---

- name: Add key for official source of bind
  apt_key:
    state: present
    id: 15058500A0235D97F5D10063B188E2B695BD4743
    url: https://packages.sury.org/bind/apt.gpg

- name: Add official source of bind
  apt_repository:
    state: present
    repo: "deb https://packages.sury.org/bind/ {{ ansible_distribution_release }} main"
    filename: isc-bind
    update_cache: yes

- name: Install required packages
  apt:
    state: present
    name:
      - bind9
      - python3-dnspython

- name: Create directories for zone databases
  file:
    path: "{{ item }}"
    state: directory
    owner: root
    group: "{{ dns_user }}"
    mode: u=rwx,g=rx,o=
  loop:
    - "{{ zones_directory }}"

- name: Configure bind9 options
  template:
    src: named.conf.options
    dest: "{{ options_configuration }}"
    owner: root
    group: "{{ dns_user }}"
    mode: "u=rw,g=r,o=r"
  notify: reload bind9

- name: Enable bind9 service
  systemd:
    name: "{{ global_bind_service_name }}"
    state: started
    enabled: yes

- name: Allow dns in firewall
  ufw:
    rule: allow
    port: 53
    proto: "{{ item }}"
  loop:
    - tcp
    - udp