- name: Setup unbound config
  become: true
  copy:
    src: "{{ home }}/.dots/config/unbound/unbound.conf"
    dest: "/etc/unbound/unbound.conf"
    owner: unbound
    mode: "u=rwX,g=rX,o="

- name: Setup unbound control certificates
  become: true
  shell: /usr/bin/unbound-control-setup

- name: Specify resolv configuration to use the local unbound server
  become: true
  copy:
    dest: /etc/resolv.conf
    content: | 
      nameserver ::1
      nameserver 127.0.0.1

- name: Protect resolv
  become: true
  file: 
    path: /etc/resolv.conf
    attributes: '+i'

- name: Enable unbound service
  become: true
  ansible.builtin.systemd_service:
    name: unbound
    state: started
    enabled: true

# copy from dots file to the /etc/unbound/config.d the additonal config enabled
- name: Setup additonal namespaces config
  when: unbound_profiles is defined
  become: true
  copy:
    src: "{{ home }}/.dots/config/unbound/profiles/{{ item }}.conf"
    dest: "/etc/unbound/config.d/{{ item }}.conf"
  with_items: "{{ unbound_profiles }}"