---
- import_playbook: playbook_ssh_known_host.yml
- name: Configure PowerDNS auth server
  hosts:
    - all
  gather_facts: yes
  vars_files:
    - vars/powerdns.yml
  pre_tasks:
    - apt:
        name: '*'
        update_cache: true
        only_upgrade: true
        state: latest
      when: ansible_facts.os_family == "Debian"
      become: true
      become_method: sudo
    - yum:
        name: '*'
        update_cache: true
        security: true
        state: latest
        update_only: true
      when: ansible_facts.os_family == "RedHat"
      become: true
      become_method: sudo
    - set_fact:
        managed_domains: "{{ query('fileglob', '*.zone') | map('regex_replace', '(.*/)(.*).zone$', '\\2') | list | default([], true) }}"
    - set_fact:
        auth_ip_addresses: "{{ (slave_ip_addresses | default([], true)) | union(master_ip_addresses | default([], true)) | default(['127.0.0.0/8'], true) }}"
    - set_fact:
        delegated_managed_domains: "{{ delegated_managed_domains | default({}, true) | combine({item:auth_ip_addresses}) }}"
      loop: "{{ managed_domains | default([], true) }}"
    - set_fact:
        pdns_rec_forward_zones: "{{ (pdns_rec_forward_zones | default([])) + [[item.key, ((item.value | map('regex_replace', '/.*$')) | join(';'))] | join('=')] }}"
      loop: "{{ lookup('dict', (delegated_domains | default({}, true) | combine(delegated_managed_domains | default({}, true))), wantlist=true) }}"
  roles:
    - {role: powerdns.pdns, tags: ["auth"], become: true, become_method: sudo}
    - {role: powerdns.pdns_recursor, tags: ["recursor"], become: true, become_method: sudo}
    - {role: iptables, become: true, become_method: sudo}
...