Add unbound

Spamassassin on apollo tries to connect to a local dns resolver, but
can't which leads to long timeouts. Flyspray sends mail via SMTP which
goes through SA and thus each request that sends a mail will also block
for a long time.

Fix this by adding unbound as a local resolver which is needed for
proper performance of SA since public resolvers are often blocked by
blacklists because they send too many requests.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

playbooks/apollo.yml

@@ -12,6 +12,7 @@
     - { role: nginx, letsencrypt_validation_dir: "/var/lib/letsencrypt", tags: ["nginx"] }
     - { role: planet, planet_domain: "planet.archlinux.org", planet_dir: "/srv/http/planet", tags: ["planet"] }
     - { role: spampd, tags: ["mail", "spampd"] }
+    - { role: unbound, tags: ["mail", "unbound"] }
     - { role: postfix, postfix_server: false, postfix_smtpd_public: true, postfix_patchwork_enabled: true, tags: ["mail", "postfix"] }
     - { role: opendkim, dkim_selector: apollo, tags: ['mail', "opendkim"] }
       #- { role: dovecot, tags: ['mail', "dovecot"] }

roles/unbound/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+
+- name: restart unbound
+  service: name=unbound state=restarted

roles/unbound/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Install unbound
+  pacman: name=unbound
+
+- name: Install unbound config file
+  template: src=unbound.conf.j2 dest=/etc/unbound/unbound.conf owner=root group=root mode=0644
+  notify:
+    - restart unbound
+
+- name: Create remote-control keys
+  command: unbound-control-setup creates=/etc/unbound/unbound_control.key
+
+- name: Active service
+  service: name=unbound state=started enabled=yes

roles/unbound/templates/unbound.conf.j2

@@ -0,0 +1,9 @@
+server:               
+	use-syslog: yes     
+	username: "unbound" 
+	directory: "/etc/unbound"                  
+	verbosity: 1        
+	trust-anchor-file: trusted-key.key         
+
+remote-control:       
+	control-enable: yes