From 5836875b025e1601dd182963fc372581cc724faa Mon Sep 17 00:00:00 2001
From: Aaron LI <aly@aaronly.me>
Date: Sun, 4 Mar 2018 18:42:40 +0800
Subject: dns: refactor nsd zones generation to support DKIM record

---
 roles/dns/tasks/main.yml     | 25 ++++++-------------------
 roles/dns/tasks/nsd-zone.yml | 31 +++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 19 deletions(-)
 create mode 100644 roles/dns/tasks/nsd-zone.yml

(limited to 'roles/dns')

diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml
index 68663f7..d2d6289 100644
--- a/roles/dns/tasks/main.yml
+++ b/roles/dns/tasks/main.yml
@@ -58,35 +58,22 @@
   command: nsd-control-setup
   when: not stat_result.stat.exists
 
+- name: NSD - create zones directory
+  file:
+    path: /usr/local/etc/nsd/zones
+    state: directory
+
 - name: NSD - get the list of zone files
   set_fact:
     zonefiles: "{{ lookup('fileglob', '../templates/zones/*.j2', wantlist=True) }}"
 
 - debug: var=zonefiles
 
-- name: NSD - create zones directory
-  file:
-    path: /usr/local/etc/nsd/zones
-    state: directory
-
 - name: NSD - generate zone files
-  vars:
-    domain: "{{ item | basename | regex_replace('\\.zone\\.j2', '') }}"
-  template:
-    src: "{{ item }}"
-    dest: "/usr/local/etc/nsd/zones/{{ domain }}.zone"
-    # XXX: `validate` doesn't work with `with_items`???
-    validate: "nsd-checkzone {{ domain }} %s"
+  include_tasks: nsd-zone.yml zonefile={{ item }}
   with_items: "{{ zonefiles }}"
   notify: reload-nsd
 
-# XXX: the above `validate` doesn't work with `with_items`???
-- name: NSD - check zone files
-  vars:
-    domain: "{{ item | basename | regex_replace('\\.zone\\.j2', '') }}"
-  command: "nsd-checkzone {{ domain }} /usr/local/etc/nsd/zones/{{ domain }}.zone"
-  with_items: "{{ zonefiles }}"
-
 # NOTE: requires variable `zonefiles`
 - name: NSD - generate configuration
   template:
diff --git a/roles/dns/tasks/nsd-zone.yml b/roles/dns/tasks/nsd-zone.yml
new file mode 100644
index 0000000..960b230
--- /dev/null
+++ b/roles/dns/tasks/nsd-zone.yml
@@ -0,0 +1,31 @@
+---
+- name: var - set domain
+  set_fact:
+    domain: "{{ zonefile | basename | regex_replace('\\.zone\\.j2', '') }}"
+
+- name: var - set domain_keyfile
+  set_fact:
+    domain_keyfile: /usr/local/etc/mail/dkim/{{ domain }}-{{ mail.dkim.selector }}.pem
+
+- name: dkim - check domain key existence
+  stat:
+    path: "{{ domain_keyfile }}"
+  register: stat_result
+
+- name: dkim - slurp domain key from the remote machine
+  slurp:
+    src: "{{ domain_keyfile }}"
+  # NOTE: get the contents with `{{ slurp_result['content'] | b64decode }}`
+  register: slurp_result
+  when: stat_result.stat.exists
+
+- name: var - set domain_key
+  set_fact:
+    domain_key: "{{ slurp_result['content'] | b64decode }}"
+  when: stat_result.stat.exists
+
+- name: NSD - generate zone files
+  template:
+    src: "{{ zonefile }}"
+    dest: "/usr/local/etc/nsd/zones/{{ domain }}.zone"
+    validate: "nsd-checkzone {{ domain }} %s"
-- 
cgit v1.2.2