#!/usr/bin/env ansible-playbook
---
# Deploy recursive DNS cache server
- hosts: dns_recursive
  roles:
    - bind-recursive

# Deploy authoritative DNS server
- hosts: dns_authoritative
  vars:
    certbot_dns_secret: "{{ vault.certbot_dns_secret }}"
    certbot_adm_dns_secret: "{{ vault.certbot_adm_dns_secret }}"
    bind:
      masters: "{{ query('ldap', 'role', 'dns-primary') }}"
      slaves: "{{ query('ldap', 'role', 'dns-secondary') }}"
      zones: "{{ (lookup('re2oapi', 'dnszones') + query('ldap', 'zones')) | unique }}"
      reverse: "{{ lookup('re2oapi', 'dnsreverse') }}"
  roles:
    - bind-authoritative

- hosts: dns_auth_master
  vars:
    re2o:
      server: re2o.adm.crans.org
      service_user: "{{ vault.re2o_service_user }}"
      service_password: "{{ vault.re2o_service_password }}"
  roles:
    - dns