commit 97737b3186fa060a08c2638162d52a755dd20321
Author: Philip (a-0) <@ph:a-0.me>
Date:   Tue Jul 26 19:16:49 2022 +0200

    Initial commit

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..d76b0c0
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+unbound_os_supported: False
+
+unbound_ip4_subnet: "192.168.0.0/24"
\ No newline at end of file
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..ed97d53
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1 @@
+---
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..2002130
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,2 @@
+---
+galaxy_info:
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..516d1de
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,42 @@
+---
+- name: Set OS dependent variables
+  ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_distribution | lower }}_{{ ansible_distribution_version | lower }}.yml"
+        - "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version | lower }}.yml"
+        - "{{ ansible_distribution | lower }}.yml"
+        - "{{ ansible_os_family | lower }}.yml"
+        - "{{ ansible_system | lower }}.yml"
+      paths:
+        - '{{ role_path }}/vars'
+  ignore_errors: True
+
+- name: OS is supported
+  ansible.builtin.assert:
+    that: __os_supported
+    quiet: True
+  vars:
+    __os_supported: "{{ lookup('vars', '{}_os_supported'.format(role_name)) | bool }}"
+
+- name: Install unbound
+  apt:
+    name: unbound
+    state: present
+    update_cache: yes
+
+- name: Set unbound config file
+  template:
+    src: default.conf.j2
+    dest: "{{ unbound_conf_dir }}unbound.conf.d/default.conf"
+
+- name: Set unbound logrotate config
+  template:
+    src: unbound_logrotate.conf.j2
+    dest: "{{ unbound_logrotate_dir }}unbound"
+  
+- name: Restart unbound
+  service:
+    name: unbound
+    state: restarted
\ No newline at end of file
diff --git a/templates/default.conf.j2 b/templates/default.conf.j2
new file mode 100644
index 0000000..d8f646c
--- /dev/null
+++ b/templates/default.conf.j2
@@ -0,0 +1,29 @@
+server:
+  interface: {{ unbound_ip4 }}
+  port: {{ unbound_port }}
+  access-control: {{ unbound_ip4_subnet }} allow_snoop
+  verbosity: 2
+
+  logfile: "/var/log/unbound/unbound.log"
+  log-time-ascii: yes
+  statistics-cumulative: yes
+
+# Optimization
+  num-threads: 3
+  msg-cache-slabs: 2
+  rrset-cache-slabs: 2
+  infra-cache-slabs: 2
+  key-cache-slabs: 2
+
+  rrset-cache-size: 257051306
+  msg-cache-size: 128525653
+
+  so-reuseport: yes
+
+  minimal-responses: yes
+
+  prefetch: yes
+  prefetch-key: yes
+
+  serve-expired: yes
+  cache-max-ttl: 3600
\ No newline at end of file
diff --git a/templates/unbound_logrotate.conf.j2 b/templates/unbound_logrotate.conf.j2
new file mode 100644
index 0000000..2bfb56f
--- /dev/null
+++ b/templates/unbound_logrotate.conf.j2
@@ -0,0 +1,9 @@
+/var/log/unbound/unbound.log {
+    daily
+    missingok
+    rotate 30
+    compress
+    delaycompress
+    notifempty
+    create 640 root root
+}
\ No newline at end of file
diff --git a/vars/debian.yml b/vars/debian.yml
new file mode 100644
index 0000000..ec5a926
--- /dev/null
+++ b/vars/debian.yml
@@ -0,0 +1,5 @@
+---
+unbound_os_supported: True
+
+unbound_conf_dir: /etc/unbound/
+unbound_logrotate_dir: /etc/logrotate.d/
\ No newline at end of file