---

- name: Create zone file
  ansible.builtin.template:
    src: "{{ 'zones/parking.zone.j2' if item.parking | default(false) else 'zones/' ~ item.name ~ '.zone.j2' }}"
    dest: "{{ nsd_default_etc_path }}zones/{{ item.name }}.zone"
    owner: nsd
    group: nsd
    mode: "0o644"
  vars:
    dns_serial: "{{ ansible_date_time.epoch }}"
    web_hostname_block: |-
      {% for webserver in groups['webservers'] | sort -%}
      {% for web_hostname in (hostvars[webserver]['web_hostname'] | selectattr('host', 'match', '.+' ~ item.name) | sort(attribute='host')) -%}
      {{ web_hostname.host | regex_replace('\.' ~ item.name ~ '$', '') }}		IN CNAME {{ webserver }}.
      {% endfor %}
      {% endfor %}

- name: Create zone key dir
  ansible.builtin.file:
    path: "{{ nsd_default_etc_path }}keys/{{ item.name }}/"
    owner: nsd
    group: nsd
    mode: "0o750"
    state: directory

- name: Create the associated keys
  become: true
  become_user: nsd
  ansible.builtin.command:
    cmd: "ldns-keygen -a ECDSAP256SHA256 -k -s {{ item.name }}"
    chdir: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/"
    creates: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/.ds"

- name: Check zone file
  ansible.builtin.command:
    cmd: "nsd-checkzone {{ item.name }} {{ nsd_default_etc_path }}zones/{{ item.name }}.zone"
  changed_when: false

- name: Stat associated keys
  ansible.builtin.stat:
    path: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/.ds"
  register: _stat_keys

- name: Sign zone file
  become: true
  become_user: nsd
  ansible.builtin.command:
    chdir: "{{ nsd_default_etc_path }}/keys/{{ item.name }}/"
    cmd: "ldns-signzone -o {{ item.name }} -u {{ nsd_default_etc_path }}/zones/{{ item.name }}.zone {{ (_stat_keys.stat.lnk_target | split('.'))[:-1] | join('.') }}"
  changed_when: true

- name: Reload zone
  ansible.builtin.command:
    cmd: "nsd-control reload {{ item.name }}"
  changed_when: false