- name: Copy configuration files
  copy:
        follow: yes
        src: roles/dns/files/
        dest: /etc/unbound/
  notify:
        - Reload unbound
- name: Install Unbound
  apt:
        install_recommends: no
        name: unbound
        state: present
        cache_valid_time: 3600
  notify: Disable systemd-resolved
  when: unbound|bool == true
- name: Allow Unbound TCP through iptables
  loop:
          - ipv4
          - ipv6
  iptables:
          chain: INPUT
          ctstate:
                  - NEW
                  - ESTABLISHED
                  - RELATED
          destination_port: "53"
          jump: ACCEPT
          ip_version: '{{ item }}'
          protocol: tcp
  notify:
          - Save netfilter rules
- name: Allow Unbound UDP through iptables
  loop:
          - ipv4
          - ipv6
  iptables:
          chain: INPUT
          ctstate:
                  - NEW
                  - ESTABLISHED
                  - RELATED
          destination_port: "53"
          jump: ACCEPT
          ip_version: '{{ item }}'
          protocol: udp
  notify:
          - Save netfilter rules