---

- block:

  - name: Ensure the override directory exists (systemd)
    file:
      name: "/etc/systemd/system/{{ pdns_service_name }}.service.d"
      state: directory
      owner: root
      group: root

  - name: Override the PowerDNS Authoritative Server unit (systemd)
    template:
      src: "override-service.systemd.conf.j2"
      dest: "/etc/systemd/system/{{ pdns_service_name }}.service.d/override.conf"
      owner: root
      group: root
    notify: reload systemd and restart PowerDNS

  when: pdns_service_overrides != {}
    and ansible_service_mgr == "systemd"

- name: Ensure that the PowerDNS Authoritative Server configuration directory exists
  file:
    name: "{{ pdns_config_dir }}"
    state: directory
    owner: "root"
    group: "root"
    mode: 0750

- name: Generate the PowerDNS Authoritative Server configuration
  template:
    src: pdns.conf.j2
    dest: "{{ pdns_config_dir }}/{{ pdns_config_file }}"
    owner: "root"
    group: "root"
    mode: 0640
  notify: restart PowerDNS

- name: Ensure that the PowerDNS Authoritative Server 'include-dir' directory exists
  file:
    name: "{{ pdns_config['include-dir'] }}"
    state: directory
    owner: "root"
    group: "root"
    mode: 0750
  when: "pdns_config['include-dir'] is defined"
    
- name: Enable Syslog logging for PowerDns
  lineinfile:
    path: /usr/lib/systemd/system/pdns.service
    regexp: 'disable-syslog'
    line: "ExecStart=/usr/sbin/pdns_server --guardian=no --daemon=no --log-timestamp=no --write-pid=no"
  become: true
  become_method: sudo
  notify: reload systemd and restart PowerDNS
  
- name: Configure syslog log rotation
  template:
    src: syslogrotate.conf.j2
    dest: "/etc/logrotate.d/syslog"
  become: true
  become_method: sudo

- block:
  - name: Ensure that the bind backend dir exists
    file:
      name: "{{ pdns_bind_backend_dir }}"
      state: directory
      owner: "{{ pdns_user }}"
      group: "{{ pdns_group }}"
      mode: 0750
  - name: Ensure that the bind backend config file exists
    template:
      src: bind.conf.j2
      dest: "{{ pdns_bind_backend_config }}"
      owner: "{{ pdns_user }}"
      group: "{{ pdns_group }}"
      mode: 0640
    notify: restart PowerDNS
  - name:
    copy:
      src: "{{ domain | replace('/','-') }}.zone"
      dest: "{{ pdns_bind_backend_dir }}/{{ domain | replace('/','-') }}.zone"
      owner: "{{ pdns_user }}"
      group: "{{ pdns_group }}"
      mode: 0444
    loop: "{{ managed_domains | default([], true) }}"
    loop_control:
      loop_var: domain
    notify: restart PowerDNS
    when:
      - managed_domains is defined
  - name: Ensure that the dnssec bind db exists
    shell:
      cmd: "pdnsutil create-bind-db {{ pdns_backends['bind']['dnssec-db'] }}"
      creates: "{{ pdns_backends['bind']['dnssec-db'] }}"
    when:
      - (pdns_backends['bind']['dnssec-db'] | default("", true)) != ""
  - name: Set ownership of dnssec db
    file:
      name: "{{ pdns_backends['bind']['dnssec-db'] }}"
      owner: "{{ pdns_user }}"
      group: "{{ pdns_group }}"
      mode: 0640
    when:
      - (pdns_backends['bind']['dnssec-db'] | default("", true)) != ""
  when:
    - "pdns_backends['bind'] is defined"