- name: Create nsd app directory
  file:
    path: /apps/nsd
    state: directory
- name: Create nsd configuration directory
  file:
    path: /apps/nsd/conf
    state: directory
    owner: 991
    group: 991
- name: Copy nsd.conf
  copy:
    src: "{{ role_path }}/files/nsd.conf"
    dest: /apps/nsd/conf/nsd.conf
- name: Create nsd zones directory
  file:
    path: /apps/nsd/zones
    state: directory
    owner: 991
    group: 991
- name: Copy zone files
  copy:
    src: "{{ role_path }}/files/zones/"
    dest: /apps/nsd/zones
- name: Create nsd keys directory
  file:
    path: /apps/nsd/keys
    state: directory
    owner: 991
    group: 991
- name: Copy KSK private keys
  template:
    src: "{{ item }}"
    dest: "/apps/nsd/keys/{{ item | basename }}"
  with_fileglob:
    - "{{ role_path }}/files/keys/*.ksk.private"
- name: Copy KSK keys
  copy:
    src: "{{ item }}"
    dest: "/apps/nsd/keys/{{ item | basename }}"
  with_fileglob:
    - "{{ role_path }}/files/keys/*.ksk.key"
- name: Copy Docker Compose script
  copy:
    src: "{{ role_path }}/files/docker-compose.yml"
    dest: /apps/nsd/docker-compose.yml
- name: Start Docker Compose
  docker_compose:
    project_src: /apps/nsd
    pull: true
    remove_orphans: true
- name: Check if ZSKs exist
  stat:
    path: "/apps/nsd/keys/K{{ item | basename }}.zsk.key"
  register: zsks_exists
  with_fileglob:
    - "{{ role_path }}/files/zones/*"
- name: Create ZSK
  command:
    cmd: "docker-compose exec -w /keys nsd ldns-keygen -a ED25519 {{ item.item | basename }}"
    chdir: /apps/nsd
  register: create_zsk
  when: not item.stat.exists
  with_items: "{{ zsks_exists.results }}"
- name: Rename ZSK key
  command:
    cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.key K{{ item.item.item | basename }}.zsk.key"
    chdir: /apps/nsd
  when: item.changed
  with_items: "{{ create_zsk.results }}"
- name: Rename ZSK private key
  command:
    cmd: "docker-compose exec -w /keys nsd mv {{ item.stdout }}.private K{{ item.item.item | basename }}.zsk.private"
    chdir: /apps/nsd
  when: item.changed
  with_items: "{{ create_zsk.results }}"
- name: Sign zones
  command:
    cmd: 'docker-compose exec -w /zones nsd ldns-signzone {{ item | basename }} /keys/K{{ item | basename }}.zsk /keys/K{{ item | basename }}.ksk'
    chdir: /apps/nsd
  with_fileglob:
    - "{{ role_path }}/files/zones/*"
- name: Restart Docker Compose
  docker_compose:
    project_src: /apps/nsd
    restarted: true
  when: create_zsk is not skipped