#!/usr/bin/env ansible-playbook
---
# Deploy recursive DNS cache server
- hosts: odlyd.adm.crans.org
  roles: ["bind-recursive"]

# Deploy authoritative DNS server
- hosts: silice.adm.crans.org,sputnik.adm.crans.org,boeing.adm.crans.org
  vars:
    certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
    certbot_adm_dns_secret: "{{ vault_certbot_adm_dns_secret }}"
    bind:
      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
      slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}"
      zones: "{{ lookup('re2oapi', 'dnszones') }}"
      reverse: "{{ lookup('re2oapi', 'dnsreverse') }}"
  roles: ["bind-authoritative"]

- hosts: silice.adm.crans.org
  vars:
    re2o:
      server: re2o.adm.crans.org
      service_user: "{{ vault_re2o_service_user }}"
      service_password: "{{ vault_re2o_service_password }}"
  roles:
    - dns