- name: install coredns
  gather_facts: no
  hosts: "{{target}}"
  become: "{{become}}"
  tasks:

  - name: install additional packages
    ansible.builtin.apt:
      name:
        - net-tools
        - wget
      update_cache: true
      autoremove: true
      purge: true

  - name: grab and deploy coredns v1.12.4 binary
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: |
        set -e
        [[ -f coredns_1.12.4_linux_amd64.tgz ]] || \
          wget --timeout=3 --tries=1 https://github.com/coredns/coredns/releases/download/v1.12.4/coredns_1.12.4_linux_amd64.tgz
        [[ -f coredns_1.12.4_linux_amd64.tgz.sha256 ]] || \
          wget --timeout=3 --tries=1 https://github.com/coredns/coredns/releases/download/v1.12.4/coredns_1.12.4_linux_amd64.tgz.sha256
        #sha256sum coredns_1.12.4_linux_amd64.tgz
        #cat coredns_1.12.4_linux_amd64.tgz.sha256
        tar xzf coredns_1.12.4_linux_amd64.tgz
        mkdir -p /usr/local/bin/
        mv -f coredns /usr/local/bin/
        grep ^coredns /etc/passwd >/dev/null || useradd --system -s /sbin/nologin -d /etc/coredns -M coredns
        mkdir -p /etc/coredns/
      creates: /usr/local/bin/coredns
    register: install_results
  - debug: var=install_results.stdout
    when: install_results.stdout != ''
  - debug: var=install_results.stderr
    when: install_results.stderr != ''

  - name: deploy systemd unit
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: |
        cat > /etc/systemd/system/coredns.service <<EOF
        [Unit]
        After=network-online.target
        Wants=network-online.target

        [Service]
        User=coredns
        Group=coredns
        AmbientCapabilities=CAP_NET_BIND_SERVICE
        Restart=always
        WorkingDirectory=/etc/coredns
        ExecStart=/usr/local/bin/coredns
        ExecReload=/usr/bin/kill -USR1 $MAINPID

        [Install]
        WantedBy=multi-user.target
        EOF
        systemctl daemon-reload
        [[ -n `netstat -lntup | grep :53` ]] && echo disable stub resolver && exit 1
        systemctl enable coredns.service
      creates: /etc/systemd/system/coredns.service
    register: unit_results
  - debug: var=unit_results.stdout
    when: unit_results.stdout != ''
  - debug: var=unit_results.stderr
    when: unit_results.stderr != ''