add dns role

TODO.md

@@ -23,6 +23,17 @@ https://github.com/bodsch/ansible-collection-dns/blob/main/roles/knot/README.md
 
 or using e3 using wrapper script around `jaildk exec dns knotc ...`
 
+knotc zone-begin molecule.local
+knotc zone-set molecule.local @ 7200 SOA dns hostmaster 1 86400 900 691200 3600
+knotc zone-set molecule.local dns 3600 A 172.17.0.2
+knotc zone-set molecule.local router 3600 A 172.17.0.2
+knotc zone-set molecule.local www 3600 A 172.17.0.5
+knotc zone-set molecule.local ldap 3600 CNAME router
+knotc zone-set molecule.local _https._tcp 3600 SRV "10 20 433 www"
+knotc zone-commit molecule.local
+
+scip@e3: knotc -s /jail/run/dns/tmp/knot/knot.sock status
+
 ### Cleanup release snapshot
 
 - remove pkg function from root .bashrc

deploy.yaml

@@ -12,3 +12,4 @@
     - role: ssh
     - role: jails
     - role: pubnix
+    - role: dns

group_vars/all/all.yaml

@@ -76,6 +76,12 @@ storage:
     - mount: /var/cron/tabs
       name: /crontabs
 
+# runas user must be  able to get to server using ssh  w/ key auth and
+# be member of the group knot, the dns jail must be running.
+dns:
+  server: e3
+  zone: bsdnix.de
+  socket: /jail/run/dns/tmp/knot/knot.sock
 
 netif:
   primary: bridge0

roles/dns/tasks/main.yaml

@@ -0,0 +1,8 @@
+---
+# FIXME: get rid of hard coded hostnames
+- name: add dns entry
+  shell: |
+    ssh {{ dns.server }} knotc -s {{ dns.socket }} zone-begin {{ dns.zone }}
+    ssh {{ dns.server }} knotc -s {{ dns.socket }} zone-set {{ dns.zone }} shell 300 AAAA {{ server_ipv6 }}
+    ssh {{ dns.server }} knotc -s {{ dns.socket }} zone-set {{ dns.zone }} pubnix 300 AAAA {{ jailip }}
+    ssh {{ dns.server }} knotc -s {{ dns.socket }} zone-commit {{ dns.zone }}