# profiles::dns::master authoritative service
class profiles::dns::master (
  Stdlib::AbsolutePath $basedir,
  Hash    $acls  = {},
  Hash    $zones = {},
  Hash    $views = {},
  Hash    $keys  = {},
  Hash[
    String,
    String
  ]       $tags  = {},
  String  $owner = 'root',
  String  $group = 'named',
  Boolean $dnssec = false,
  Variant[String, Undef]            $ns_role = undef,
  Enum['all', 'region', 'country']  $use_ns  = 'all',
){

  # if ns_role is set, find all hosts matching that enc_role, otherwise use the current host
  $nameservers_array = $ns_role ? {
    undef   => [$facts['networking']['fqdn']],
    default => $use_ns ? {
      'all'     => sort(query_nodes("enc_role='${ns_role}'", 'networking.fqdn')),
      'region'  => sort(query_nodes("enc_role='${ns_role}' and region=${facts['region']}", 'networking.fqdn')),
      'country' => sort(query_nodes("enc_role='${ns_role}' and country=${facts['country']}", 'networking.fqdn')),
    }
  }

  # create a hash of hostname => ip, which will be used to create glue records
  $glue_records_map = $ns_role ? {
    undef => {
      $facts['networking']['fqdn'] => $facts['networking']['ip']
    },
    default => $nameservers_array.reduce({}) |$acc, $fqdn| {
      $result = query_nodes("networking.fqdn='${fqdn}'", 'networking.ip')
      $ip = $result[0]
      $acc + { "${fqdn}." => $ip }
    }
  }

  # if nameservers is empty, use the current host, otherwise use nameservers_array as nameservers
  $nameservers = empty($nameservers_array) ? {
    true  => [$facts['networking']['fqdn']],
    false => $nameservers_array,
    default => [$facts['networking']['fqdn']],
  }

  class {'profiles::dns::server':
    acls       => $acls,
    zones      => $zones,
    views      => $views,
    keys       => $keys,
    forwarders => [],
    dnssec     => $dnssec,
  }

  # ensure the target basedir exists
  file { $basedir:
    ensure => directory,
    owner  => $owner,
    group  => $group,
  }

  # create zones
  $zones.each | String $name, Hash $data | {

    # only add glue records when the domain isnt reverse dns, or main.unkin.net
    # - since the hosts will already be in main.unkin.net
    if $data['zone_type'] == 'master' {
      $glue_records = $data['domain'] ? {
        /in-addr\.arpa$/ => undef,
        'main.unkin.net' => undef,
        default => $glue_records_map,
      }
      profiles::dns::zone { $name:
        zone         => $data['domain'],
        basedir      => $basedir,
        nameservers  => $nameservers,
        owner        => $owner,
        group        => $group,
        before       => Bind::Zone[$name],
        glue_records => $glue_records,
      }
    }
  }
}