- name: install unbound server
  package:
    name: unbound
    state: present

- name: configure dns
  copy:
    content: |
      server:
        access-control: {{ server_net }}.0/{{ server_netbits }} allow
        private-domain: "{{ domain_name }}"
        domain-insecure: "{{ domain_name }}"

        interface: 0.0.0.0

        local-zone: "{{ domain_name }}." static
        local-data: "{{ server_name }}.{{ domain_name }}. IN A {{ server_ip }}"
    dest: /etc/unbound/unbound.conf.d/fai.conf
    mode: u=rw,g=r,o=r
    owner: root
    group: root
  register: unbound_conf

- name: ensure unbound is enabled and running
  service:
    name: unbound
    state: started
    enabled: true

- name: apply dns config
  systemd:
    name: unbound
    state: restarted
  when: unbound_conf.changed