openstack-zuul-jobs/roles/configure-unbound/tasks/main.yaml

- name: Ensure /etc/unbound exists
  become: yes
  file:
    path: /etc/unbound
    state: directory
    owner: root
    group: root
    mode: 0755

# Use *only* ipv6 resolvers if ipv6 is present and routable
# (ansible_default_ipv6 should only be defined for a global, routable
# address). This avoids traversing potential NAT when using ipv4 which
# can be unreliable.
- name: Set IPv6 nameservers
  when: ansible_default_ipv6.address is defined
  set_fact:
    primary_nameserver: '{{ primary_nameserver_v6 }}'
    secondary_nameserver: '{{ secondary_nameserver_v6 }}'

# Fallback to default ipv4 if there is no ipv6 available as this
# causes timeouts and failovers that are unnecesary.
- name: Set IPv4 nameservers
  when:
    - ansible_default_ipv6.address is not defined
  set_fact:
    primary_nameserver: '{{ primary_nameserver_v4 }}'
    secondary_nameserver: '{{ secondary_nameserver_v4 }}'

- name: Configure unbound fowarding
  become: yes
  template:
    dest: '/etc/unbound/forwarding.conf'
    owner: root
    group: root
    mode: 0644
    src: forwarding.conf.j2

- name: restart unbound
  become: yes
  service:
    name: unbound
    state: restarted
    enabled: yes