---

- name: Install required packages
  apt:
    state: present
    name:
      - bind9

- name: Create directories for zone databases
  file:
    path: "{{ item }}"
    state: directory
    owner: root
    group: "{{ dns_user }}"
    mode: u=rwx,g=rx,o=
  loop:
    - "{{ zones_directory }}"
    - "{{ global_dns_zones_environment_directory }}"

- name: Upload makefile to domain zones configuration environment
  template:
    src: zones.makefile
    dest: "{{ global_dns_zones_environment_directory }}/makefile"
    owner: root
    group: root
    mode: u=rw,g=r,o=r

- name: Create link in domain zone configuration environment
  file:
    state: link
    src: "{{ zones_directory }}"
    dest: "{{ zones_environment_link }}"

- name: Configure bind9 options
  template:
    src: named.conf.options
    dest: "{{ options_configuration }}"
    owner: root
    group: "{{ dns_user }}"
    mode: "u=rw,g=r,o=r"
  notify: reload bind9

- name: Allow bind using apparmor to write zone files
  template:
    src: aa-profile.local
    dest: "{{ apparmor_profile_local }}"
    owner: root
    group: root
    mode: "u=rw,g=r,o="
  notify: reload apparmor profile

- name: Enable bind9 service
  systemd:
    name: bind9
    state: started
    enabled: yes

- name: Allow dns in firewall
  ufw:
    rule: allow
    port: 53
    proto: "{{ item }}"
  loop:
    - tcp
    - udp