- name: Copy configuration files
  copy:
        follow: yes
        src: '{{ role_path }}/files/'
        dest: /etc/unbound/
  notify:
        - Reload unbound
  tags:
        - update
        - unbound
- name: Install Unbound
  apt:
        install_recommends: no
        name: unbound
        state: present
        cache_valid_time: 3600
  notify: Disable systemd-resolved
  tags:
        - setup
        - packages
- name: Allow Unbound TCP through iptables
  loop:
          - ipv4
          - ipv6
  iptables:
          chain: INPUT
          ctstate:
                  - NEW
                  - ESTABLISHED
                  - RELATED
          destination_port: "53"
          jump: ACCEPT
          ip_version: '{{ item }}'
          protocol: tcp
  notify:
          - Save netfilter rules
  tags:
        - update
        - firewall
- name: Allow Unbound UDP through iptables
  loop:
          - ipv4
          - ipv6
  iptables:
          chain: INPUT
          ctstate:
                  - NEW
                  - ESTABLISHED
                  - RELATED
          destination_port: "53"
          jump: ACCEPT
          ip_version: '{{ item }}'
          protocol: udp
  notify:
          - Save netfilter rules
  tags:
        - update
        - firewall