nsd/tasks/main.yml

---

- name: Ensure resolved stays down
  systemd:
    enabled: false
    state: stopped
    masked: yes
    name: systemd-resolved

- name: Create primary zone directory
  file:
    path: "{{ nsd_primary_zones_dir }}"
    state: directory
    owner: nsd
    group: nsd
    mode: 0711

- name: Create control dir
  file:
    path: /etc/nsd/control
    state: directory
    owner: nsd
    group: nsd
    mode: 0700

- name: Create subdirectories
  file:
    path: "{{ nsd_primary_zones_dir }}/{{ item }}"
    state: directory
    owner: nsd
    group: nsd
    mode: 0700
  when: nsd_zone_subdirs is defined
  loop: "{{ nsd_zone_subdirs }}"

- name: Create secondary zone directory
  file:
    path: "{{ nsd_secondary_zones_dir }}"
    state: directory
    owner: nsd
    group: nsd
    mode: 0755

- name: Configure nsd zones
  template:
    src: zones_config.j2
    dest: "{{ nsd_zones_config_file }}"
    owner: nsd
    group: nsd
    mode: 0600
    validate: 'nsd-checkconf %s'

- name: Create base nsd configuration file
  template:
    src: config.j2
    dest: "{{ nsd_config_dir }}/nsd.conf"
    owner: nsd
    group: nsd
    mode: 0644
    validate: 'nsd-checkconf %s'
  notify:
    - restart nsd

- name: Copy content of subdirs
  copy:
    src: '{{ playbook_dir }}/files/nsd/{{ item }}'
    dest: "{{ nsd_primary_zones_dir }}"
    owner: nsd
    group: nsd
    mode: 0600
    directory_mode: 0711
  when: nsd_zone_subdirs is defined
  loop: "{{ nsd_zone_subdirs }}"

- name: Copy content of primary zones
  copy:
    src: "{{ playbook_dir }}/files/nsd/{{ item.zone_filename }}"
    dest: "{{ nsd_primary_zones_dir }}/{{ item.zone_filename }}"
    owner: root
    group: root
    mode: 0644
  with_items: "{{ nsd_primary_zones }}"
  notify:
    - rebuild nsd database
    - reload nsd database
    - notify slaves

- name: Add dnssec renewal crons
  cron:
    special_time: monthly
    user: nsd
    job: "bash {{ nsd_primary_zones_dir }}/{{ item }}/source.sh"
  loop: "{{ nsd_zone_subdirs }}"