From f0c2e0f097b4a63387850b33fa0d5ab0a47d427d Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sun, 26 Apr 2020 22:13:59 +0200
Subject: [PATCH] [bind] Evaluate facts in tasks

---
 roles/bind-authoritative/tasks/dnssec.yml          |  4 ++++
 roles/bind-authoritative/tasks/main.yml            | 14 ++++++++++++++
 .../templates/bind/named.conf.local.j2             |  6 ------
 .../templates/update-motd.d/05-service.j2          |  6 +++++-
 4 files changed, 23 insertions(+), 7 deletions(-)
 create mode 100644 roles/bind-authoritative/tasks/dnssec.yml

diff --git a/roles/bind-authoritative/tasks/dnssec.yml b/roles/bind-authoritative/tasks/dnssec.yml
new file mode 100644
index 00000000..f01f4353
--- /dev/null
+++ b/roles/bind-authoritative/tasks/dnssec.yml
@@ -0,0 +1,4 @@
+---
+- name: TODO
+  debug:
+    msg: "Hey some work is being done here!"
diff --git a/roles/bind-authoritative/tasks/main.yml b/roles/bind-authoritative/tasks/main.yml
index b7554dff..97e31127 100644
--- a/roles/bind-authoritative/tasks/main.yml
+++ b/roles/bind-authoritative/tasks/main.yml
@@ -7,6 +7,17 @@
   retries: 3
   until: apt_result is succeeded
 
+- name: Lookup DNS servers
+  set_fact:
+    masters_ipv4: "{{ bind.masters | json_query('servers[].interface[?vlan_id==`2`].ipv4[]') }}"
+    masters_ipv6: "{{ bind.masters | json_query('servers[].interface[?vlan_id==`2`].ipv6[][].ipv6') }}"
+    slaves_ipv4: "{{ bind.slaves | json_query('servers[].interface[?vlan_id==`2`].ipv4[]') }}"
+    slaves_ipv6: "{{ bind.slaves | json_query('servers[].interface[?vlan_id==`2`].ipv6[][].ipv6') }}"
+
+- name: Is this the master?
+  set_fact:
+    is_master: "{{ ansible_all_ipv4_addresses | intersect(masters_ipv4) | bool }}"
+
 - name: Deploy Bind9 configuration
   template:
     src: bind/{{ item }}.j2
@@ -20,6 +31,9 @@
     - named.conf.options
   notify: Reload Bind9
 
+- include: dnssec.yml
+  when: is_master
+
 - name: Indicate role in motd
   template:
     src: update-motd.d/05-service.j2
diff --git a/roles/bind-authoritative/templates/bind/named.conf.local.j2 b/roles/bind-authoritative/templates/bind/named.conf.local.j2
index fb2b7c7c..71d37e45 100644
--- a/roles/bind-authoritative/templates/bind/named.conf.local.j2
+++ b/roles/bind-authoritative/templates/bind/named.conf.local.j2
@@ -4,12 +4,6 @@
 // organization
 //include "/etc/bind/zones.rfc1918";
 
-{%- set masters_ipv4 = bind.masters | json_query("servers[].interface[?vlan_id==`2`].ipv4[]") %}
-{%- set masters_ipv6 = bind.masters | json_query("servers[].interface[?vlan_id==`2`].ipv6[][].ipv6") %}
-{%- set slaves_ipv4 = bind.slaves | json_query("servers[].interface[?vlan_id==`2`].ipv4[]") %}
-{%- set slaves_ipv6 = bind.slaves | json_query("servers[].interface[?vlan_id==`2`].ipv6[][].ipv6") %}
-{%- set is_master = ansible_all_ipv4_addresses | intersect(masters_ipv4) %}
-
 {% if is_master -%}
 // Let's Encrypt Challenge DNS-01 key
 key "certbot_challenge." {
diff --git a/roles/bind-authoritative/templates/update-motd.d/05-service.j2 b/roles/bind-authoritative/templates/update-motd.d/05-service.j2
index 14a3c3d2..39aab850 100755
--- a/roles/bind-authoritative/templates/update-motd.d/05-service.j2
+++ b/roles/bind-authoritative/templates/update-motd.d/05-service.j2
@@ -1,3 +1,7 @@
 #!/usr/bin/tail +14
 {{ ansible_header | comment }}
-[0m> [38;5;82mBind9 (autoritaire)[0m a été déployé sur cette machine. Voir [38;5;6m/etc/bind/[0m.
+{% if is_master %}
+[0m> [38;5;82mBind9 (autoritaire, maître)[0m a été déployé sur cette machine. Voir [38;5;6m/etc/bind/[0m.
+{% else %}
+[0m> [38;5;82mBind9 (autoritaire, esclave)[0m a été déployé sur cette machine. Voir [38;5;6m/etc/bind/[0m.
+{% endif %}