---
- name: Ensure DNS zone exists
  hetzner.hcloud.zone:
    name: "{{ item.zone }}"
    mode: primary
    labels: "{{ hcloud_labels }}"
    api_token: "{{ hcloud_token }}"
    state: present
  loop: "{{ dns_zones }}"
  loop_control:
    label: "{{ item.zone }}"
  tags: dns

- name: Manage DNS records
  hetzner.hcloud.zone_rrset:
    zone: "{{ item.0.zone }}"
    name: "{{ item.1.name }}"
    type: "{{ item.1.type }}"
    ttl: "{{ item.1.ttl | default(300) }}"
    records: "{{ item.1.records }}"
    labels: "{{ hcloud_labels }}"
    api_token: "{{ hcloud_token }}"
    state: present
  loop: "{{ dns_zones | subelements('records') }}"
  loop_control:
    label: "{{ item.0.zone }} {{ item.1.name }} {{ item.1.type }}"
  when: item.1.when | default(true) | bool
  tags: dns

- name: Ensure extra mail domain zones exist
  hetzner.hcloud.zone:
    name: "{{ item }}"
    mode: primary
    labels: "{{ hcloud_labels }}"
    api_token: "{{ hcloud_token }}"
    state: present
  loop: "{{ mail_domains | difference([domain]) }}"
  when: enable_mail
  tags: dns

- name: Configure extra mail domain DNS records
  ansible.builtin.include_tasks: extra_mail_domain.yml
  vars:
    extra_domain: "{{ item }}"
  loop: "{{ mail_domains | difference([domain]) }}"
  when: enable_mail
  tags: dns

- name: Manage DKIM records
  hetzner.hcloud.zone_rrset:
    zone: "{{ item.key }}"
    name: mail._domainkey
    type: TXT
    ttl: 300
    records:
      - value: "{{ item.value | hetzner.hcloud.txt_record }}"
    labels: "{{ hcloud_labels }}"
    api_token: "{{ hcloud_token }}"
    state: present
  loop: "{{ dkim_keys | default({}) | dict2items }}"
  loop_control:
    label: "{{ item.key }} mail._domainkey TXT"
  when: enable_mail | default(false) and item.value | length > 0
  tags: dns