- name: Install Unbound
  apt:
        install_recommends: no
        name: unbound
        state: present
        cache_valid_time: 3600
  notify: Disable systemd-resolved
  tags:
        - setup
        - packages
- name: Copy configuration files
  loop:
        - internal.conf
        - redxen-dns.conf
        - unbound.conf
  template:
        follow: yes
        src: '{{ item }}.j2'
        dest: /etc/unbound/{{ item }}
  notify:
        - Reload unbound
  tags:
        - update
        - unbound
- name: Allow Unbound through iptables
  loop:
        - { ipv: 'ipv4', proto: 'tcp' }
        - { ipv: 'ipv6', proto: 'tcp' }
        - { ipv: 'ipv4', proto: 'udp' }
        - { ipv: 'ipv6', proto: 'udp' }
  iptables:
        chain: INPUT
        ctstate:
                - NEW
                - ESTABLISHED
                - RELATED
        destination_port: "53"
        jump: ACCEPT
        ip_version: '{{ item.ipv }}'
        protocol: '{{ item.proto }}'
  notify:
        - Save netfilter rules
  tags:
        - update
        - firewall