replace unbound w/ kresd, add user (needs ansible users bugfix for pw)

roles/server/files/kresd.conf

@@ -0,0 +1,12 @@
+-- Network interface configuration
+net.listen('127.0.0.1', 53, { kind = 'dns' })
+net.listen('127.0.0.1', 853, { kind = 'tls' })
+net.listen('::1', 53, { kind = 'dns', freebind = true })
+net.listen('::1', 853, { kind = 'tls', freebind = true })
+
+-- Load useful modules
+modules = {
+        'hints > iterate',  -- Allow loading /etc/hosts or custom root hints
+        'stats',            -- Track internal statistics
+        'predict',          -- Prefetch expiring/frequent records
+}

roles/server/handlers/main.yaml

@@ -0,0 +1,12 @@
+---
+- name: start kresd
+  service:
+    name: kresd
+    state: started
+
+- name: stop unbound
+  service:
+    name: local_unbound
+    state: stopped
+
+- meta: flush_handlers

roles/server/tasks/main.yaml

@@ -74,3 +74,28 @@
     group: wheel
     mode: '0600'
 
+- name: Install knot resolver config
+  ansible.builtin.copy:
+    src: roles/server/files/kresd.conf
+    dest: /usr/local/etc/knot-resolver/kresd.conf
+    owner: root
+    group: wheel
+    mode: '0644'
+
+- name: Symlink knot dig
+  shell: "ln -sf /usr/local/bin/kdig /usr/local/bin/dig"
+  args:
+    creates: "/usr/local/bin/dig"
+
+- name: disable unbound
+  community.general.sysrc:
+    name: local_unbound_enable
+    value: "NO"
+  notify: stop unbound
+
+- name: enable knot resolver
+  community.general.sysrc:
+    name: kresd_enable
+    value: "YES"
+  notify: start kresd
+