- name: unbound role main
  tags: [ unbound, dns, dns_resolver ]
  block:

    - name: install unbound dns resolver
      become: true
      ansible.builtin.package:
        name: unbound

    - name: ensure correct directory permissions
      become: true
      ansible.builtin.file:
        path: /etc/unbound
        state: directory
        mode: u=rwX,g=rX,o=rX
        recurse: true
        owner: unbound
        group: unbound

    - name: configure unbound dns resolver
      become: true
      notify: unbound.restarted
      ansible.builtin.template:
        src: unbound.conf.j2
        dest: /etc/unbound/unbound.conf
        owner: unbound
        group: unbound
        mode: u=rw,g=r,o=r

    - name: ensure unbound is running and enabled
      become: true
      ansible.builtin.systemd:
        name: unbound.service
        state: started
        enabled: true

    - name: disable systemd-resolved
      when: unbound_disable_systemd_networkd
      ansible.builtin.include_role:
        name: deploy_systemd_resolved_config
        vars_from: deploy_systemd_resolved_config

    - name: install and configure prometheus-exporter for unbound
      ansible.builtin.import_tasks: prometheus-exporter.yml
      when: unbound_install_prometheus_exporter