From b705178a8aa516e83e38514e76485780bc7c9b56 Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@zarb.org>
Date: Sat, 9 Apr 2016 19:20:03 +0200
Subject: [PATCH] Refactor the copy of keys and certs for unbound

Also restart the server if the key is changed, and tags the task
---
 roles/unbound/tasks/main.yml | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/roles/unbound/tasks/main.yml b/roles/unbound/tasks/main.yml
index ef32ab2649..a25e14cd85 100644
--- a/roles/unbound/tasks/main.yml
+++ b/roles/unbound/tasks/main.yml
@@ -24,17 +24,17 @@
   notify:
   - semanage dns8953
 
-- name: copying unbound control key
-  copy: src="{{ private }}/files/unbound/unbound_control.key" dest=/etc/unbound/unbound_control.key owner=root group=unbound mode=640
-
-- name: copying unbound control pem
-  copy: src="{{ private }}/files/unbound/unbound_control.pem" dest=/etc/unbound/unbound_control.pem owner=root group=unbound mode=640
-
-- name: copying unbound server key
-  copy: src="{{ private }}/files/unbound/unbound_server.key" dest=/etc/unbound/unbound_server.key owner=root group=unbound mode=640
-
-- name: copying unbound server pem
-  copy: src="{{ private }}/files/unbound/unbound_server.pem" dest=/etc/unbound/unbound_server.pem owner=root group=unbound mode=640
+- name: copying unbound keys and certs
+  copy: src="{{ private }}/files/unbound/unbound_{{ item }}" dest=/etc/unbound/unbound_{{ item }} owner=root group=unbound mode=640
+  with_items:
+  - control.key
+  - control.pem
+  - server.key
+  - server.pem
+  notify:
+  - restart unbound
+  tags:
+  - config
 
 - name: Enable and start unbound service
   service: state=running enabled=true name=unbound