# {{ansible_managed}}

server:
        do-ip4: yes
        do-ip6: no
        username: nsd
        server-count: 1
        pidfile: /var/run/nsd.pid
        hide-version: yes
        version: "none of your business"
        #round-robin: yes
        verbosity: 3

remote-control:
        control-enable: yes
        control-interface: 127.0.0.1
        control-port: 8952
        server-key-file:   "/etc/nsd/nsd_server.key"
        server-cert-file:  "/etc/nsd/nsd_server.pem"
        control-key-file:  "/etc/nsd/nsd_control.key"
        control-cert-file: "/etc/nsd/nsd_control.pem"

key:
        name: "sync-secret"
        algorithm: hmac-sha256
        secret: "{{xfr_secret}}"

{% if ns_type == 'primary' %}
pattern:
        name: "sync-nspeer"
        notify: {{secondary_ip}} sync-secret
        provide-xfr: {{secondary_ip}} sync-secret
{% elif ns_type == 'secondary' %}
pattern:
        name: "sync-nspeer"
        allow-notify: {{primary_ip}} sync-secret
        request-xfr: AXFR {{primary_ip}} sync-secret
{% else %}
	{{ 0 / 0 }}
{% endif %}

{% for domain in domains %}
zone:
        name: "{{domain}}"
{% if ns_type == 'primary' %}
        zonefile: "zones/%s.db.signed"
{% endif %}
        include-pattern: "sync-nspeer"
{% endfor %}