server:
    rundir: "/run/knot"
    user: knot:knot
    listen: [ 0.0.0.0@53, ::@53 ]

log:
  - target: syslog
    any: info

{{ tsig_key_content }}

remote:
{% for host in groups.all %}
  - id: {{ hostvars[host].ansible_hostname }}
    address: [ {{ ( hostvars[host].ansible_all_ipv4_addresses + hostvars[host].ansible_all_ipv6_addresses ) | ansible.netcommon.ipaddr('public') | join(', ') }} ]
    key: {{ key_name }}
{% endfor %}

acl:
{% for host in groups.all %}
  - id: {{ hostvars[host].ansible_hostname }}
    address: [ {{ ( hostvars[host].ansible_all_ipv4_addresses + hostvars[host].ansible_all_ipv6_addresses ) | ansible.netcommon.ipaddr('public') | join(', ') }} ]
    action: {% if host in groups.secondary %} transfer {% elif host in groups.primary %} notify {% endif %}

    key: {{ key_name }}
{% endfor %}

template:
  - id: default
    storage: "/var/lib/knot"
    file: "zones/%s.zone"

{% if inventory_hostname in groups.primary %}
    zonefile-load: difference-no-serial
    journal-content: all
    dnssec-signing: on
    dnssec-policy: default
{% if groups.secondary %}
    notify: [ {{ groups.secondary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
    acl: [ {{ groups.secondary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
{% endif %}
{% endif %}

{% if inventory_hostname in groups.secondary %}
    master: [ {{ groups.primary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
    acl: [ {{ groups.primary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
{% endif %}

zone:
{% for zone in catalog_zones %}
  - domain: dns-witch-catalog
    file: "catalog-zones/%s.zone"
    catalog-role: interpret
    catalog-template: "default"
    dnssec-signing: off
{% endfor %}