unbound_exporter: Add TLS support

Currently unbound_exporter doesn't support TLS connections so proxy
connections through stunnel.

roles/unbound_exporter/tasks/main.yml

@@ -1,8 +1,11 @@
 ---
 - name: Install packages
   ansible.builtin.package:
-    name: unbound_exporter
+    name: "{{ item }}"
     state: installed
+  with_items:
+    - stunnel
+    - unbound_exporter
 
 - name: Add user to hostkey group
   ansible.builtin.user:
@@ -10,7 +13,7 @@
     groups: hostkey
     append: true
     create_home: false
-  notify: Restart unbound_exporter
+  notify: Restart unbound_exporter_stunnel
 
 - name: Create config directory
   ansible.builtin.file:
@@ -20,17 +23,38 @@
     owner: root
     group: "{{ ansible_wheel }}"
 
-- name: Create web-config
+- name: Create stunnel config
   ansible.builtin.template:
-    dest: /etc/unbound_exporter/web-config.yml
-    src: web-config.yml.j2
+    dest: /etc/unbound_exporter/stunnel.conf
+    src: stunnel.conf.j2
     mode: "0644"
     owner: root
     group: "{{ ansible_wheel }}"
-  notify: Restart unbound_exporter
+  notify: Restart unbound_exporter_stunnel
 
 - name: Enable service
   ansible.builtin.service:
     name: unbound_exporter
     state: started
     enabled: true
+    arguments: >-
+      -unbound.ca
+      -unbound.cert
+      -unbound.host unix:///var/run/unbound.sock
+      -web.listen-address 127.0.0.1:9167
+  notify: Restart unbound_exporter
+
+- name: Create stunnel service config
+  ansible.builtin.copy:
+    dest: /etc/rc.d/unbound_exporter_stunnel
+    src: unbound_exporter_stunnel.sh
+    mode: "0755"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart unbound_exporter_stunnel
+
+- name: Enable stunnel service
+  ansible.builtin.service:
+    name: unbound_exporter_stunnel
+    state: started
+    enabled: true