---
- name: Ensure unbound is present
  apt:
    name: unbound
    state: present
    default_release: "{{ ansible_distribution_release }}-backports"

- name: Ensure only unbound is taken from testing
  copy:
    content: |
      Package: nsd
      Pin: release a={{ ansible_distribution_release }}-backports
      Pin-Priority: 998
    dest: /etc/apt/preferences.d/20-unbound-related
    owner: root
    group: root
    mode: 0600
  register: repo_config_unbound

- name: Ensure repo are up-to-date
  apt:
    update_cache: yes
  when: repo_config_unbound.changed

- fail:
    msg: "Required nsd_addr is missing"
  when: server.nsd_addr is not defined

- fail:
    msg: "Required nsd_port is missing"
  when: server.nsd_port is not defined

- name: Ensure unbound config is present
  template:
    src: templates/unbound.conf.j2
    dest: /etc/unbound/unbound.conf
    owner: root
    group: root
    mode: 0600
  notify: restart unbound

- name: Ensure unbound service is enabled and started
  systemd:
    name: unbound.service
    state: started
    enabled: yes