Configure public_dns jail.

ansible/environments/jail/host_vars/public_dns

@@ -0,0 +1 @@
+os_flavor: "freebsd"

ansible/environments/jail/hosts

@@ -4,3 +4,4 @@ homeserver_nat_dhcp ansible_ssh_host=nat_dhcp@172.16.16.2 ansible_connection=ssh
 mrmanager_nat_dhcp ansible_ssh_host=nat_dhcp@10.217.2.1 ansible_connection=sshjail
 nat_dhcp@172.16.16.2 ansible_connection=sshjail
 admin_git ansible_ssh_host=admin_git@10.217.2.1 ansible_connection=sshjail
+public_dns ansible_ssh_host=public_dns@10.217.2.1 ansible_connection=sshjail

ansible/playbook.yaml

@@ -93,10 +93,19 @@
     - plainmacs
     - mrmanager
 
-- hosts: admin_git
+- hosts: admin_git:public_dns
   vars:
     ansible_become: True
   roles:
     - sudo
     - doas
     - users
+
+- hosts: public_dns
+  vars:
+    ansible_become: True
+  roles:
+    - sudo
+    - doas
+    - users
+    - public_dns

ansible/roles/public_dns/files/Corefile

@@ -0,0 +1,6 @@
+fizz.buzz.:53 {
+    log
+    errors
+    health
+    file /usr/local/etc/coredns/master.db
+}

ansible/roles/public_dns/files/coredns_rc.conf

@@ -0,0 +1 @@
+coredns_enable="YES"

ansible/roles/public_dns/files/master.db

@@ -0,0 +1,14 @@
+$ORIGIN fizz.buzz.
+@	3600 IN	SOA sns.dns.icann.org. noc.dns.icann.org. (
+				2023061800 ; serial
+				7200       ; refresh (2 hours)
+				3600       ; retry (1 hour)
+				1209600    ; expire (2 weeks)
+				3600       ; minimum (1 hour)
+				)
+
+	3600 IN NS a.iana-servers.net.
+	3600 IN NS b.iana-servers.net.
+
+www     IN A     127.0.0.1
+        IN AAAA  ::1

ansible/roles/public_dns/tasks/common.yaml

@@ -0,0 +1,5 @@
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'

ansible/roles/public_dns/tasks/freebsd.yaml

@@ -0,0 +1,39 @@
+- name: Install packages
+  package:
+    name:
+      - coredns
+    state: present
+
+- name: Install service configuration
+  copy:
+    src: "files/{{ item }}_rc.conf"
+    dest: "/etc/rc.conf.d/{{ item }}"
+    mode: 0644
+    owner: root
+    group: wheel
+  loop:
+    - coredns
+
+
+- name: Create directories
+  file:
+    name: "{{ item }}"
+    state: directory
+    mode: 0755
+    owner: root
+    group: wheel
+  loop:
+    - /usr/local/etc/coredns
+
+- name: Copy files
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0644
+    owner: root
+    group: wheel
+  loop:
+    - src: Corefile
+      dest: /usr/local/etc/coredns/
+    - src: master.db
+      dest: /usr/local/etc/coredns/

ansible/roles/public_dns/tasks/linux.yaml

@@ -0,0 +1,29 @@
+# - name: Build aur packages
+#   register: buildaur
+#   become_user: "{{ build_user.name }}"
+#   command: "aurutils-sync --no-view {{ item }}"
+#   args:
+#     creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
+#   loop:
+#     - foo
+
+# - name: Update cache
+#   when: buildaur.changed
+#   pacman:
+#     name: []
+#     state: present
+#     update_cache: true
+    
+# - name: Install packages
+#   package:
+#     name:
+#       - foo
+#     state: present
+
+# - name: Enable services
+#   systemd:
+#     enabled: yes
+#     name: "{{ item }}"
+#     daemon_reload: yes
+#   loop:
+#     - foo.service

ansible/roles/public_dns/tasks/main.yaml

@@ -0,0 +1,2 @@
+- import_tasks: tasks/common.yaml
+  # when: foo is defined

ansible/run.bash

@@ -36,6 +36,8 @@ elif [ "$target" = "jail_mrmanager_nat_dhcp" ]; then
     ansible-playbook -v -i environments/jail playbook.yaml --diff --limit mrmanager_nat_dhcp "${@}"
 elif [ "$target" = "jail_admin_git" ]; then
     ansible-playbook -v -i environments/jail playbook.yaml --diff --limit admin_git "${@}"
+elif [ "$target" = "jail_public_dns" ]; then
+    ansible-playbook -v -i environments/jail playbook.yaml --diff --limit public_dns "${@}"
 else
     die 1 "Unrecognized target"
 fi