#!/usr/bin/env ansible-playbook
---
# Deploy recursive DNS cache server
- hosts: routeur-sam.adm.crans.org,routeur-daniel.adm.crans.org
  roles:
    - bind-recursive

# Deploy authoritative DNS server
- hosts: silice.adm.crans.org,sputnik.adm.crans.org,boeing.adm.crans.org
  vars:
    certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
    certbot_adm_dns_secret: "{{ vault_certbot_adm_dns_secret }}"
    bind:
      masters: "{{ query('ldap', 'role', 'dns-primary') }}"
      slaves: "{{ query('ldap', 'role', 'dns-secondary') }}"
      zones: "{{ (lookup('re2oapi', 'dnszones') + query('ldap', 'zones')) | unique }}"
      reverse: "{{ lookup('re2oapi', 'dnsreverse') }}"
  roles:
    - bind-authoritative

- hosts: silice.adm.crans.org
  vars:
    re2o:
      server: re2o.adm.crans.org
      service_user: "{{ vault_re2o_service_user }}"
      service_password: "{{ vault_re2o_service_password }}"
  roles:
    - dns