---
- hosts: all

  remote_user: root
  become: true

  vars:
    dig_package:
      Debian: dnsutils
      Ubuntu: dnsutils
      Fedora: bind-utils
      CentOS: bind-utils
      openSUSE Leap: bind-utils
      openSUSE Tumbleweed: bind-utils
      Archlinux: bind-tools
    configure_obs_repo:
      Fedora: |
        dnf config-manager --add-repo https://download.opensuse.org/repositories/home:CZ-NIC:{{ item }}/Fedora_{{ ansible_distribution_major_version }}/home:CZ-NIC:{{ item }}.repo
      CentOS: |
        yum install -y wget &&
        wget -i wget https://download.opensuse.org/repositories/home:CZ-NIC:{{ item }}/CentOS_7_EPEL/home:CZ-NIC:{{ item }}.repo -O /etc/yum.repos.d/home:CZ-NIC:{{ item }}.repo
      Debian: |
        echo 'deb http://download.opensuse.org/repositories/home:/CZ-NIC:/{{ item }}/Debian_9.0/ /' > /etc/apt/sources.list.d/{{ item }}.list &&
        wget -nv https://download.opensuse.org/repositories/home:CZ-NIC:{{ item }}/Debian_9.0/Release.key -O Release.key &&
        apt-key add - < Release.key &&
        apt-get update
      Ubuntu: |
        echo 'deb http://download.opensuse.org/repositories/home:/CZ-NIC:/{{ item }}/xUbuntu_{{ ansible_distribution_version }}/ /' > /etc/apt/sources.list.d/{{ item }}.list &&
        wget -nv https://download.opensuse.org/repositories/home:CZ-NIC:{{ item }}/xUbuntu_{{ ansible_distribution_version }}/Release.key -O Release.key &&
        apt-key add - < Release.key &&
        apt-get update
      openSUSE Tumbleweed: |
        zypper addrepo https://download.opensuse.org/repositories/home:CZ-NIC:{{ item }}/openSUSE_Tumbleweed/home:CZ-NIC:{{ item }}.repo &&
        zypper --gpg-auto-import-keys refresh
      openSUSE Leap: |
        zypper addrepo https://download.opensuse.org/repositories/home:CZ-NIC:{{ item }}/openSUSE_Leap_15.0/home:CZ-NIC:{{ item }}.repo &&
        zypper --gpg-auto-import-keys refresh
    show_package_version:
      Archlinux:
        pacman -Qi knot-resolver | grep '^Version'
      Fedora: &pkg_version_rpm |
        rpm -qi knot-resolver | grep '^Version'
      CentOS: *pkg_version_rpm
      openSUSE Leap: *pkg_version_rpm
      openSUSE Tumbleweed: *pkg_version_rpm
      Debian:
        dpkg -s knot-resolver | grep '^Version'
      Ubuntu: |
        dpkg -s knot-resolver | grep '^Version'
  vars_files:
    - repos.yaml

  gather_facts: false
  pre_tasks:
    - name: install python3 (Arch)
      raw: |
        (pacman-key --init && pacman-key --populate archlinux && \
         pacman -Sy python3 --noconfirm) || :
      ignore_errors: true
    - name: gather facts
      setup:

  tasks:
    - name: install epel
      package:
        name: epel-release
        state: present
      when: ansible_distribution == 'CentOS'

    - name: configure OBS repository
      shell: "{{ configure_obs_repo[ansible_distribution] }}"
      args:
        warn: false
      with_items: "{{ repos }}"
      when: ansible_distribution_file_variety != 'Archlinux'

    - block:
        - name: configure OBS repository (Arch)
          blockinfile:
            block: |
              [home_CZ-NIC_{{ item }}_Arch]
              SigLevel = Never
              Server = https://download.opensuse.org/repositories/home:/CZ-NIC:/{{ item }}/Arch/$arch
            insertbefore: '^\[core\]'
            path: /etc/pacman.conf
            state: present
          with_items: "{{ repos }}"
        - name: set up package mirrors
          copy:
            content: |
              ## Arch Linux repository mirrorlist
              ## Generated on 2018-12-10
              ## Czechia
              Server = http://mirrors.nic.cz/archlinux/$repo/os/$arch
              Server = http://ftp.fi.muni.cz/pub/linux/arch/$repo/os/$arch
              Server = http://ftp.sh.cvut.cz/arch/$repo/os/$arch
              Server = http://gluttony.sin.cvut.cz/arch/$repo/os/$arch
            dest: /etc/pacman.d/mirrorlist
        - name: sync repos (Arch)
          shell: pacman -Syu --noconfirm
          args:
            warn: false
      when: ansible_distribution_file_variety == 'Archlinux'

    - name: install knot-resolver
      package:
        name: knot-resolver
        state: latest

    - name: get installed package version
      shell: "{{ show_package_version[ansible_distribution] }}"
      args:
        warn: false
      register: package_version

    - name: install dig
      package:
        name: "{{ dig_package[ansible_distribution] }}"
        state: present

    - name: testing block
      block:
        - name: start kresd@1.service
          service:
            name: kresd@1.service
            state: restarted

        - name: resolve nic.cz
          shell: dig @127.0.0.1 nic.cz
          register: res
          failed_when: '"status: NOERROR" not in res.stdout'

        - name: test dnssec is turned on
          block:
            - name: test dnssec-failed.org +cd returns NOERROR
              shell: dig +cd @127.0.0.1 dnssec-failed.org
              register: res
              failed_when: '"status: NOERROR" not in res.stdout'

            - name: test dnssec-failed.org returns SERVFAIL
              shell: dig @127.0.0.1 dnssec-failed.org
              register: res
              failed_when: '"status: SERVFAIL" not in res.stdout'

      always:
        - name: show installed version
          debug:
            var: package_version.stdout