---
- name: install dns server packages
  package:
    name: "{{ item }}"
    state: present
  loop:
    - bind9
    - bind9-doc
    - bind9utils

- name: write named.conf
  template:
    src: named.conf.j2
    dest: /etc/bind/named.conf
    owner: root
    group: bind
    mode: 0644
  notify: restart bind9

- name: write named.conf.options
  template:
    src: named.conf.options.j2
    dest: /etc/bind/named.conf.options
    owner: root
    group: bind
    mode: 0644
  notify: restart bind9

- name: write named.conf.logging
  template:
    src: named.conf.logging.j2
    dest: /etc/bind/named.conf.logging
    owner: root
    group: bind
    mode: 0644
  notify: restart bind9

- name: write named.conf.ffmwu-zones
  template:
    src: named.conf.ffmwu-zones.j2
    dest: /etc/bind/named.conf.ffmwu-zones
    owner: root
    group: bind
    mode: 0644
  notify: restart bind9

- name: write initial icvpn bind config
  shell: /usr/bin/python3 /home/admin/clones/icvpn-scripts/mkdns -f bind -x mwu -x bingen -s /home/admin/clones/icvpn-meta > /etc/bind/named.conf.icvpn
  args:
    chdir: /home/admin/clones/icvpn-scripts
    creates: /etc/bind/named.conf.icvpn
  notify: restart bind9

- name: set file attributes for icvpn config
  file:
    path: /etc/bind/named.conf.icvpn
    mode: 0644
    owner: admin
    group: bind
  notify: restart bind9

- name: write systemd unit icvpn-dns-update.service
  template:
    src: icvpn-dns-update.service.j2
    dest: /etc/systemd/system/icvpn-dns-update.service
    owner: root
    group: root
    mode: 0644
  notify: reload systemd

- name: write systemd timer icvpn-dns-update.timer
  template:
    src: icvpn-dns-update.timer.j2
    dest: /etc/systemd/system/icvpn-dns-update.timer
    owner: root
    group: root
    mode: 0644
  notify: reload systemd

- name: configure systemd unit/timer icvpn-dns-update
  systemd:
    name: icvpn-dns-update.timer
    enabled: yes
    state: started

- name: enable systemd unit bind9
  systemd:
    name: bind9
    enabled: yes
    state: started