From 7b5d51bf81bd1a184bf8a65e6c69ccede77ff43c Mon Sep 17 00:00:00 2001
From: Rene Mewissen <rene@tantooine.myfirewall.org>
Date: Thu, 25 Jul 2024 11:08:37 +0200
Subject: [PATCH] generate or get password if not set in vars

---
 roles/nameserver/templates/powerdns-server-pri-api-config.j2  | 4 ++++
 .../nameserver/templates/powerdns-server-pri-mysql-config.j2  | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 roles/nameserver/templates/powerdns-server-pri-api-config.j2

diff --git a/roles/nameserver/templates/powerdns-server-pri-api-config.j2 b/roles/nameserver/templates/powerdns-server-pri-api-config.j2
new file mode 100644
index 0000000..5a1a67e
--- /dev/null
+++ b/roles/nameserver/templates/powerdns-server-pri-api-config.j2
@@ -0,0 +1,4 @@
+api = Yes
+api-key ={{ pdns_api_key | default(lookup('password', '/etc/powerdns/pdns.d/.api-key' length=20)) }}
+webserver = Yes
+webserver-address = {% if wg_local_ip is defined %}, {{ wg_local_ip | ansible.utils.ipaddr('address') }}{% else %}{{ ansible_default_ipv4.address }}{% endif %}
\ No newline at end of file
diff --git a/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2 b/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2
index 8334331..39e6da2 100644
--- a/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2
+++ b/roles/nameserver/templates/powerdns-server-pri-mysql-config.j2
@@ -1,3 +1,4 @@
+launch += gmysql
 gmysql-socket = {{ pdns_mysql_socket }}
-gmysql-password = {{ pdns_db_passwd }}
+gmysql-password = {{ pdns_db_passwd | default(lookup('password', '/etc/powerdns/pdns.d/.mysqlpw' length=20)) }}
 gmysql-dnssec = Yes