From 9696f406cebcb797d89d51fa00f73a439c9e7e3b Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Mon, 6 Jan 2025 20:27:55 +0000
Subject: [PATCH] unwind: Initial version of role

---
 roles/unwind/handlers/main.yml        |  5 +++++
 roles/unwind/tasks/main.yml           | 15 +++++++++++++++
 roles/unwind/templates/unwind.conf.j2 | 10 ++++++++++
 3 files changed, 30 insertions(+)
 create mode 100644 roles/unwind/handlers/main.yml
 create mode 100644 roles/unwind/tasks/main.yml
 create mode 100644 roles/unwind/templates/unwind.conf.j2

diff --git a/roles/unwind/handlers/main.yml b/roles/unwind/handlers/main.yml
new file mode 100644
index 0000000..05d7492
--- /dev/null
+++ b/roles/unwind/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart unwind
+  ansible.builtin.service:
+    name: unwind
+    state: restarted
diff --git a/roles/unwind/tasks/main.yml b/roles/unwind/tasks/main.yml
new file mode 100644
index 0000000..3c2e9a6
--- /dev/null
+++ b/roles/unwind/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: Copy config
+  ansible.builtin.template:
+    dest: /etc/unwind.conf
+    src: unwind.conf.j2
+    mode: "0644"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart unwind
+
+- name: Enable service
+  ansible.builtin.service:
+    name: unwind
+    state: started
+    enabled: true
diff --git a/roles/unwind/templates/unwind.conf.j2 b/roles/unwind/templates/unwind.conf.j2
new file mode 100644
index 0000000..2a704ce
--- /dev/null
+++ b/roles/unwind/templates/unwind.conf.j2
@@ -0,0 +1,10 @@
+{% if network_dns_servers is defined %}
+forwarder {
+{%   for addr in network_dns_servers %}
+    {{ addr }} port 853 authentication name "{{ lookup('community.general.dig', addr + '/PTR')[:-1] }}" DoT
+{%   endfor %}
+}
+preference { DoT }
+{% else %}
+preference { oDoT-autoconf }
+{% endif %}