ansible/roles/unbound/tasks/main.yml

---
- name: Install unbound
  package:
    name: unbound
    state: present

- name: Add /var/log/unbound to fstab
  mount:
    path: /var/log/unbound
    src: tmpfs
    fstype: tmpfs
    opts: 'rw,size={{ unbound_log_size }},mode={{ unbound_log_mode }},uid={{ unbound_log_uid }},gid={{ unbound_log_gid }},late'
    state: mounted

- name: Create unbound service directories
  file:
    path: '/etc/s6-rc/service/{{ item }}'
    state: directory
    owner: root
    group: wheel
    mode: 0755
  with_items: '{{ unbound_service_dirs }}'
  notify:
    - Reload s6-rc
    - Restart unbound log
    - Restart unbound

- name: Generate unbound service scripts
  template:
    dest: '/etc/s6-rc/service/{{ item }}'
    src: '{{ item }}.j2'
    mode: 0555
    owner: root
    group: wheel
  with_items: '{{ unbound_service_scripts }}'
  notify:
    - Reload s6-rc
    - Restart unbound log
    - Restart unbound 

- name: Generate unbound service configuration
  copy:
    dest: '/etc/s6-rc/service/{{ item.name }}'
    content: '{{ item.content }}'
    mode: 0444
    owner: root
    group: wheel
  loop_control:
    label: '{{ item.name }} = {{ item.content }}'
  notify:
    - Reload s6-rc
    - Restart unbound log
    - Restart unbound
  with_items: '{{ unbound_service_config }}'

- name: Configure unbound
  template:
    dest: /usr/local/etc/unbound/unbound.conf
    src: unbound.conf.j2
    mode: 0444
    owner: root
    group: wheel
  notify:
    - Reload unbound

- name: Flush handlers
  meta: flush_handlers

- name: Start unbound
  command: fdmove -c 2 1 s6-rc -l {{ s6_live_dir }} -u -v 2 -t 15000 change unbound
  register: change
  changed_when: change.stdout | length > 0

- name: Enable unbound
  lineinfile:
    path: /etc/s6-rc/service/enabled/contents
    regexp: "^unbound$"
    line: unbound
    state: present
  notify:
    - Reload s6-rc

- name: Flush handlers (again)
  meta: flush_handlers