- name: Setup primary nameserver
  hosts: ns1.k-space.ee
  tasks:
  - name: Make sure bind9 is installed
    ansible.builtin.apt:
      name: bind9
      state: present
  - name: Configure Bind
    register: bind
    copy:
      dest: /etc/bind/named.conf
      content: |
        # This file is managed by Ansible
        # https://git.k-space.ee/k-space/kube/src/branch/master/ansible-bind-primary.yml
        # Do NOT modify manually

        include "/etc/bind/named.conf.options";
        include "/etc/bind/named.conf.local";
        include "/etc/bind/readwrite.key";
        include "/etc/bind/readonly.key";

        # https://kb.isc.org/docs/aa-00723

        acl allowed {
            172.20.3.0/24;
            172.20.4.0/24;
        };

        acl rejected { !allowed; any; };

        zone "." {
            type hint;
            file "/var/lib/bind/db.root";
        };

        zone "k-space.ee" {
            type master;
            file "/var/lib/bind/db.k-space.ee";
            allow-update { !rejected; key readwrite; };
            allow-transfer { !rejected; key readonly; key readwrite; };
            notify explicit; also-notify { 172.20.53.1; 172.20.53.2; 172.20.53.3; };
        };

        zone "k6.ee" {
            type master;
            file "/var/lib/bind/db.k6.ee";
            allow-update { !rejected; key readwrite; };
            allow-transfer { !rejected; key readonly; key readwrite; };
            notify explicit; also-notify { 172.20.53.1; 172.20.53.2; 172.20.53.3; };
        };

        zone "kspace.ee" {
            type master;
            file "/var/lib/bind/db.kspace.ee";
            allow-update { !rejected; key readwrite; };
            allow-transfer { !rejected; key readonly; key readwrite; };
            notify explicit; also-notify { 172.20.53.1; 172.20.53.2; 172.20.53.3; };
        };
  - name: Check Bind config
    ansible.builtin.shell: "named-checkconf"
  - name: Reload Bind config
    service:
      name: bind9
      state: reloaded
    when: bind.changed