---
# tasks file for security

- name: Create records directory
  ansible.builtin.file:
    path: /srv/dnsmasq
    state: directory
    owner: dnsmasq
    group: root
    mode: u=rwX,g=rX,o=rX
  become: true

- name: Remove old configuration
  ansible.builtin.file:
    path: /etc/dnsmasq.d/cache.conf
    state: absent
  become: true

- name: Deploy configuration
  ansible.builtin.template:
    src: dnsmasq.conf.j2
    dest: /etc/dnsmasq.d/dns.conf
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  become: true
  notify: Reload dnsmasq.service

- name: Deploy specific records
  ansible.builtin.template:
    src: "{{ role_path }}/templates/records_specific.conf.j2"
    dest: /srv/dnsmasq/specific.conf
    owner: dnsmasq
    group: root
    mode: u=rw,g=r,o=r
  when: dnsmasq_specifics | length > 0
  become: true
  notify: Reload dnsmasq.service