---
- name: Install knot
  become: yes
  apt:
    update_cache: yes
    pkg:
    - knot
    - knot-dnsutils

- name: Start knot
  become: yes
  service:
    name: knot
    state: started
    enabled: yes

- name: Generate tsig
  become: yes
  become_user: knot
  ansible.builtin.shell: keymgr -t {{ key_name }} > /etc/knot/{{ key_name }}.key
  args:
    creates: /etc/knot/{{ key_name }}.key
  when: "inventory_hostname in groups.primary"

- name: Fetch key
  become: yes
  become_user: knot
  ansible.builtin.slurp:
    src: /etc/knot/{{ key_name }}.key
  register: tsig_key
  when: "inventory_hostname in groups.primary"

- name: Deploy conf
  become: yes
  become_user: knot
  template:
    src: knot.conf.j2
    dest: /etc/knot/knot.conf
  notify: reload knot