- name: "Install named packages: bind9, bind9utils (debuntu)"
  package:
    name:
      - bind9
      - bind9utils
    state: present
  when: is_debuntu | bool

- name: "Install named packages: bind, bind-utils (OS's other than debuntu)"
  package:
    name:
      - bind
      - bind-utils
    state: present
  when: not is_debuntu

# or we have to change the serial number in the config files.
- name: Stop named before copying files (if first_run and debuntu)
  service:
    name: "{{ dns_service }}"
    state: stopped
  when: first_run and is_debuntu

- name: "Set 3 folders' ownership to {{ dns_user }}:root and permission to 0755"
  file:
    path: "{{ item }}"
    owner: "{{ dns_user }}"
    group: root
    mode: '0755'
    state: directory
  with_items:
    - /var/named-iiab
    - /var/named-iiab/data
    - /etc/sysconfig/olpc-scripts/domain_config.d

- name: Install 21 configuration files for named, from templates
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "{{ item.owner }}"
    group: root
    mode: "{{ item.mode }}"
  with_items:
    - { src: 'roles/network/templates/named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root", mode: '0644' }
    - { src: 'roles/network/templates/named/named.j2', dest: '/etc/sysconfig/named', owner: "root", mode: '0644' }
    - { src: 'roles/network/templates/named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root", mode: '0644' }
    - { src: 'roles/network/templates/named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.local', dest: '/var/named-iiab/named.local', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.root', dest: '/var/named-iiab/named.root', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.root.hints', dest: '/var/named-iiab/named.root.hints', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.zero', dest: '/var/named-iiab/named.zero', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
# the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly
    - { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db', owner: "root", mode: '0644' }
    - { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db', owner: "root", mode: '0644' }
    - { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy', owner: "{{ dns_user }}", mode: '0644' }
    - { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole', owner: "{{ dns_user }}", mode: '0644' }

- name: Install named unit file /etc/systemd/system/{{ dns_service }}.service, which uses $OPTIONS from sysconfig
  template:
    src: "roles/network/templates/named/{{ dns_service }}.service"
    dest: "/etc/systemd/system/{{ dns_service }}.service"
    mode: '0644'

- name: "Install /etc/{{ apache_config_dir }}/dns-jail.conf from template: dns-jail redirect requires the named.blackhole, disabling recursion (if dns_jail_enabled)"
#        in named-iiab.conf, and the redirection of 404 error documents to /
  template:
    src: roles/network/templates/named/dns-jail.conf
    dest: "/etc/{{ apache_config_dir }}/"
  when: dns_jail_enabled | bool

- name: "Add 'named_installed: True' to {{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
  lineinfile:
    dest: "{{ iiab_state_file }}"
    regexp: '^named_installed'
    line: 'named_installed: True'

- name: Enable dns-jail.conf via Apache
  command: a2ensite dns-jail.conf
  when: dns_jail_enabled | bool

- name: Disable dns-jail.conf via Apache
  command: a2dissite: dns-jail.conf
  when: not dns_jail_enabled

- name: Start named systemd service
  systemd:
    name: "{{ dns_service }}"
    state: started
  when: not dnsmasq_enabled    # See PR #1303, #1306, PR #1318