---

- name: Create zone directory
  file:
    path: "{{ domain_directory }}"
    state: directory
    owner: root
    group: root
    mode: "u=rwx,g=rx"

- name: Determine if keys are generated already
  find:
    paths: "{{ domain_directory }}"
    patterns: "K{{ domain }}.+*+*"
  register: keys_found

- name: Generate keys for zone {{ domain }}
  include_tasks: generate_keys.yml
  when: keys_found.matched < 2

- name: Find generated public keys
  find:
    paths: "{{ domain_directory }}"
    patterns: "K{{ domain }}.+*+*.key"
  register: keys_list

- name: Store database of zone {{ domain }}
  template:
    src: zone.db
    dest: "{{ database_file }}"
    owner: root
    group: "{{ dns_user }}"
    mode: "u=rw,g=r,o=r"
    validate: "named-checkzone {{ domain }} %s"
  notify: reload bind9
  register: database_stored

# TODO Change to makefile
# TODO test -N=UNIXTIME instead of unix time by ansible
- name: Sign zone {{ domain }}
  shell: >-
    dnssec-signzone
    -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16)
    -a
    -N KEEP
    -o {{ domain | quote }}
    -f {{ database_signed_file | quote }}
    {{ database_file | quote }}
  args:
    chdir: "{{ domain_directory }}"
    executable: "/bin/sh"
  when: database_stored.changed

- name: Configure zone {{ domain }}
  template:
    src: zone.conf
    dest: "{{ configuration_file }}"
    owner: root
    group: "{{ dns_user }}"
    mode: "u=rw,g=r,o=r"
    validate: "named-checkconf %s"
  notify: reload bind9

- name: Include configuration file of zone {{ domain }}
  lineinfile:
    path: "{{ dns_zones_configuration }}"
    state: present
    line: "include \"{{ configuration_file }}\";"
    validate: "named-checkconf %s"
  notify: reload bind9