diff --git a/Ansible/roles/openbsd_bootstrap/tasks/main.yaml b/Ansible/roles/openbsd_bootstrap/tasks/main.yaml
index 8e9e1aa37bae0fb16eca6f996c6df0f6c52f5084..1a017bf58bd1efab89663ead939da6d2a87a7d43 100644
--- a/Ansible/roles/openbsd_bootstrap/tasks/main.yaml
+++ b/Ansible/roles/openbsd_bootstrap/tasks/main.yaml
@@ -1,4 +1,7 @@
---
+- name: Set correct time
+ ansible.builtin.raw: rdate pool.ntp.org
+
- name: Install Python3
ansible.builtin.raw: pkg_add -Iz py3-pip
register: openbsd_pkg_add_python
diff --git a/Ansible/roles/router/files/unbound/shore.co.il.conf b/Ansible/roles/router/files/unbound.conf
similarity index 54%
rename from Ansible/roles/router/files/unbound/shore.co.il.conf
rename to Ansible/roles/router/files/unbound.conf
index 31fb7933147dd3b930246f35703d96b9ea93648c..7d3ff75e8755c798126293ecc8072a5445da3dee 100644
--- a/Ansible/roles/router/files/unbound/shore.co.il.conf
+++ b/Ansible/roles/router/files/unbound.conf
@@ -1,10 +1,27 @@
server:
+ interface: 127.0.0.1
interface: 192.168.3.1 #ingress
- #local-zone: "shore.co.il." static
- access-control: 192.168.3.0/8 allow
+
+ access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.0/8 allow
+ access-control: 192.168.3.0/8 allow
+ access-control: ::0/0 refuse
+ access-control: ::1 allow
+
+ hide-identity: yes
+ hide-version: yes
+
+ auto-trust-anchor-file: "/var/unbound/db/root.key"
+ val-log-level: 2
+
+ aggressive-nsec: yes
+
local-data: "kodi.shore.co.il. A 192.168.3.12"
local-data: "mr8300.shore.co.il. A 192.168.3.13"
local-data: "host01.shore.co.il. A 192.168.3.17"
local-data: "smtp.shore.co.il. A 192.168.3.17"
local-data: "nintendoswitch. A 192.168.3.20"
+
+remote-control:
+ control-enable: yes
+ control-interface: /var/run/unbound.sock
diff --git a/Ansible/roles/router/tasks/main.yaml b/Ansible/roles/router/tasks/main.yaml
index 4171c12338b1ff3253a58f8c0bd5d8b092dbe070..168aba51cede94ed816298f1a23babe825cd16d3 100644
--- a/Ansible/roles/router/tasks/main.yaml
+++ b/Ansible/roles/router/tasks/main.yaml
@@ -65,7 +65,7 @@
ansible.builtin.copy:
content: |-
search shore.co.il
- nameserver 127.0.0.1
+ nameserver 192.168.3.1
lookup file bind
dest: /etc/resolv.conf
mode: 0o0644
@@ -78,11 +78,11 @@
- name: Configure the network interfaces
with_dict:
# yamllint disable rule:line-length
- em1: |
+ igc1: |
description "Connected to the fiber cable, used for PPPoE connection to the ISP."
up
# yamllint enable rule:line-length
- em5: |
+ igc0: |
description "Connected to internal LAN."
inet 192.168.3.1 255.255.255.0
group ingress
@@ -90,7 +90,7 @@
pppoe0: |
description "The connection to the internet."
inet 62.219.131.121 255.255.255.255 NONE \
- pppoedev em1 authproto pap \
+ pppoedev igc1 authproto pap \
authname 'ns_nimadar@014' authkey '{{ bezeqint_password }}' up
dest 0.0.0.1
!/sbin/route add default -ifp pppoe0 62.219.131.121
@@ -108,36 +108,10 @@
- network
- name: Configure the Unbound DNS resolver
- ansible.builtin.file:
- path: /var/unbound/etc/unbound.conf.d
- mode: 0o0755
- state: directory
- tags:
- - unbound
- - dns
- - network
-
-- name: Configure Ubnound DNS resolver
- ansible.builtin.lineinfile:
- insertafter: EOF
- line: >-
- include: "/var/unbound/etc/unbound.conf.d/*.conf"
- path: /var/unbound/etc/unbound.conf
- validate: unbound-checkconf %s
- notify:
- - Restart Unbound
- tags:
- - unbound
- - dns
- - network
-
-- name: Configure the Unbound DNS resolver
- loop:
- - shore.co.il.conf
ansible.builtin.copy:
- dest: '/var/unbound/etc/unbound.conf.d/{{ item }}'
+ dest: /var/unbound/etc/unbound.conf
mode: preserve
- src: 'unbound/{{ item }}'
+ src: unbound.conf
validate: unbound-checkconf %s
diff: true
notify: