--- - name: Assert public DNS data is sane ansible.builtin.assert: that: - public_dns__domain | length > 0 - public_dns__records | selectattr('record', 'equalto', '@') | selectattr('type', 'equalto', 'TXT') | list | length > 0 fail_msg: >- public_dns__domain must be set and an SPF record (@/TXT) declared in public_dns__records (group_vars/all/public_dns.yml). run_once: true - name: Ensure desired records are present (Gandi LiveDNS) community.general.gandi_livedns: domain: "{{ public_dns__domain }}" record: "{{ item['record'] }}" type: "{{ item['type'] }}" values: "{{ item['values'] }}" ttl: "{{ item['ttl'] | default(public_dns__default_ttl) }}" state: present personal_access_token: "{{ vault.gandi.pat }}" loop: "{{ public_dns__records }}" loop_control: label: "{{ item['record'] }} {{ item['type'] }}" run_once: true when: public_dns__apply | bool - name: Ensure unwanted records are absent (Gandi LiveDNS) community.general.gandi_livedns: domain: "{{ public_dns__domain }}" record: "{{ item['record'] }}" type: "{{ item['type'] }}" state: absent personal_access_token: "{{ vault.gandi.pat }}" loop: "{{ public_dns__absent }}" loop_control: label: "{{ item['record'] }} {{ item['type'] }}" run_once: true when: public_dns__apply | bool