# {{ ansible_managed }}
# See knot.conf(5) or refer to the server documentation.

server:
    rundir: "/run/knot"
    user: knot:knot
    automatic-acl: on
    listen: [ "0.0.0.0@53", "::@53" ]

log:
  - target: syslog
    any: info

database:
    storage: "/var/lib/knot"

key:
  - id: {{ knot__dnssec_key_id }}
    algorithm: hmac-sha512
    secret: "{{ knot__dnssec_key_secret }}"

remote:
  # static, external and public remote used for DNSSEC KSK checking
  - id: quad9
    address: "2620:fe::fe"
  {% if knot__remotes -%}
  # additional remotes used in the config
  {% for i_remote in knot__remotes -%}
  - id: "{{ i_remote.id }}"
    address: [ {% for i_addr in i_remote.address %}"{{ i_addr}}"{% if not loop.last %},{% endif %} {% endfor %} ]
  {% endfor %}
  {% endif %}

# define how the presence of parent KSK keys is checked
# in this case, we just ask quad9 which is an open resolver
submission:
  - id: default
    parent: quad9
    parent-delay: 1h

# define how dnssec signing is done
# in this case we don't do anything special but teach knot how to check for KSK presence
policy:
  - id: default
    ksk-submission: default
    nsec3: true
    nsec3-salt-length: 0

# define default settings that apply to all zones
template:
  # template for general-purpose user zones
  - id: default
    storage: "/etc/knot/zones"
    file: "%s.zone"
    semantic-checks: on
    zonefile-sync: -1
    zonefile-load: difference-no-serial
    serial-policy: dateserial
    journal-content: all
    default-ttl: 7200
    dnssec-signing: on
    dnssec-policy: default

    {# catalog-role: member #}
    {# catalog-zone: hamburg.ccc.de.catalog. #}

  # template for automatically created special zones
  - id: catalog
    catalog-role: generate
    dnssec-signing: on
    dnssec-policy: default


# define zones on this server
# See https://www.knot-dns.cz/docs/3.4/html/reference.html#zone-section
zone:
  # catalog zones
  {% for i_zone in knot__catalog_zones -%}
  - domain: "{{ i_zone.domain }}"
    template: catalog
    notify: [ {% for i_notif in i_zone.notify_targets | default([]) %}"{{ i_notif }}"{% if not loop.last %}, {% endif %}{% endfor %} ]
  {% endfor %}

  # normal zones
  {% for i_zone in knot__zones -%}
  - domain: "{{ i_zone.domain }}"
    template: default
    notify: [ {% for i_notif in i_zone.notify_targets | default([]) %}"{{ i_notif }}"{% if not loop.last %}, {% endif %}{% endfor %} ]
    {% if i_zone.catalog_member | default(False) -%}
    catalog-role: member
    catalog-zone: "{{ i_zone.catalog_member }}"
    {% endif %}
  {% endfor %}

  {# - domain: "onsite.eurofurence.org" #}