From b429091ec7a28a4bf4550660cae42b7716874262 Mon Sep 17 00:00:00 2001
From: Thomas von Dein <tom@vondein.org>
Date: Tue, 10 Dec 2024 12:38:49 +0100
Subject: [PATCH] add dns role

---
 TODO.md                   | 11 +++++++++++
 deploy.yaml               |  1 +
 group_vars/all/all.yaml   |  6 ++++++
 roles/dns/tasks/main.yaml |  8 ++++++++
 4 files changed, 26 insertions(+)
 create mode 100644 roles/dns/tasks/main.yaml

diff --git a/TODO.md b/TODO.md
index 3dc6949..e2668fd 100644
--- a/TODO.md
+++ b/TODO.md
@@ -23,6 +23,17 @@ https://github.com/bodsch/ansible-collection-dns/blob/main/roles/knot/README.md
 
 or using e3 using wrapper script around `jaildk exec dns knotc ...`
 
+knotc zone-begin molecule.local
+knotc zone-set molecule.local @ 7200 SOA dns hostmaster 1 86400 900 691200 3600
+knotc zone-set molecule.local dns 3600 A 172.17.0.2
+knotc zone-set molecule.local router 3600 A 172.17.0.2
+knotc zone-set molecule.local www 3600 A 172.17.0.5
+knotc zone-set molecule.local ldap 3600 CNAME router
+knotc zone-set molecule.local _https._tcp 3600 SRV "10 20 433 www"
+knotc zone-commit molecule.local
+
+scip@e3: knotc -s /jail/run/dns/tmp/knot/knot.sock status
+
 ### Cleanup release snapshot
 
 - remove pkg function from root .bashrc
diff --git a/deploy.yaml b/deploy.yaml
index ac67b87..3a6402d 100644
--- a/deploy.yaml
+++ b/deploy.yaml
@@ -12,3 +12,4 @@
     - role: ssh
     - role: jails
     - role: pubnix
+    - role: dns
diff --git a/group_vars/all/all.yaml b/group_vars/all/all.yaml
index 4ff9832..cf62df2 100644
--- a/group_vars/all/all.yaml
+++ b/group_vars/all/all.yaml
@@ -76,6 +76,12 @@ storage:
     - mount: /var/cron/tabs
       name: /crontabs
 
+# runas user must be  able to get to server using ssh  w/ key auth and
+# be member of the group knot, the dns jail must be running.
+dns:
+  server: e3
+  zone: bsdnix.de
+  socket: /jail/run/dns/tmp/knot/knot.sock
 
 netif:
   primary: bridge0
diff --git a/roles/dns/tasks/main.yaml b/roles/dns/tasks/main.yaml
new file mode 100644
index 0000000..1cfd23c
--- /dev/null
+++ b/roles/dns/tasks/main.yaml
@@ -0,0 +1,8 @@
+---
+# FIXME: get rid of hard coded hostnames
+- name: add dns entry
+  shell: |
+    ssh {{ dns.server }} knotc -s {{ dns.socket }} zone-begin {{ dns.zone }}
+    ssh {{ dns.server }} knotc -s {{ dns.socket }} zone-set {{ dns.zone }} shell 300 AAAA {{ server_ipv6 }}
+    ssh {{ dns.server }} knotc -s {{ dns.socket }} zone-set {{ dns.zone }} pubnix 300 AAAA {{ jailip }}
+    ssh {{ dns.server }} knotc -s {{ dns.socket }} zone-commit {{ dns.zone }}