From 8641861a2fdb83882f1fa6f1c7fb3cadbce6aa6f Mon Sep 17 00:00:00 2001
From: Raoul <raoul@ccczh.ch>
Date: Sat, 20 Jul 2019 02:08:55 +0200
Subject: [PATCH] Implement listen addresses (and ports) for unbound

---
 defaults/main.yml  | 5 +++++
 files/unbound.conf | 5 +++--
 tasks/main.yml     | 6 ++++--
 3 files changed, 12 insertions(+), 4 deletions(-)
 create mode 100644 defaults/main.yml

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..bff7123
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+unbound_listen_addresses:
+  - '127.0.0.1@53'
+  - '::1@53'
diff --git a/files/unbound.conf b/files/unbound.conf
index 39a163c..3371de1 100644
--- a/files/unbound.conf
+++ b/files/unbound.conf
@@ -5,8 +5,9 @@ remote-control:
 
 server:
     # listen on local network, allow local network access
-    interface: 127.0.0.1
-    interface: ::1
+{% for address in unbound_listen_addresses %}
+    interface: {{ address }}
+{% endfor %}
     access-control: 127.0.0.1 allow
     access-control: ::1 allow
 
diff --git a/tasks/main.yml b/tasks/main.yml
index 9ce3710..b956149 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,12 +1,13 @@
 ---
 - name: Install unbound
   apt:
-    pkg:
+    package:
       - unbound
     state: 'latest'
     update_cache: yes
     cache_valid_time: 43200
 
+
 - name: Copy unbound configuration snippets
   copy:
     src: '{{ item }}'
@@ -17,8 +18,9 @@
   with_fileglob:
     - 'files/snippets/*.conf'
 
+
 - name: Copy main unbound configuration
-  copy:
+  template:
     src: '{{ lookup("hf", "unbound.conf") }}'
     dest: '/etc/unbound/unbound.conf'
     owner: root