ansible-role-bind/tasks/zones.yml

---
- name: Set fact bind_zone_play if it empty
  ansible.builtin.set_fact:
    bind_zones_play: "{{ bind_zones_play | default([]) + [item] }}"
  loop: "{{ bind_zones | dict2items }}"
  loop_control:
    label: "{{ item.key }}"
  when: >
    (item.value.state is not defined or item.value.state != "absent")
    and (bind_zones_subset is not defined or item.key in bind_zones_subset)

- name: Create zone folder
  ansible.builtin.file:
    path: "/etc/bind/zones/{{ item.key }}"
    owner: bind
    group: bind
    mode: 0755
    state: directory
  loop_control:
    label: "{{ item.key }}"
  loop: "{{ bind_zones_play }}"

- name: Copy zone files
  ansible.builtin.template:
    src: db.j2
    dest: "/etc/bind/zones/{{ item.key }}/db"
    owner: root
    group: root
    mode: 0644
  loop: "{{ bind_zones_play }}"
  loop_control:
    label: "{{ item.key }}"
  register: zone
  notify: Reload bind

- name: Dnssec sign  # noqa risky-shell-pipe no-changed-when
  ansible.builtin.shell: >
    dnssec-signzone -3 $(head -n 1000 /dev/urandom | sha1sum | cut -b 1-16) -A -N INCREMENT
    -o {{ item.item.key }} -t /etc/bind/zones/{{ item.item.key }}/db
  args:
    chdir: /etc/bind/keys
  loop: "{{ zone.results }}"
  loop_control:
    label: "{{ item.item.key }}"
  when: item.item.key in bind_dnssec and item.changed
  notify: Reload bind

- name: Get zones files
  ansible.builtin.find:
    path: /etc/bind/zones
    file_type: directory
    recurse: no
  register: zone_folders

- name: Delete old zone file
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: absent
  loop: "{{ zone_folders.files }}"
  loop_control:
    label: "{{ item.path | basename }}"
  when: >
    item.path|basename not in bind_zones or
    ("state" in bind_zones[item.path | basename] and bind_zones[item.path | basename].state == "absent")