{{ ansible_managed | comment }}

#
#  Master configuration for zones in group {{ name }}
#

acl:
  - id: xfr-{{ name }}
    action: transfer
    address:
{% for replica in replicas %}
      - "{{ replica }}"
{% endfor %}

remote:
{% for replica in replicas %}
  - id: remote-{{ name }}-{{ loop.index0 }}
    address: "{{ replica }}"
{% endfor %}

policy:
  - id: dnssec-{{ name }}
    algorithm: {{ knot_dnssec_policy_algorithm }}
    nsec3: {{ knot_dnssec_policy_nsec3 }}
    ksk-size: {{ knot_dnssec_policy_ksk_size }}
    zsk-size: {{ knot_dnssec_policy_zsk_size }}
    ksk-shared: {{ knot_dnssec_policy_ksk_shared }}
    cds-cdnskey-publish: {{ knot_dnssec_policy_cds_publish }}

template:
  - id: {{ name }}
    storage: {{ knot_zone_storage_path }}
    semantic_checks: {{ knot_zone_semantic_checks }}
    dnssec-signing: {{ knot_zone_dnssec_signing }}
    dnssec-policy: dnssec-{{ name }}
    acl: xfr-{{ name }}
    notify:
{% for replica in replicas %}
      - remote-{{ name }}-{{ loop.index0 }}
{% endfor %}
    
zone:
{% for zone in zones %}
  - domain: {{ zone }}.
    template: {{ name }}
{% endfor %}