---
- name: Include OS-specific variables
  ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"

- name: Install packages
  ansible.builtin.package:
    name: unbound
    state: installed
  when: ansible_os_family != "OpenBSD"

- name: Create control keys
  ansible.builtin.command:
    argv:
      - unbound-control-setup
    creates: "{{ unbound_confdir }}/unbound_control.key"
  notify: Restart unbound

- name: Copy zone files
  ansible.builtin.copy:
    dest: "{{ unbound_zonedir }}/{{ item }}"
    src: "/srv/dns/{{ item }}"
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  with_items: "{{ unbound_zones }}"
  notify: Restart unbound
  when: unbound_zones is defined

- name: Copy config
  ansible.builtin.template:
    dest: "{{ unbound_confdir }}/unbound.conf"
    src: "unbound.conf.{{ inventory_hostname }}.j2"
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
    validate: "unbound-checkconf %s"
  notify: Restart unbound

- name: Enable service
  ansible.builtin.service:
    name: unbound
    state: started
    enabled: true