commit f8ba8c1d29026432117de5e4616c9696b8ed27d1
Author: Sven Velt <sven@velt.de>
Date:   Tue Apr 2 15:28:54 2019 +0200

    Inital commit

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..118c7c3
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+unbound_cache_forwarder:
+  - 9.9.9.10
+
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..6bf126a
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,6 @@
+- name: Restart unbound
+  service:
+    name: unbound
+    state: restarted
+
+
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..7493fda
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+- name: Include OS dependent variables
+  include_vars: "{{ (ansible_os_family|lower).split(' ')[0] }}.yml"
+
+
+- name: Install packages
+  package:
+    name: "{{ item }}"
+  with_items: "{{ unbound_cache_packages }}"
+
+
+- name: Template config files
+  template:
+    src: "unbound.conf.d/{{ item }}.j2"
+    dest: "/etc/unbound/unbound.conf.d/{{ item }}"
+    mode: 0644
+    backup: yes
+  with_items:
+    - server.conf
+    - forward-zone.conf
+  notify: Restart unbound
+
+
diff --git a/templates/unbound.conf.d/forward-zone.conf.j2 b/templates/unbound.conf.d/forward-zone.conf.j2
new file mode 100644
index 0000000..9830b6d
--- /dev/null
+++ b/templates/unbound.conf.d/forward-zone.conf.j2
@@ -0,0 +1,6 @@
+forward-zone:
+	name: "."
+
+{% for srv in unbound_cache_forwarder %}	forward-addr: {{ srv }}
+{% endfor %}
+
diff --git a/templates/unbound.conf.d/server.conf.j2 b/templates/unbound.conf.d/server.conf.j2
new file mode 100644
index 0000000..9cc9f90
--- /dev/null
+++ b/templates/unbound.conf.d/server.conf.j2
@@ -0,0 +1,18 @@
+server:
+	interface: 127.0.0.1
+	interface: ::1
+
+	access-control: 0.0.0.0/0 deny
+	access-control: 0::0/0 deny
+
+	access-control: 127.0.0.0/8 allow
+	access-control: ::1/128 allow
+
+{% for listen in unbound_cache_listen%}	interface: {{ listen|ipaddr('address') }}
+	access-control: {{ listen|ipaddr('network/prefix') }} allow
+{% endfor %}
+
+	do-not-query-localhost: no
+	hide-identity: yes
+	hide-version: yes
+
diff --git a/vars/debian.yml b/vars/debian.yml
new file mode 100644
index 0000000..b479ad7
--- /dev/null
+++ b/vars/debian.yml
@@ -0,0 +1,5 @@
+---
+unbound_cache_packages:
+  - unbound
+  - ldnsutils
+
diff --git a/vars/devuan.yml b/vars/devuan.yml
new file mode 120000
index 0000000..f1a5a89
--- /dev/null
+++ b/vars/devuan.yml
@@ -0,0 +1 @@
+debian.yml
\ No newline at end of file