---

- name: Include OS-specific variables
  ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"

- name: Install bind and dependencies
  ansible.builtin.package:
    name: "{{ item }}"
    state: present
  with_items: "{{ bind_package_names }}"

- name: Create logging directory
  ansible.builtin.file:
    path: "{{ bind_log_directory }}"
    owner: "{{ bind_unix_user }}"
    group: "{{ bind_unix_group }}"
    mode: "0755"
    state: directory
    recurse: true

- name: Create config directory
  ansible.builtin.file:
    path: "{{ bind_config_directory }}"
    owner: "{{ bind_unix_user }}"
    group: "{{ bind_unix_group }}"
    mode: "0755"
    state: directory
    recurse: true

- name: Remove existing journal files
  block:
  - name: Find existing journal files
    ansible.builtin.find:
      path: "{{ bind_config_directory }}"
      recurse: true
      patterns: "*.jnl"
    register: files_to_delete
  - name: Delete existing journal files
    ansible.builtin.file:
      path: "{{ item.path }}"
      state: absent
    with_items: "{{ files_to_delete.files }}"

- name: Remove existing signed zone files
  block:
  - name: Find existing signed zone files
    ansible.builtin.find:
      path: "{{ bind_config_directory }}"
      recurse: true
      patterns: "*.signed"
    register: files_to_delete
  - name: Delete existing signed zone files
    ansible.builtin.file:
      path: "{{ item.path }}"
      state: absent
    with_items: "{{ files_to_delete.files }}"

- name: Remove existing DNSSEC key directory
  block:
  - name: Check if DNSSEC key directory exists
    ansible.builtin.stat:
      path: "{{ bind9_options.key_directory }}"
    register: _stat_bind9_options_key_directory
  - name: Remove DNSSEC key directory
    ansible.builtin.file:
      path: "{{ bind9_options.key_directory }}"
      state: "absent"
    when: _stat_bind9_options_key_directory.stat.exists

- name: Create DNSSEC key directory
  ansible.builtin.file:
    path: "{{ bind9_options.key_directory }}"
    owner: "{{ bind_unix_user }}"
    group: "{{ bind_unix_group }}"
    mode: "0700"
    state: directory

- name: Create DNSSEC files
  ansible.builtin.include_tasks: create_dnssec_files.yml
  with_items: "{{ bind9_dnssec_keys }}"
  no_log: true
  loop_control:
    loop_var: bind9_dnssec_key

- name: Create DNS-Zone files
  ansible.builtin.include_tasks: template_zone_files.yml
  with_items:
  - "{{ bind9_views }}"
  loop_control:
    loop_var: view

- name: Create main configuration file
  ansible.builtin.template:
    src: "etc/named.conf.j2"
    dest: "{{ bind_main_config }}"
    owner: "{{ bind_unix_user }}"
    group: "{{ bind_unix_group }}"
    mode: "0644"
  notify: Restart named

- name: Create excluded configuration files
  ansible.builtin.template:
    src: "{{ item }}.j2"
    dest: "{{ item | replace('etc/named', bind_config_directory) }}"
    owner: "{{ bind_unix_user }}"
    group: "{{ bind_unix_group }}"
    mode: "0644"
  with_items:
  - etc/named.conf
  - etc/named/named.conf.acl
  - etc/named/named.conf.logging
  - etc/named/named.conf.options
  - etc/named/named.conf.tsigkeys
  - etc/named/named.conf.views
  notify: Restart named

- name: Start and enabled named
  ansible.builtin.systemd:
    name: named
    state: started
    enabled: true

- name: Create rndc.key
  ansible.builtin.template:
    src: etc/rndc.key.j2
    dest: /etc/rndc.key
    owner: "{{ bind_unix_user }}"
    group: "{{ bind_unix_group }}"
    mode: "0600"
  when: bind9_rndc_key.name | length > 0 and
        bind9_rndc_key.algorithm | length > 0 and
        bind9_rndc_key.secret | length > 0