update unbound role for IPv6

roles/unbound/templates/recursive.conf.j2

@@ -11,20 +11,32 @@ server:
     logfile: "/var/log/unbound/unbound.log"
 
     do-ip4: yes
-    # FIXME: IPv6 deployment... someday...
+    do-ip6: yes
-    do-ip6: no
 
     # IP addresses on which to listen.
+    #
+    # Note: dns_host_suffix is dynamically set in this role's tasks,
+    # and changes depending on whether we're handling the main or backup
+    # recursive DNS node.
+    
+    # IPv4
     interface: 10.{{ subnet_ids.ap }}.0.{{ dns_host_suffix }}
     interface: 10.{{ subnet_ids.users_wired }}.0.{{ dns_host_suffix }}
     interface: 10.{{ subnet_ids.users_wifi }}.0.{{ dns_host_suffix }}
 
+
+    # IPv6
+    interface: {{ ipv6_base_prefix }}:{{ subnet_ids.ap }}::0:{{ dns_host_suffix }}
+    interface: {{ ipv6_base_prefix }}:{{ subnet_ids.users_wired }}::0:{{ dns_host_suffix }}
+    interface: {{ ipv6_base_prefix }}:{{ subnet_ids.users_wifi }}::0:{{ dns_host_suffix }}
+
  
     # By default, anything other than localhost is refused.
     # Whitelist some subnets:
     access-control: 10.{{ subnet_ids.ap }}.0.0/16 allow
     access-control: 10.{{ subnet_ids.users_wired }}.0.0/16 allow
     access-control: 10.{{ subnet_ids.users_wifi }}.0.0/16 allow
+    access-control: {{ ipv6_base_prefix }}::/32 # Fuck it... :)
 
     num-threads: {{ ansible_processor_vcpus }}