---

- name: Install packages
  yum:
    name:
      - unbound
  tags: dns

- name: Fetch the root hints
  get_url:
    url: https://www.internic.net/domain/named.cache
    dest: /etc/unbound/root.hints
  tags: dns

- name: Deploy unbound configuration
  template: src=unbound.conf.j2 dest=/etc/unbound/unbound.conf
  notify: restart unbound
  tags: dns

- name: Handle port in the firewall
  iptables_raw:
    name: unbound_ports
    state: "{{ (unbound_src_ip | length > 0) | ternary('present','absent') }}"
    rules: "-A INPUT -m state --state NEW -p udp -m multiport --dports {{ unbound_port }} -s {{ unbound_src_ip | join(',') }} -j ACCEPT\n
            -A INPUT -m state --state NEW -p tcp -m multiport --dports {{ unbound_port }} -s {{ unbound_src_ip | join(',') }} -j ACCEPT"
  when: iptables_manage | default(True)
  tags: dns,firewall

- name: Start and enable the service
  service: name=unbound state=started enabled=True
  tags: dns