infra/roles/pdns/templates/powerdns.conf

launch=gpgsql
gpgsql-host=localhost
gpgsql-port=5432
gpgsql-dbname=pdns
gpgsql-user=pdns
gpgsql-password={{ lookup('ansible.builtin.password', 'secrets/' + inventory_hostname + '/pg-pdns-password.txt', length=15) }}
gpgsql-dnssec=yes
default-soa-content=ns1.janky.zone dns-admin.@ 0 10800 3600 604800 3600
resolver=127.0.0.1
expand-alias=yes

{% if powerdns_admin | default(false) %}
api=yes
api-key={{ lookup('ansible.builtin.password', 'secrets/' + inventory_hostname + '/pdns-api-password.txt', length=15) }}
webserver-address=10.88.0.1
webserver-allow-from=10.88.0.0/24
{% endif %}