Initial commit

defaults/main.yml

@@ -0,0 +1,20 @@
+unbound_config_raw: ''
+unbound_config_include_conf_d: true
+unbound_config:
+  server:
+    verbosity: 1
+    interface:
+    - 127.0.0.1
+    - ::1
+    access-control:
+    - 127.0.0.1/8 allow
+    - ::1/128 allow
+    private-address:
+    - 10.0.0.0/8
+    - 172.16.0.0/12
+    - 192.168.0.0/16
+    - 169.254.0.0/16
+    - 127.0.0.0/8
+    - fd00::/8
+    - fe80::/10
+    - ::ffff:0:0/96

handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart unbound
+  ansible.builtin.service:
+    name: unbound
+    state: restarted

tasks/main.yml

@@ -0,0 +1,12 @@
+- name: install packages
+  ansible.builtin.apt:
+    pkg:
+    - unbound
+    - unbound-anchor
+
+- name: copy unbound config
+  ansible.builtin.template:
+    src: unbound.conf.j2
+    dest: /etc/unbound/unbound.conf
+    mode: "0640"
+  notify: restart unbound

templates/unbound.conf.j2

@@ -0,0 +1,36 @@
+#jinja2: lstrip_blocks: True
+{% macro clause_attr(key, value) %}
+{% if value is boolean %}
+  {{ key }}: {{ 'yes' if value else 'no' }}
+{% elif value is iterable and not value is string %}
+{% for item in value %}
+  {{ key }}: {{ item }}
+{% endfor %}
+{% else %}
+  {{ key }}: {{ value }}
+{% endif %}
+{% endmacro %}
+
+{% if unbound_config_include_conf_d %}
+include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
+{% endif %}
+
+{% for clause, clause_items in unbound_config.items() %}
+{% if clause_items.values()|reject('mapping')|length != 0 %}
+{{ clause }}:
+{% for key, value in clause_items.items() %}
+{{ clause_attr(key, value) }}
+{%- endfor %}
+
+{% else %}
+{% for clause_key, clause_instance_items in clause_items.items() %}
+{{ clause }}:
+  name: "{{ clause_key }}"
+{% for key, value in clause_instance_items.items() %}
+{{ clause_attr(key, value) }}
+{%- endfor %}
+
+{% endfor %}
+{% endif %}
+{% endfor %}
+{{ unbound_config_raw }}