ansible-playbooks/roles/unbound/tasks/main.yml

- name: import internal ns forwarding snippet
  include_vars:
    file: internal.yml
    hash_behaviour: merge
  when: services.internal_ns is defined


- name: set unbound_cfg
  set_fact:
    unbound_cfg: "{{ unbound_default_config | d({}) | combine(unbound_config | d({}), recursive=true) }}"


- name: install unbound
  include_tasks: tasks/install_packages.yml
  vars:
    package:
      - unbound
      - alpine: unbound-openrc
    notify: restart unbound


- name: create user and group
  include_tasks: tasks/create_user.yml
  vars:
    user:
      name: "{{ unbound_user }}"
      group: "{{ unbound_group }}"


- name: create unbound conf dir
  file:
    path: "{{ unbound_conf_dir }}"
    state: directory
    mode: 0755
    owner: "{{ unbound_user }}"
    group: "{{ unbound_group }}"


- name: template unbound configuration
  template:
    src: unbound.j2
    dest: "{{ unbound_conf_file }}"
    force: yes
    lstrip_blocks: yes
    mode: 0400
    owner: "{{ unbound_user }}"
    group: "{{ unbound_group }}"
  notify: restart unbound


- name: edit service config
  lineinfile:
    path: /etc/conf.d/unbound
    regexp: "^{{ item.name }}="
    line: "{{ item.name }}=\"{{ item.value }}\""
  notify: restart unbound
  loop:
    - name: cfgfile
      value: "{{ unbound_conf_file }}"


- name: download root hint file
  get_url:
    url: https://www.internic.net/domain/named.cache
    dest: "{{ unbound_hints_file }}"
    mode: 0644
    owner: "{{ unbound_user }}"
    group: "{{ unbound_group }}"


- name: create cron job for hint refresh
  cron:
    name: refresh root hints
    minute: "{{ 59 | random(seed=inventory_hostname) }}"
    hour: "{{ 5 | random(seed=inventory_hostname) }}"
    job: "( wget -q -O {{ unbound_hints_file | quote }} https://www.internic.net/domain/named.cache ; \
           chown {{ unbound_user }}:{{ unbound_group }} {{ unbound_hints_file | quote }} ; \
           chmod 0644 {{ unbound_hints_file | quote }} \
          ) > /dev/null 2>&1"


- name: flush handlers
  meta: flush_handlers


- name: add directories to backup plan
  include_role:
    name: backup
  vars:
    function: add
    backup_items:
      - "{{ unbound_conf_dir }}"


- name: enable and start unbound
  service:
    name: unbound
    enabled: yes
    state: started
init 2 years ago			`- name: import internal ns forwarding snippet`
			`include_vars:`
			`file: internal.yml`
			`hash_behaviour: merge`
			`when: services.internal_ns is defined`


			`- name: set unbound_cfg`
			`set_fact:`
			`unbound_cfg: "{{ unbound_default_config \| d({}) \| combine(unbound_config \| d({}), recursive=true) }}"`


			`- name: install unbound`
			`include_tasks: tasks/install_packages.yml`
			`vars:`
			`package:`
			`- unbound`
			`- alpine: unbound-openrc`
			`notify: restart unbound`


			`- name: create user and group`
			`include_tasks: tasks/create_user.yml`
			`vars:`
			`user:`
			`name: "{{ unbound_user }}"`
			`group: "{{ unbound_group }}"`


			`- name: create unbound conf dir`
			`file:`
			`path: "{{ unbound_conf_dir }}"`
			`state: directory`
			`mode: 0755`
			`owner: "{{ unbound_user }}"`
			`group: "{{ unbound_group }}"`


			`- name: template unbound configuration`
			`template:`
			`src: unbound.j2`
			`dest: "{{ unbound_conf_file }}"`
			`force: yes`
			`lstrip_blocks: yes`
			`mode: 0400`
			`owner: "{{ unbound_user }}"`
			`group: "{{ unbound_group }}"`
			`notify: restart unbound`


			`- name: edit service config`
			`lineinfile:`
			`path: /etc/conf.d/unbound`
			`regexp: "^{{ item.name }}="`
			`line: "{{ item.name }}=\"{{ item.value }}\""`
			`notify: restart unbound`
			`loop:`
			`- name: cfgfile`
			`value: "{{ unbound_conf_file }}"`


			`- name: download root hint file`
			`get_url:`
			`url: https://www.internic.net/domain/named.cache`
			`dest: "{{ unbound_hints_file }}"`
			`mode: 0644`
			`owner: "{{ unbound_user }}"`
			`group: "{{ unbound_group }}"`


			`- name: create cron job for hint refresh`
			`cron:`
			`name: refresh root hints`
			`minute: "{{ 59 \| random(seed=inventory_hostname) }}"`
			`hour: "{{ 5 \| random(seed=inventory_hostname) }}"`
			`job: "( wget -q -O {{ unbound_hints_file \| quote }} https://www.internic.net/domain/named.cache ; \`
			`chown {{ unbound_user }}:{{ unbound_group }} {{ unbound_hints_file \| quote }} ; \`
			`chmod 0644 {{ unbound_hints_file \| quote }} \`
			`) > /dev/null 2>&1"`


			`- name: flush handlers`
			`meta: flush_handlers`


			`- name: add directories to backup plan`
			`include_role:`
			`name: backup`
			`vars:`
			`function: add`
			`backup_items:`
			`- "{{ unbound_conf_dir }}"`


			`- name: enable and start unbound`
			`service:`
			`name: unbound`
			`enabled: yes`
			`state: started`