diff --git a/roles/nameserver/templates/powerdns-server-pri-api-config.j2 b/roles/nameserver/templates/powerdns-server-pri-api-config.j2
new file mode 100644
index 0000000..5a1a67e
--- /dev/null
+++ b/roles/nameserver/templates/powerdns-server-pri-api-config.j2
@@ -0,0 +1,4 @@
+api = Yes
+api-key ={{ pdns_api_key | default(lookup('password', '/etc/powerdns/pdns.d/.api-key' length=20)) }}
+webserver = Yes
+webserver-address = {% if wg_local_ip is defined %}, {{ wg_local_ip | ansible.utils.ipaddr('address') }}{% else %}{{ ansible_default_ipv4.address }}{% endif %}
\ No newline at end of file
diff --git a/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2 b/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2
index 8334331..39e6da2 100644
--- a/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2
+++ b/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2
@@ -1,3 +1,4 @@
+launch += gmysql
 gmysql-socket = {{ pdns_mysql_socket }}
-gmysql-password = {{ pdns_db_passwd }}
+gmysql-password = {{ pdns_db_passwd | default(lookup('password', '/etc/powerdns/pdns.d/.mysqlpw' length=20)) }}
 gmysql-dnssec = Yes