- name: import internal ns forwarding snippet include_vars: file: internal.yml hash_behaviour: merge when: services.internal_ns is defined - name: set unbound_cfg set_fact: unbound_cfg: "{{ unbound_default_config | d({}) | combine(unbound_config | d({}), recursive=true) }}" - name: install unbound include_tasks: tasks/install_packages.yml vars: package: - unbound - alpine: unbound-openrc notify: restart unbound - name: create user and group include_tasks: tasks/create_user.yml vars: user: name: "{{ unbound_user }}" group: "{{ unbound_group }}" - name: create unbound conf dir file: path: "{{ unbound_conf_dir }}" state: directory mode: 0755 owner: "{{ unbound_user }}" group: "{{ unbound_group }}" - name: template unbound configuration template: src: unbound.j2 dest: "{{ unbound_conf_file }}" force: yes lstrip_blocks: yes mode: 0400 owner: "{{ unbound_user }}" group: "{{ unbound_group }}" notify: restart unbound - name: edit service config lineinfile: path: /etc/conf.d/unbound regexp: "^{{ item.name }}=" line: "{{ item.name }}=\"{{ item.value }}\"" notify: restart unbound loop: - name: cfgfile value: "{{ unbound_conf_file }}" - name: download root hint file get_url: url: https://www.internic.net/domain/named.cache dest: "{{ unbound_hints_file }}" mode: 0644 owner: "{{ unbound_user }}" group: "{{ unbound_group }}" - name: create cron job for hint refresh cron: name: refresh root hints minute: "{{ 59 | random(seed=inventory_hostname) }}" hour: "{{ 5 | random(seed=inventory_hostname) }}" job: "( wget -q -O {{ unbound_hints_file | quote }} https://www.internic.net/domain/named.cache ; \ chown {{ unbound_user }}:{{ unbound_group }} {{ unbound_hints_file | quote }} ; \ chmod 0644 {{ unbound_hints_file | quote }} \ ) > /dev/null 2>&1" - name: flush handlers meta: flush_handlers - name: add directories to backup plan include_role: name: backup vars: function: add backup_items: - "{{ unbound_conf_dir }}" - name: enable and start unbound service: name: unbound enabled: yes state: started