---
# Defining the remote server where the package will be deployed
- name: "Setup DNS on machine"
  hosts: dns
  become: true
  tasks:
    - name: Install bind9
      ansible.builtin.apt:
        name:
          - bind9
          - bind9-utils
          - bind9-doc
          - bind9-dnsutils
        state: present

    - name: Get IPv4 address of br-fflux if connected to VPN
    # ip addr show dev br-fflux primary scope global | sed -e's/^.*inet \([^ ]*\)\/.*$/\1/;t;d'
      ansible.builtin.shell: ip -4 addr show dev br-fflux primary scope global | sed -e's/^.*inet \([^ ]*\)\/.*$/\1/;t;d'
      register: ipv4_addr
      changed_when: false
      failed_when: ipv4_addr.stdout == ""
      ignore_errors: true
    - name: Get IPv6 address of br-fflux if connected to VPN
    # ip addr show dev br-fflux primary scope global | sed -e's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d'
      ansible.builtin.shell: ip -6 addr show dev br-fflux primary scope global | sed -e's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d'
      register: ipv6_addr
      changed_when: false
      failed_when: ipv6_addr.stdout == ""
      ignore_errors: true
      when: not ipv4_addr.failed

    - name: Copy bind9 files
      ansible.builtin.copy:
        src: "{{ server_config_dir }}/bind/{{ item }}"
        dest: "/etc/bind/{{ item }}"
        owner: root
        group: root
        mode: "0644"
      loop:
        - db.freifunk.lu
        - named.conf
        - named.local.conf
    - name: Copy named.options.conf with template (IP for local resolving)
      ansible.builtin.template:
        src: "{{ server_config_dir }}/bind/named.options.conf.j2"
        dest: "/etc/bind/named.options.conf"
        owner: root
        group: root
        mode: "0644"

    # We keep the content of default-zones, but we don't use the same name. We prefer "named.NAME.conf" instead of "named.conf.NAME"
    - name: Check if default-zones has been moved
      ansible.builtin.stat:
        path: /etc/bind/named.conf.default-zones
      register: default_zones
    - name: Move default-zones
      ansible.builtin.copy:
        remote_src: true
        src: /etc/bind/named.conf.default-zones
        dest: /etc/bind/named.default-zones.conf
        owner: root
        group: root
        mode: "0644"
      when: default_zones.stat.exists
    - name: Delete previous default-zones
      ansible.builtin.file:
        path: /etc/bind/named.conf.default-zones
        state: absent
      when: default_zones.stat.exists

    - name: Delete default bind9 files
      ansible.builtin.file:
        path: /etc/bind/{{ item }}
        state: absent
      loop:
        - named.conf.local
        - named.conf.options

    # Make sure nobody else binds to port 53
    - name: Make sure systemd-resolved does not bind to port 53
      ansible.builtin.lineinfile:
        path: /etc/systemd/resolved.conf
        regexp: '^#DNSStubListener=yes$'
        line: 'DNSStubListener=no'
        state: present
        owner: root
        group: root
        mode: "0644"
      failed_when: false # If the file doens't exist, it's not a problem
    - name: Reload systemd-resolved
      ansible.builtin.service:
        name: systemd-resolved
        state: reloaded
      failed_when: false # If resolved doesn't exist, it's not a problem
    - name: Make sure dnsmasq doesn't bind to port 53
      ansible.builtin.lineinfile:
        path: /etc/dnsmasq.conf
        regexp: '^port=53$'
        line: 'port=0'
        state: present
        owner: root
        group: root
        mode: "0644"
      failed_when: false # If the file doens't exist, it's not a problem
    - name: Reload dnsmasq
      ansible.builtin.service:
        name: dnsmasq
        state: reloaded
      failed_when: false # If dnsmasq doesn't exist, it's not a problem

    - name: Enable and start bind9
      ansible.builtin.service:
        name: bind9
        state: started
        enabled: true