---

- name: Get nsupdate.key
  shell: "pdnsutil list-tsig-keys | grep '^acme-{{ inventory_hostname }}. {{ acme_dnskey_algorithm }}'"
  register: "pdns_key"
  failed_when: "False"
  changed_when: "False"
  delegate_to: "{{ acme_dnskey_server }}"

- name: Update updatepolicy.aliases
  lineinfile:
    path: "/etc/powerdns/updatepolicy.aliases"
    line: 'alias["{{ inventory_hostname }}."] = {}'
  delegate_to: "{{ acme_dnskey_server }}"

- name: Update updatepolicy.aliases
  lineinfile:
    path: "/etc/powerdns/updatepolicy.aliases"
    line: 'alias["{{ inventory_hostname }}."]["{{ item }}."] = "{{ item }}."'
  loop: "{{ acme_dnskey_san_domains }}"
  delegate_to: "{{ acme_dnskey_server }}"

- name: Generate nsupdate.key
  shell: "pdnsutil generate-tsig-key 'acme-{{ inventory_hostname }}.' '{{ acme_dnskey_algorithm }}'"
  register: "pdns_genkey"
  when: "pdns_key is defined and pdns_key.rc != 0"
  delegate_to: "{{ acme_dnskey_server }}"

- name: Get nsupdate.key again
  shell: "pdnsutil list-tsig-keys | grep '^acme-{{ inventory_hostname }}. {{ acme_dnskey_algorithm }}'"
  register: "pdns_nsupdate_key"
  when: "pdns_genkey is defined"
  changed_when: "False"
  delegate_to: "{{ acme_dnskey_server }}"

- name: Write nsupdate.key to file
  template:
      src: "nsupdate.key.j2"
      dest: "{{ acme_dnskey_file }}"
  when: "pdns_key is defined"