- name: setup nsd
  gather_facts: no
  hosts: "{{target}}"
  become: "{{become_var}}"
  tasks:

  # todo - handle chroot path

  - template:
      src: nsd.conf
      dest: /etc/nsd/nsd.conf
      owner: nsd
      group: nsd
      mode: "0600"
    notify: reconfig nsd

  - file:
      path: /etc/nsd/zones/
      owner: nsd
      group: nsd
      mode: "0700"
      state: directory
    when: ns_type == 'primary'
    notify: sign and reload zones

  - copy:
      src: sign.ksh
      dest: /etc/nsd/sign.ksh
      mode: "0700"
    when: ns_type == 'primary'
    notify: sign and reload zones

  handlers:

  - name: reconfig nsd
    shell:
      executable: /bin/bash
      cmd: |
        set -e

        echo -n checking /etc/nsd/nsd.conf ...
        nsd-checkconf /etc/nsd/nsd.conf && echo done

        echo -n reconfig nsd ...
        nsd-control reconfig && echo done

  - name: sign and reload zones
    shell:
      executable: /bin/bash
      cmd: |
        set -e

        cd /etc/nsd/

        for domain in {{ domains | join(' ') }}; do
          ./sign.ksh $domain
        done; unset domain