# Until chroot-bind.sh is migrated to ansible, we hardcode the chroot paths.
- name: set chroot variables
  ansible.builtin.set_fact:
    bind_log_file: /var/log/bind.log
    bind_query_file: /var/log/bind_queries.log
    bind_cache_dir: /var/cache/bind
    bind_statistics_file: /var/run/named.stats
    bind_chroot_path: /var/chroot-bind
  when: bind_chroot_set | bool

- name: Check AppArmor
  ansible.builtin.shell:
    cmd: systemctl is-active apparmor || systemctl is-enabled apparmor
  failed_when: False
  changed_when: False
  check_mode: no
  register: check_apparmor

- name: configure apparmor
  ansible.builtin.template:
    src: apparmor.usr.sbin.named.j2
    dest: /etc/apparmor.d/usr.sbin.named
    owner: root
    group: root
    mode: "0644"
    force: yes
  notify: restart apparmor
  when: check_apparmor.rc == 0

- name: package are installed
  ansible.builtin.apt:
    name:
      - bind9
      - dnstop
    state: present

- ansible.builtin.include: authoritative.yml
  when: bind_authoritative_server | bool

- ansible.builtin.include: recursive.yml
  when: bind_recursive_server | bool

- name: Create systemd service for Debian 8 (Jessie)
  ansible.builtin.template:
    src: bind9.service.jessie.j2
    dest: "{{ bind_systemd_service_path }}"
    owner: root
    group: root
    mode: "0644"
    force: yes
  notify:
    - reload systemd
    - restart bind
  when: ansible_distribution_release == "jessie"

- name: "touch {{ bind_log_file }} if non chroot"
  ansible.builtin.file:
    path: "{{ bind_log_file }}"
    owner: bind
    group: adm
    mode: "0640"
    state: touch
  when: not (bind_chroot_set | bool)

- name: "touch {{ bind_query_file }} if non chroot"
  ansible.builtin.file:
    path: "{{ bind_query_file }}"
    owner: bind
    group: adm
    mode: "0640"
    state: touch
  when: not (bind_chroot_set | bool)

- name: send chroot-bind.sh in /root
  ansible.builtin.copy:
    src: chroot-bind.sh
    dest: /root/chroot-bind.sh
    mode: "0700"
    owner: root
    force: yes
    backup: yes
  when: bind_chroot_set | bool

- name: exec chroot-bind.sh
  ansible.builtin.command:
    cmd: "/root/chroot-bind.sh"
  register: chrootbind_run
  changed_when: False
  when: bind_chroot_set | bool

- ansible.builtin.debug:
    var: chrootbind_run.stdout_lines
  when:
    - bind_chroot_set | bool
    - chrootbind_run.stdout | length > 0

- name: Modify OPTIONS in /etc/default/bind9 for chroot
  ansible.builtin.replace:
    dest: /etc/default/bind9
    regexp: '^OPTIONS=.*'
    replace: 'OPTIONS="-u bind -t {{ bind_chroot_path }}"'
  notify: restart bind
  when: bind_chroot_set | bool

- name: logrotate for bind
  ansible.builtin.template:
    src: logrotate_bind.j2
    dest: /etc/logrotate.d/bind9
    owner: root
    group: root
    mode: "0644"
    force: yes
  notify: restart bind

- ansible.builtin.include: munin.yml