- name: install nsd
  gather_facts: no
  hosts: "{{target}}"
  become: "{{become_var}}"
  tasks:

  # todo - ksh only needed on primary
  - package:
      pkg:
      - ksh # our dnssec sign script is ksh
      - nsd
      - dns-root-data
      - ldnsutils

  - name: /etc/nsd/nsd.conf.dist
    shell:
      executable: /bin/bash
      cmd: |
        set -e
        [[ ! -f /etc/nsd/nsd.conf.dist ]] && mv -nv /etc/nsd/nsd.conf /etc/nsd/nsd.conf.dist || true
    register: output
    changed_when: output.stdout != ''

  - debug: var=output.msg
    when: output.msg != ''
  - debug: var=output.stdout
    when: output.stdout != ''

  - name: grep ^nsd
    shell:
      executable: /bin/bash
      cmd: |
        set -e
        echo -n "user: "
        grep ^nsd: /etc/passwd
        echo -n "group: "
        grep ^nsd: /etc/group
    register: output
    check_mode: false
    changed_when: false

  - debug: var=output.msg
    when: output.msg != ''
  - debug: var=output.stdout
    when: output.stdout != ''

  - name: nsd-control-setup
    shell:
      executable: /bin/bash
      cmd: |
        set -e
        cd /etc/nsd/
        nsd-control-setup
        ls -lhF *.key
        ls -lhF *.pem
      creates: /etc/nsd/nsd_*.pem
    register: output

  - debug: var=output.msg
    when: output.msg != ''
  - debug: var=output.stdout
    when: output.stdout != ''

  # todo - get rid of systemd-resolved

  # todo - first start with systemctl not nsd-control