---

# Defining the remote server where the package will be deployed

- name: "Setup DNS on machine"

  hosts: dns

  become: true

  tasks:

    - name: Install bind9

      ansible.builtin.apt:

        name:

          - bind9

          - bind9-utils

          - bind9-doc

          - bind9-dnsutils

        state: present

    - name: Get IPv4 address of br-fflux if connected to VPN

    # ip addr show dev br-fflux primary scope global | sed -e's/^.*inet \([^ ]*\)\/.*$/\1/;t;d'

      ansible.builtin.shell: ip -4 addr show dev br-fflux primary scope global | sed -e's/^.*inet \([^ ]*\)\/.*$/\1/;t;d'

      register: ipv4_addr

      changed_when: false

      failed_when: ipv4_addr.stdout == ""

      ignore_errors: true

    - name: Get IPv6 address of br-fflux if connected to VPN

    # ip addr show dev br-fflux primary scope global | sed -e's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d'

      ansible.builtin.shell: ip -6 addr show dev br-fflux primary scope global | sed -e's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d'

      register: ipv6_addr

      changed_when: false

      failed_when: ipv6_addr.stdout == ""

      ignore_errors: true

      when: not ipv4_addr.failed

    - name: Copy bind9 files

      ansible.builtin.copy:

        src: "{{ server_config_dir }}/bind/{{ item }}"

        dest: "/etc/bind/{{ item }}"

        owner: root

        group: root

        mode: "0644"

      loop:

        - db.freifunk.lu

        - named.conf

        - named.local.conf

    - name: Copy named.options.conf with template (IP for local resolving)

      ansible.builtin.template:

        src: "{{ server_config_dir }}/bind/named.options.conf.j2"

        dest: "/etc/bind/named.options.conf"

        owner: root

        group: root

        mode: "0644"

    # We keep the content of default-zones, but we don't use the same name. We prefer "named.NAME.conf" instead of "named.conf.NAME"

    - name: Check if default-zones has been moved

      ansible.builtin.stat:

        path: /etc/bind/named.conf.default-zones

      register: default_zones

    - name: Move default-zones

      ansible.builtin.copy:

        remote_src: true

        src: /etc/bind/named.conf.default-zones

        dest: /etc/bind/named.default-zones.conf

        owner: root

        group: root

        mode: "0644"

      when: default_zones.stat.exists

    - name: Delete previous default-zones

      ansible.builtin.file:

        path: /etc/bind/named.conf.default-zones

        state: absent

      when: default_zones.stat.exists

    - name: Delete default bind9 files

      ansible.builtin.file:

        path: /etc/bind/{{ item }}

        state: absent

      loop:

        - named.conf.local

        - named.conf.options

    # Make sure nobody else binds to port 53

    - name: Make sure systemd-resolved does not bind to port 53

      ansible.builtin.lineinfile:

        path: /etc/systemd/resolved.conf

        regexp: '^#DNSStubListener=yes$'

        line: 'DNSStubListener=no'

        state: present

        owner: root

        group: root

        mode: "0644"

      failed_when: false # If the file doens't exist, it's not a problem

    - name: Reload systemd-resolved

      ansible.builtin.service:

        name: systemd-resolved

        state: reloaded

      failed_when: false # If resolved doesn't exist, it's not a problem

    - name: Make sure dnsmasq doesn't bind to port 53

      ansible.builtin.lineinfile:

        path: /etc/dnsmasq.conf

        regexp: '^port=53$'

        line: 'port=0'

        state: present

        owner: root

        group: root

        mode: "0644"

      failed_when: false # If the file doens't exist, it's not a problem

    - name: Reload dnsmasq

      ansible.builtin.service:

        name: dnsmasq

        state: reloaded

      failed_when: false # If dnsmasq doesn't exist, it's not a problem

    - name: Enable and start bind9

      ansible.builtin.service:

        name: bind9

        state: started

        enabled: true

[dns]

fflux-test