infrastructure/roles/dyn_dns/tasks/main.yml

- name: Install powerdns
  pacman: name=powerdns state=present

- name: Install PowerDNS configuration
  template: src={{ item.src }} dest=/etc/powerdns/{{ item.dest }} owner=root group=root mode=0644
  loop:
    - {src: pdns.conf.j2, dest: pdns.conf}
    - {src: dnsupdate-policy.lua.j2, dest: dnsupdate-policy.lua}
  notify: Restart powerdns

- name: Create directory for sqlite3 database
  file: path=/var/lib/powerdns state=directory owner=powerdns group=powerdns mode=0755

- name: Initialize sqlite3 database
  command: sqlite3 -init /usr/share/doc/powerdns/schema.sqlite3.sql /var/lib/powerdns/pdns.sqlite3 ""
  become: true
  become_user: powerdns
  args:
    creates: /var/lib/powerdns/pdns.sqlite3

- name: Create zones
  shell: |
    pdnsutil create-zone {{ item.zone }} {{ inventory_hostname }}
    pdnsutil replace-rrset {{ item.zone }} @ SOA "{{ inventory_hostname }}. root.archlinux.org. 0 10800 3600 604800 3600"    
  loop: "{{ dyn_dns_zones | dict2items(key_name='zone') }}"
  loop_control:
    label: "{{ item.zone }}"
  changed_when: false

- name: Import TSIG keys
  command: pdnsutil import-tsig-key {{ item.key }} {{ item.value.algorithm }} {{ item.value.secret }}
  loop: "{{ dyn_dns_keys | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  changed_when: false

- name: Open powerdns ipv4 port for monitoring.archlinux.org
  ansible.posix.firewalld: zone=wireguard state=enabled permanent=true immediate=yes
    rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['wireguard_address'] }} port protocol=tcp port=8081 accept"
  tags:
    - firewall

- name: Open firewall hole
  ansible.posix.firewalld: service=dns permanent=true state=enabled immediate=yes

- name: Start and enable powerdns
  systemd_service: name=pdns.service enabled=yes daemon_reload=yes state=started