From c07a0fbd92ffb1845c3081057490be33465f5218 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Wed, 18 Jun 2025 16:45:53 +0000
Subject: [PATCH] unbound: Use correct certs for dna-gw hosts

---
 roles/unbound/templates/unbound.conf.dna.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/unbound/templates/unbound.conf.dna.j2 b/roles/unbound/templates/unbound.conf.dna.j2
index 335da99..d8928fb 100644
--- a/roles/unbound/templates/unbound.conf.dna.j2
+++ b/roles/unbound/templates/unbound.conf.dna.j2
@@ -15,8 +15,8 @@ server:
     interface: {{ intnet_prefix }}.12@53
     interface: {{ intnet_prefix }}.12@853
 
-    tls-service-key: {{ tls_private }}/dns.home.foo.sh.key
-    tls-service-pem: {{ tls_certs }}/dns.home.foo.sh.crt
+    tls-service-key: {{ tls_private }}/dns.{{ inventory_hostname.split('.')[1] }}.foo.sh.key
+    tls-service-pem: {{ tls_certs }}/dns.{{ inventory_hostname.split('.')[1] }}.foo.sh.crt
     tls-cert-bundle: {{ tls_bundle }}
 
     access-control: 127.0.0.0/8 allow