- name: "Ensure systemd-resolved is stopped and disabled"
  ansible.builtin.service:
    name: systemd-resolved
    enabled: false
    state: stopped
  when:
    - "'systemd-resolved' in ansible_facts.packages"
  tags:
    - systemd-resolved_disable

- name: "Install DNS - unbound server"
  become: true
  ansible.builtin.package:
    name: unbound
    state: latest
  tags:
    - unbound_install

- name: "Configure DNS - remote control"
  become: true
  ansible.builtin.template:
    src: "etc/unbound/unbound.conf.d/remote.conf"
    dest: "/etc/unbound/unbound.conf.d/remote.conf"
    mode: '0644'
    owner: root
    group: root
    validate: "unbound-checkconf %s"
  notify: restart unbound
  when:
    - false
  tags:
    - unbound_configure

- name: "Configure DNS - zone '{{ domain_name }}'"
  become: true
  ansible.builtin.template:
    src: "etc/unbound/unbound.conf.d/fai.conf"
    dest: "/etc/unbound/unbound.conf.d/fai.conf"
    mode: '0644'
    owner: root
    group: root
    validate: "unbound-checkconf %s"
  notify: restart unbound
  tags:
    - unbound_configure

- name: "Configure DNS - disable IPv6 to avoid trouble with vagrant"
  become: true
  ansible.builtin.copy:
    content: |
      server:
        ### DISABLE BIND TO IPV6 TO AVOID TROUBLE WITH VAGRANT
        do-ip6: no
    dest: "/etc/unbound/unbound.conf.d/ipv6_disabled.conf"
    mode: '0644'
    owner: root
    group: root
    validate: "unbound-checkconf %s"
  notify: restart unbound
  tags:
    - unbound_configure

- name: "Start and enable unbound"
  become: true
  ansible.builtin.service:
    name: unbound
    enabled: true
    state: started
  tags:
    - unbound_enable