---
- name: copy server certificate
  copy:
    dest: "{{ tls_private }}/{{ nsd_server }}.key"
    src: "{{ item }}"
    mode: 0600
    owner: root
    group: "{{ ansible_wheel }}"
  with_first_found:
    - "/srv/letsencrypt/live/{{ nsd_server }}/privkey.pem"
    - "/srv/ca/private/{{ nsd_server }}.key"
    - "/srv/ca/private/{{ inventory_hostname }}.key"
  tags: certificates
  notify: restart nsd

- name: copy server key
  copy:
    dest: "{{ tls_certs }}/{{ nsd_server }}.crt"
    src: "{{ item }}"
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  with_first_found:
    - "/srv/letsencrypt/live/{{ nsd_server }}/fullchain.pem"
    - "/srv/ca/certs/{{ site }}.crt"
    - "/srv/ca/certs/{{ inventory_hostname }}.crt"
  tags: certificates
  notify: restart nsd

- name: create nsd config
  template:
    src: nsd.conf.j2
    dest: /var/nsd/etc/nsd.conf
    mode: 0640
    owner: root
    group: _nsd
  notify: restart nsd

- name: copy zone files
  copy:
    dest: "/var/nsd/zones/master/{{ item|replace('/', '-') }}"
    src: "/srv/dns/{{ item|replace('/', '-') }}"
    mode: 0640
    owner: root
    group: _nsd
  notify: restart nsd
  with_items: "{{ nsd_zones }}"

- name: enable nsd
  service:
    name: nsd
    state: started
    enabled: true