From 068151113970cc8f9c4b516230aaaa29ad80e661 Mon Sep 17 00:00:00 2001
From: Raoul <raoul@ccczh.ch>
Date: Sat, 20 Jul 2019 13:49:51 +0200
Subject: [PATCH] Better config file validation

---
 files/unbound.conf | 2 --
 handlers/main.yml  | 6 ++++++
 tasks/main.yml     | 5 +++--
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/files/unbound.conf b/files/unbound.conf
index 3371de1..add780a 100644
--- a/files/unbound.conf
+++ b/files/unbound.conf
@@ -4,7 +4,6 @@ remote-control:
     control-enable: no
 
 server:
-    # listen on local network, allow local network access
 {% for address in unbound_listen_addresses %}
     interface: {{ address }}
 {% endfor %}
@@ -13,7 +12,6 @@ server:
 
     chroot: ""
 
-    # logging
     log-time-ascii: yes
     log-queries: no
     verbosity: 1
diff --git a/handlers/main.yml b/handlers/main.yml
index 91239c1..204352d 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,4 +1,10 @@
 ---
+- name: unbound checkconf
+  command: unbound-checkconf /etc/unbound/unbound.conf
+  changed_when: True
+  notify: restart unbound
+
+
 - name: restart unbound
   service:
     name: unbound
diff --git a/tasks/main.yml b/tasks/main.yml
index 2e6211d..90c2fe0 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -17,6 +17,8 @@
     mode: 'u=rw,g=r,o=r'
   with_fileglob:
     - 'files/snippets/*.conf'
+  notify:
+    - unbound checkconf
 
 
 - name: Copy main unbound configuration
@@ -26,6 +28,5 @@
     owner: root
     group: root
     mode: 'u=rw,g=r,o=r'
-    validate: 'unbound-checkconf %s'
   notify:
-    - restart unbound
+    - unbound checkconf