: /etc/resolv.conf
 
+#
+# NSD
+#
 - name: NSD - copy configuration
   template:
     src: nsd.conf.j2
-- 
cgit v1.2.2