# Until chroot-bind.sh is migrated to ansible, we hardcode the chroot paths.
- name: set chroot variables
  set_fact:
     bind_log_file: /var/log/bind.log
     bind_query_file: /var/log/bind_queries.log
     bind_cache_dir: /var/cache/bind
     bind_statistics_file: /var/run/named.stats
     bind_chroot_path: /var/chroot-bind
  when: bind_chroot_set | bool

- name: configure apparmor
  template:
    src: apparmor.usr.sbin.named.j2
    dest: /etc/apparmor.d/usr.sbin.named
    owner: root
    group: root
    mode: '0644'
    force: yes
  notify: restart apparmor

- name: package are installed
  apt:
    name:
      - bind9
      - dnstop
    state: present

- name: Set bind configuration for recursive server
  template:
    src: named.conf.options_recursive.j2
    dest: /etc/bind/named.conf.options
    owner: bind
    group: bind
    mode: "0644"
    force: yes
  notify: restart bind
  when: bind_recursive_server | bool

- name: enable zones.rfc1918 for recursive server
  lineinfile:
    dest: /etc/bind/named.conf.local
    line: 'include "/etc/bind/zones.rfc1918";'
    regexp: "zones.rfc1918"
  notify: restart bind
  when: bind_recursive_server | bool

- name: Set bind configuration for authoritative server
  template:
    src: named.conf.options_authoritative.j2
    dest: /etc/bind/named.conf.options
    owner: bind
    group: bind
    mode: "0644"
    force: yes
  notify: restart bind
  when: bind_authoritative_server | bool

- name: Create systemd service
  template:
    src: bind9.service.j2
    dest: "{{ bind_systemd_service_path }}"
    owner: root
    group: root
    mode: "0644"
    force: yes
  notify:
  - reload systemd
  - restart bind
  when: ansible_distribution_release == "jessie"

- name: "touch {{ bind_log_file }} if non chroot"
  file:
    path: "{{ bind_log_file }}"
    owner: bind
    group: adm
    mode: "0640"
    state: touch
  when: not (bind_chroot_set | bool)

- name: "touch {{ bind_query_file }} if non chroot"
  file:
    path: "{{ bind_query_file }}"
    owner: bind
    group: adm
    mode: "0640"
    state: touch
  when: not (bind_chroot_set | bool)

- name: send chroot-bind.sh in /root
  copy:
    src: chroot-bind.sh
    dest: /root/chroot-bind.sh
    mode: "0700"
    owner: root
    force: yes
    backup: yes
  when: bind_chroot_set | bool

- name: exec chroot-bind.sh
  command: "/root/chroot-bind.sh"
  register: chrootbind_run
  changed_when: False
  when: bind_chroot_set | bool

- debug:
    var: chrootbind_run.stdout_lines
  when:
    - bind_chroot_set | bool
    - chrootbind_run.stdout | length > 0

- name: Modify OPTIONS in /etc/default/bind9 for chroot
  replace:
    dest: /etc/default/bind9
    regexp: '^OPTIONS=.*'
    replace: 'OPTIONS="-u bind -t {{ bind_chroot_path }}"'
  notify: restart bind
  when: bind_chroot_set | bool

- name: logrotate for bind
  template:
    src: logrotate_bind.j2
    dest: /etc/logrotate.d/bind9
    owner: root
    group: root
    mode: "0644"
    force: yes
  notify: restart bind

- include: munin.yml