- name: Copy configuration files copy: follow: yes src: '{{ role_path }}/files/' dest: /etc/unbound/ notify: - Reload unbound tags: - update - unbound - name: Install Unbound apt: install_recommends: no name: unbound state: present cache_valid_time: 3600 notify: Disable systemd-resolved tags: - setup - packages - name: Allow Unbound through iptables loop: - { ipv: 'ipv4', proto: 'tcp' } - { ipv: 'ipv6', proto: 'tcp' } - { ipv: 'ipv4', proto: 'udp' } - { ipv: 'ipv6', proto: 'udp' } iptables: chain: INPUT ctstate: - NEW - ESTABLISHED - RELATED destination_port: "53" jump: ACCEPT ip_version: '{{ item.ipv }}' protocol: '{{ item.proto }}' notify: - Save netfilter rules tags: - update - firewall