---

- hosts: dyndnsservers
  user: root

  tasks:
    - include_vars: vars.yaml

    - name: Run the equivalent of "apt-get update"
      apt:
        update_cache: yes

    - name: Install the version '1.14.2' of package "nginx" and allow potential downgrades
      apt:
        name: nginx=1.18.0-6.1
        state: present
        allow_downgrade: yes

    - name: write nginx.conf
      action: template src=templates/nginx.conf dest=/etc/nginx/nginx.conf

    - name: Install bind9 packages
      apt:
        pkg:
          - bind9
          - python3-dnspython
          - dnsutils

    - name: Ensure group bind exists
      ansible.builtin.group:
        name: bind
        state: present

    - name: Create peach-dyndns user and add to bind group
      ansible.builtin.user:
        name: peach-dyndns
        shell: /bin/bash
        system: true
        groups: bind
        append: yes

    - name: Create peach-dyndns-server service
      template:
        src: templates/peach-dyndns-server.service
        dest: /lib/systemd/system/peach-dyndns-server.service

    - name: Copy /etc/bind/named.conf
      template:
        src: "templates/named.conf"
        dest: /etc/bind/named.conf
        owner: root
        group: root
        mode: 0644
      notify:
        - reload bind9

    - name: Copy /etc/sudoers.d/bindctl
      template:
        src: "templates/bindctl"
        dest: /etc/sudoers.d/bindctl
        owner: root
        group: root
        mode: 0655
      notify:
        - reload bind9

    - name: Copy /usr/bin/reloadbind
      ansible.builtin.copy:
        src: templates/reloadbind
        dest: /usr/bin/reloadbind
        owner: root
        group: root
        mode: '0755'

    - name: Copy /usr/bin/peach-dyndns-server
      ansible.builtin.copy:
        src: files/peach-dyndns-server
        dest: /usr/bin/peach-dyndns-server
        owner: peach-dyndns
        group: root
        mode: '0755'

    - name: create dyndns working directory
      file:
        path: /srv/peach-dynddns-server
        state: directory

    - name: Create dynserver nginx site conf
      template:
        src: "templates/dynserver_nginx.conf"
        dest: /etc/nginx/sites-enabled/dynserver.conf
      notify:
        - reload nginx

    - name: Touch keys file
      ansible.builtin.file:
        path: /etc/bind/dyn.peachcloud.org.keys
        state: touch
        mode: "u=rw,g=rw"

    - name: Recursively set permissions for /etc/bind
      ansible.builtin.file:
        path: /etc/bind
        state: directory
        recurse: yes
        owner: root
        group: bind
        mode: 'u+rwX,g+rwX'

    - name: start peach-dyndns-server
      systemd: state=started name=peach-dyndns-server daemon_reload=yes

    - name: start bind9
      systemd: state=started name=bind9 daemon_reload=yes

    - name: start nginx
      systemd: state=started name=nginx daemon_reload=yes


  handlers:

    - name: reload bind9
      service: name=bind9 state=reloaded

    - name: reload peach-dyndns-server
      service: name=peach-dyndns-server state=reloaded

    - name: reload nginx
      service: name=nginx state=reloaded