---
- name: Install packages
  ansible.builtin.package:
    name: "{{ item }}"
    state: installed
  with_items:
    - stunnel
    - unbound_exporter

- name: Add user to hostkey group
  ansible.builtin.user:
    name: _unboundexporter
    groups: hostkey
    append: true
    create_home: false
  notify: Restart unbound_exporter_stunnel

- name: Create config directory
  ansible.builtin.file:
    path: /etc/unbound_exporter
    state: directory
    mode: "0755"
    owner: root
    group: "{{ ansible_wheel }}"

- name: Create stunnel config
  ansible.builtin.template:
    dest: /etc/unbound_exporter/stunnel.conf
    src: stunnel.conf.j2
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart unbound_exporter_stunnel

- name: Enable service
  ansible.builtin.service:
    name: unbound_exporter
    state: started
    enabled: true
    arguments: >-
      -unbound.ca
      -unbound.cert
      -unbound.host unix:///var/run/unbound.sock
      -web.listen-address 127.0.0.1:9167
  notify: Restart unbound_exporter

- name: Create stunnel service config
  ansible.builtin.copy:
    dest: /etc/rc.d/unbound_exporter_stunnel
    src: unbound_exporter_stunnel.sh
    mode: "0755"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart unbound_exporter_stunnel

- name: Enable stunnel service
  ansible.builtin.service:
    name: unbound_exporter_stunnel
    state: started
    enabled: true