- name: Setup unbound config
  become: true
  copy:
    src: "{{ home }}/.dots/config/unbound/unbound.conf"
    dest: "/etc/unbound/unbound.conf"
    owner: unbound
    mode: "u=rwX,g=rX,o="

- name: Setup unbound control certificates
  become: true
  shell: /usr/bin/unbound-control-setup

- name: Specify resolv configuration to use the local unbound server
  become: true
  copy:
    dest: /etc/resolv.conf
    content: | 
      nameserver ::1
      nameserver 127.0.0.1

- name: Protect resolv
  become: true
  file: 
    path: /etc/resolv.conf
    attributes: '+i'

- name: Enable unbound service
  become: true
  ansible.builtin.systemd_service:
    name: unbound
    state: started
    enabled: true

- name: Create unbound configs dir
  file:
    state: directory
    path: "/etc/unbound/config.d"

# copy from dots file to the /etc/unbound/config.d the additonal config enabled
- name: Setup additonal profile config
  when: organization is defined and "unbound" in organization_customize
  become: true
  copy:
    src: "{{ home }}/.dots/profiles/{{ organization }}/configs/unbound.conf"
    dest: "/etc/unbound/config.d/{{ organization }}.conf"