- name: Test if k8s TSIG key exists
  shell: grep -c "k8s_tsig" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true
  register: k8s_tsig_test_grep

- name: Test if ddclinet TSIG key exists
  shell: grep -c "ddclient_tsig" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true
  register: ddclient_tsig_test_grep

- name: Test if ddclinet TSIG key exists
  shell: grep -c "ddclient_tsig_public_key_base64" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true
  register: ddclient_tsig_public_key_test_grep

- name: Test if ddclinet TSIG key exists
  shell: grep -c "ddclient_tsig_private_key_base64" "{{ inventory_dir }}/group_vars/all/passwords.yaml" || true
  register: ddclient_tsig_private_key_test_grep

- name: Generate k8s TSIG key for Knot DNS
  docker_container:
    name: keymgr
    image: "{{ docker_registry }}/tsig"
    cleanup: true
    detach: false
    container_default_behavior: no_defaults
    command: "keymgr -t k8s hmac-sha512"
  register: knot_container_output
  when: k8s_tsig_test_grep.stdout == '0'

- debug:
    msg: "{{ knot_container_output }}"

- name: Set k8s_key
  set_fact:
    k8s_key: "{{ knot_container_output.container.Output | from_yaml }}"
  when: k8s_tsig_test_grep.stdout == '0'

- name: Show k8s TSIG key
  debug:
    msg: "Knot k8s key: {{ k8s_key['key'][0]['secret'] }}"
  when: k8s_tsig_test_grep.stdout == '0'

- name: Write TSIG for Kubernetes
  lineinfile:
    path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
    line: "k8s_tsig: \"{{ k8s_key['key'][0]['secret'] }}\""
  when: k8s_tsig_test_grep.stdout == '0'

- name: Generate TSIG key for ddclient
  docker_container:
    name: ddclient
    image: "{{ docker_registry }}/tsig"
    cleanup: true
    detach: false
    container_default_behavior: no_defaults
    command: "bash tsig-key.sh {{ namespace }}"
  register: ddclient_container_output
  when: ddclient_tsig_public_key_test_grep.stdout == '0' or ddclient_tsig_private_key_test_grep.stdout == '0'

- name: Set ddclient_key
  set_fact:
    ddclient_key: "{{ ddclient_container_output.container.Output | from_yaml }}"
  when: ddclient_tsig_public_key_test_grep.stdout == '0' or ddclient_tsig_private_key_test_grep.stdout == '0'

- name: Show ddclient TSIG public key file
  debug:
    msg: "ddclient key: {{ ddclient_key['tsig'][0]['key'] | b64decode }}"
    verbosity: 2
  when: ddclient_tsig_public_key_test_grep.stdout == '0'

- name: Show ddclient TSIG private key file
  debug:
    msg: "ddclient key: {{ ddclient_key['tsig'][0]['private'] | b64decode }}"
    verbosity: 2
  when: ddclient_tsig_private_key_test_grep.stdout == '0'

- name: Write ddclient TSIG public key file in base64
  lineinfile:
    path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
    line: "ddclient_tsig_public_key_base64: \"{{ ddclient_key['tsig'][0]['key'] }}\""
  when: ddclient_tsig_public_key_test_grep.stdout == '0'

- name: Write ddclient TSIG private key file in base64
  lineinfile:
    path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
    line: "ddclient_tsig_private_key_base64: \"{{ ddclient_key['tsig'][0]['private'] }}\""
  when: ddclient_tsig_private_key_test_grep.stdout == '0'

- name: Set ddclient TSIG key
  set_fact:
    ddclient_tsig_key: "{{ ddclient_key['tsig'][0]['private'] | b64decode | from_yaml }}"
  when: ddclient_tsig_test_grep.stdout == '0'

- name: Show ddclient TSIG key
  debug:
    msg: "{{ ddclient_tsig_key }}"
    verbosity: 2
  when: ddclient_tsig_test_grep.stdout == '0'

- name: Write ddclient TSIG key
  lineinfile:
    path: "{{ inventory_dir }}/group_vars/all/passwords.yaml"
    line: "ddclient_tsig: \"{{ ddclient_tsig_key['Key'] }}\""
  when: ddclient_tsig_test_grep.stdout == '0'