- name: Generate K8s TSIG for Knot DNS
  when: passwords['k8s_tsig'] is not defined
  block:
    - name: Generate k8s TSIG key for Knot DNS
      docker_container:
        name: keymgr
        image: "{{ docker_registry }}/tsig"
        cleanup: true
        detach: false
        container_default_behavior: no_defaults
        command: "keymgr -t k8s-{{ k8s_cluster_name }}-{{ namespace }} hmac-sha512"
      register: knot_container_output
    
    - name: Set k8s_key
      set_fact:
        k8s_key: "{{ knot_container_output.container.Output | from_yaml }}"
    
    - name: Show k8s TSIG key
      debug:
        msg: "Knot k8s key for k8s-{{ k8s_cluster_name }}-{{ namespace }}: {{ k8s_key['key'][0]['secret'] }}"
    
    - name: Write TSIG for Kubernetes
      lineinfile:
        path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
        line: "k8s_tsig: \"{{ k8s_key['key'][0]['secret'] }}\""

- name: Generate ddclient private and public TSIG keys for Knot DNS
  when: 
    - passwords['ddclient_tsig_public_key_base64'] is not defined or passwords['ddclient_tsig_private_key_base64'] is not defined
  block:
    - name: Generate TSIG key for ddclient
      docker_container:
        name: ddclient
        image: "{{ docker_registry }}/tsig"
        cleanup: true
        detach: false
        container_default_behavior: no_defaults
        command: "bash tsig-key.sh ddclient-{{ k8s_cluster_name }}-{{ namespace }}"
      register: ddclient_container_output
    
    - name: Set ddclient_key
      set_fact:
        ddclient_key: "{{ ddclient_container_output.container.Output | from_yaml }}"
    
    - name: Show ddclient TSIG public key file
      debug:
        msg: "ddclient key for ddclient-{{ k8s_cluster_name }}-{{ namespace }}: {{ ddclient_key['tsig'][0]['key'] | b64decode }}"
        verbosity: 2
    
    - name: Show ddclient TSIG private key file
      debug:
        msg: "ddclient key for ddclient-{{ k8s_cluster_name }}-{{ namespace }}: {{ ddclient_key['tsig'][0]['private'] | b64decode }}"
        verbosity: 2
    
    - name: Write ddclient TSIG public key file in base64
      lineinfile:
        path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
        line: "ddclient_tsig_public_key_base64: \"{{ ddclient_key['tsig'][0]['key'] }}\""
    
    - name: Show ddclient TSIG key
      debug:
        msg: "{{ ddclient_tsig_key }}"
        verbosity: 2
    
    - name: Write ddclient TSIG key
      lineinfile:
        path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
        line: "ddclient_tsig: \"{{ ddclient_tsig_key['Key'] }}\""

    - name: Write ddclient TSIG private key file in base64
      lineinfile:
        path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
        line: "ddclient_tsig_private_key_base64: \"{{ ddclient_key['tsig'][0]['private'] }}\""

    - name: Set ddclient TSIG key
      set_fact:
        ddclient_tsig_key: "{{ ddclient_key['tsig'][0]['private'] | b64decode | from_yaml }}"