---

- name: Install powerdns
  apt:
    name:
    - dnsdist
    - pdns-backend-bind
    - pdns-recursor
    - pdns-server

- name: Ensure certificates are available
  command:
    cmd: >
      openssl req -x509 -nodes -newkey rsa:2048
      -keyout /etc/dnsdist/{{ ansible_fqdn }}.key
      -out /etc/dnsdist/{{ ansible_fqdn }}.crt
      -days 730 -subj "/CN={{ ansible_fqdn }}"
    creates: /etc/dnsdist/{{ ansible_fqdn }}.crt
  notify: Restart dnsdist

- name: Configure certificate manager
  template: src=certs.j2 dest=/etc/acertmgr/{{ ansible_fqdn }}_dns.conf
  notify: Run acertmgr

- name: Create zone directory
  file: path=/etc/powerdns/bind/ state=directory

- name: Configure powerdns
  template: src={{ item }}.j2 dest=/etc/powerdns/{{ item }}
  notify: Restart powerdns
  with_items:
  - bind/ffrgb.zone
  - bind/90.10.in-addr.arpa.zone
  - bindbackend.conf
  - pdns.conf
  - recursor.conf

- name: Configure dnsdist
  template: src=dnsdist.conf.j2 dest=/etc/dnsdist/dnsdist.conf
  notify: Restart dnsdist

- name: Start the dns services
  service: name={{ item }} state=started enabled=yes
  with_items:
  - dnsdist
  - pdns
  - pdns-recursor