Inital commit

defaults/main.yml

@@ -0,0 +1,4 @@
+---
+unbound_cache_forwarder:
+  - 9.9.9.10
+

handlers/main.yml

@@ -0,0 +1,6 @@
+- name: Restart unbound
+  service:
+    name: unbound
+    state: restarted
+
+

tasks/main.yml

@@ -0,0 +1,23 @@
+---
+- name: Include OS dependent variables
+  include_vars: "{{ (ansible_os_family|lower).split(' ')[0] }}.yml"
+
+
+- name: Install packages
+  package:
+    name: "{{ item }}"
+  with_items: "{{ unbound_cache_packages }}"
+
+
+- name: Template config files
+  template:
+    src: "unbound.conf.d/{{ item }}.j2"
+    dest: "/etc/unbound/unbound.conf.d/{{ item }}"
+    mode: 0644
+    backup: yes
+  with_items:
+    - server.conf
+    - forward-zone.conf
+  notify: Restart unbound
+
+

templates/unbound.conf.d/forward-zone.conf.j2

@@ -0,0 +1,6 @@
+forward-zone:
+	name: "."
+
+{% for srv in unbound_cache_forwarder %}	forward-addr: {{ srv }}
+{% endfor %}
+

templates/unbound.conf.d/server.conf.j2

@@ -0,0 +1,18 @@
+server:
+	interface: 127.0.0.1
+	interface: ::1
+
+	access-control: 0.0.0.0/0 deny
+	access-control: 0::0/0 deny
+
+	access-control: 127.0.0.0/8 allow
+	access-control: ::1/128 allow
+
+{% for listen in unbound_cache_listen%}	interface: {{ listen|ipaddr('address') }}
+	access-control: {{ listen|ipaddr('network/prefix') }} allow
+{% endfor %}
+
+	do-not-query-localhost: no
+	hide-identity: yes
+	hide-version: yes
+

vars/debian.yml

@@ -0,0 +1,5 @@
+---
+unbound_cache_packages:
+  - unbound
+  - ldnsutils
+

vars/devuan.yml

@@ -0,0 +1 @@
+debian.yml