added dns using hetzner dns, renamed pubnix => pub

2024-12-10 17:47:38 +01:00
parent b429091ec7
commit a92cda6b40
23 changed files with 48 additions and 33 deletions
--- a/roles/dns/tasks/main.yaml
+++ b/roles/dns/tasks/main.yaml
@@ -1,8 +1,11 @@
 ---
-# FIXME: get rid of hard coded hostnames
- name: add dns entry
-  shell: |
-    ssh {{ dns.server }} knotc -s {{ dns.socket }} zone-begin {{ dns.zone }}
-    ssh {{ dns.server }} knotc -s {{ dns.socket }} zone-set {{ dns.zone }} shell 300 AAAA {{ server_ipv6 }}
-    ssh {{ dns.server }} knotc -s {{ dns.socket }} zone-set {{ dns.zone }} pubnix 300 AAAA {{ jailip }}
-    ssh {{ dns.server }} knotc -s {{ dns.socket }} zone-commit {{ dns.zone }}
+- name: add dns entry for server
+  community.dns.hetzner_dns_record:
+    state: present
+    zone: "{{ dns.zone }}"
+    record: "{{ name }}.{{ dns.zone }}"
+    type: AAAA
+    ttl: 300
+    value: "{{ server_ipv6 }}"
+    hetzner_token: "{{ hetzner_dns_token }}"
+
--- a/roles/pubnix/bin/group.sh
+++ b/roles/pubnix/bin/group.sh
--- a/roles/pubnix/bin/user.sh
+++ b/roles/pubnix/bin/user.sh
--- a/roles/pubnix/files/keys/tom
+++ b/roles/pubnix/files/keys/tom
--- a/roles/pubnix/files/motd
+++ b/roles/pubnix/files/motd
--- a/roles/pubnix/files/skel/dot.bash_profile
+++ b/roles/pubnix/files/skel/dot.bash_profile
--- a/roles/pubnix/files/skel/dot.cshrc
+++ b/roles/pubnix/files/skel/dot.cshrc
--- a/roles/pubnix/files/skel/dot.emacs
+++ b/roles/pubnix/files/skel/dot.emacs
--- a/roles/pubnix/files/skel/dot.login
+++ b/roles/pubnix/files/skel/dot.login
--- a/roles/pubnix/files/skel/dot.login_conf
+++ b/roles/pubnix/files/skel/dot.login_conf
--- a/roles/pubnix/files/skel/dot.profile
+++ b/roles/pubnix/files/skel/dot.profile
--- a/roles/pubnix/files/skel/dot.shrc
+++ b/roles/pubnix/files/skel/dot.shrc
--- a/roles/pubnix/files/skel/dot.vimrc
+++ b/roles/pubnix/files/skel/dot.vimrc
--- a/roles/pubnix/files/sshd_config
+++ b/roles/pubnix/files/sshd_config
@@ -1,4 +1,4 @@
-# pubnix sshd config
+# pub jail sshd config
 LogLevel INFO
 LoginGraceTime 1m
 PermitRootLogin no
--- a/roles/pubnix/tasks/main.yaml
+++ b/roles/pubnix/tasks/main.yaml
@@ -75,7 +75,7 @@
 # create our own group[s]
 - name: Manage groups
  loop: "{{ jailgroups }}"
-  ansible.builtin.script: "bin/group.sh -g {{ item.name }} -a {{ item.state }} -d /usr/local/bastille/jails/pubnix/root"
+  ansible.builtin.script: "bin/group.sh -g {{ item.name }} -a {{ item.state }} -d /usr/local/bastille/jails/{{ role_name }}/root"

 # The normal  ansible user  module can't be  used here,  because we're
 # talking  about jail  users  here. I  tried to  patch  the module  to
@@ -89,3 +89,14 @@
  loop: "{{ jailusers }}"
  ansible.builtin.script: "bin/user.sh -u {{ item.name }} -g '{{ item.groups | default(defaults.group) }}' -c {{ role_name }}-user -a {{ item.state }} -d {{ defaults.jailbase }}/{{ role_name }}/root"

+- name: add dns entry for jail host
+  community.dns.hetzner_dns_record:
+    state: present
+    zone: "{{ dns.zone }}"
+    record: "{{ role_name }}.{{ dns.zone }}"
+    type: AAAA
+    ttl: 300
+    value: "{{ jailip.stdout }}"
+    hetzner_token: "{{ hetzner_dns_token }}"
+
+
--- a/roles/pubnix/templates/Bastillefile.j2
+++ b/roles/pubnix/templates/Bastillefile.j2
@@ -1,6 +1,6 @@
 CP etc /

-PKG {{ jails.pubnix.pkgs | join(' ') }}
+PKG {{ jails.pub.pkgs | join(' ') }}

 SYSRC sshd_enable=YES
 SYSRC sendmail_enable=NONE
--- a/roles/pubnix/templates/resolv.conf.j2
+++ b/roles/pubnix/templates/resolv.conf.j2