ansible/roles/dns/master/tasks/generate_keys.yml

---

# TODO Change to makefile call

- name: Generate key signing key for zone {{ domain }}
  command: >-
    dnssec-keygen
    -f KSK
    -3
    -a {{ dnssec_algorithm | quote }}
    -b {{ dnssec_key_length | quote }}
    -n ZONE {{ domain | quote }}    
  args:
    chdir: "{{ domain_directory }}"

- name: Generate zone signing key for zone {{ domain }}
  command: >-
    dnssec-keygen
    -3
    -a {{ dnssec_algorithm | quote }}
    -b {{ dnssec_key_length | quote }}
    -n ZONE {{ domain | quote }}    
  args:
    chdir: "{{ domain_directory }}"

# TODO Copy public ZSK to localhost