From a10922166b62d890e3e0fd2b9fb12c039ff6b65b Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sun, 18 Jun 2023 15:21:16 -0400 Subject: [PATCH] Configure public_dns jail. --- .../environments/jail/host_vars/public_dns | 1 + ansible/environments/jail/hosts | 1 + ansible/playbook.yaml | 11 +++++- ansible/roles/public_dns/files/Corefile | 6 +++ .../roles/public_dns/files/coredns_rc.conf | 1 + ansible/roles/public_dns/files/master.db | 14 +++++++ ansible/roles/public_dns/tasks/common.yaml | 5 +++ ansible/roles/public_dns/tasks/freebsd.yaml | 39 +++++++++++++++++++ ansible/roles/public_dns/tasks/linux.yaml | 29 ++++++++++++++ ansible/roles/public_dns/tasks/main.yaml | 2 + ansible/run.bash | 2 + 11 files changed, 110 insertions(+), 1 deletion(-) create mode 100644 ansible/environments/jail/host_vars/public_dns create mode 100644 ansible/roles/public_dns/files/Corefile create mode 100644 ansible/roles/public_dns/files/coredns_rc.conf create mode 100644 ansible/roles/public_dns/files/master.db create mode 100644 ansible/roles/public_dns/tasks/common.yaml create mode 100644 ansible/roles/public_dns/tasks/freebsd.yaml create mode 100644 ansible/roles/public_dns/tasks/linux.yaml create mode 100644 ansible/roles/public_dns/tasks/main.yaml diff --git a/ansible/environments/jail/host_vars/public_dns b/ansible/environments/jail/host_vars/public_dns new file mode 100644 index 0000000..1d0b6d9 --- /dev/null +++ b/ansible/environments/jail/host_vars/public_dns @@ -0,0 +1 @@ +os_flavor: "freebsd" diff --git a/ansible/environments/jail/hosts b/ansible/environments/jail/hosts index 6ac7acb..8b6ac08 100644 --- a/ansible/environments/jail/hosts +++ b/ansible/environments/jail/hosts @@ -4,3 +4,4 @@ homeserver_nat_dhcp ansible_ssh_host=nat_dhcp@172.16.16.2 ansible_connection=ssh mrmanager_nat_dhcp ansible_ssh_host=nat_dhcp@10.217.2.1 ansible_connection=sshjail nat_dhcp@172.16.16.2 ansible_connection=sshjail admin_git ansible_ssh_host=admin_git@10.217.2.1 ansible_connection=sshjail +public_dns ansible_ssh_host=public_dns@10.217.2.1 ansible_connection=sshjail diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index 20c759b..8dc3e9b 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -93,10 +93,19 @@ - plainmacs - mrmanager -- hosts: admin_git +- hosts: admin_git:public_dns vars: ansible_become: True roles: - sudo - doas - users + +- hosts: public_dns + vars: + ansible_become: True + roles: + - sudo + - doas + - users + - public_dns diff --git a/ansible/roles/public_dns/files/Corefile b/ansible/roles/public_dns/files/Corefile new file mode 100644 index 0000000..136215c --- /dev/null +++ b/ansible/roles/public_dns/files/Corefile @@ -0,0 +1,6 @@ +fizz.buzz.:53 { + log + errors + health + file /usr/local/etc/coredns/master.db +} diff --git a/ansible/roles/public_dns/files/coredns_rc.conf b/ansible/roles/public_dns/files/coredns_rc.conf new file mode 100644 index 0000000..4779fe0 --- /dev/null +++ b/ansible/roles/public_dns/files/coredns_rc.conf @@ -0,0 +1 @@ +coredns_enable="YES" diff --git a/ansible/roles/public_dns/files/master.db b/ansible/roles/public_dns/files/master.db new file mode 100644 index 0000000..a4cbbcb --- /dev/null +++ b/ansible/roles/public_dns/files/master.db @@ -0,0 +1,14 @@ +$ORIGIN fizz.buzz. +@ 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. ( + 2023061800 ; serial + 7200 ; refresh (2 hours) + 3600 ; retry (1 hour) + 1209600 ; expire (2 weeks) + 3600 ; minimum (1 hour) + ) + + 3600 IN NS a.iana-servers.net. + 3600 IN NS b.iana-servers.net. + +www IN A 127.0.0.1 + IN AAAA ::1 diff --git a/ansible/roles/public_dns/tasks/common.yaml b/ansible/roles/public_dns/tasks/common.yaml new file mode 100644 index 0000000..c4f2d20 --- /dev/null +++ b/ansible/roles/public_dns/tasks/common.yaml @@ -0,0 +1,5 @@ +- import_tasks: tasks/freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/linux.yaml + when: 'os_flavor == "linux"' diff --git a/ansible/roles/public_dns/tasks/freebsd.yaml b/ansible/roles/public_dns/tasks/freebsd.yaml new file mode 100644 index 0000000..2231b5c --- /dev/null +++ b/ansible/roles/public_dns/tasks/freebsd.yaml @@ -0,0 +1,39 @@ +- name: Install packages + package: + name: + - coredns + state: present + +- name: Install service configuration + copy: + src: "files/{{ item }}_rc.conf" + dest: "/etc/rc.conf.d/{{ item }}" + mode: 0644 + owner: root + group: wheel + loop: + - coredns + + +- name: Create directories + file: + name: "{{ item }}" + state: directory + mode: 0755 + owner: root + group: wheel + loop: + - /usr/local/etc/coredns + +- name: Copy files + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0644 + owner: root + group: wheel + loop: + - src: Corefile + dest: /usr/local/etc/coredns/ + - src: master.db + dest: /usr/local/etc/coredns/ diff --git a/ansible/roles/public_dns/tasks/linux.yaml b/ansible/roles/public_dns/tasks/linux.yaml new file mode 100644 index 0000000..43ba876 --- /dev/null +++ b/ansible/roles/public_dns/tasks/linux.yaml @@ -0,0 +1,29 @@ +# - name: Build aur packages +# register: buildaur +# become_user: "{{ build_user.name }}" +# command: "aurutils-sync --no-view {{ item }}" +# args: +# creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*" +# loop: +# - foo + +# - name: Update cache +# when: buildaur.changed +# pacman: +# name: [] +# state: present +# update_cache: true + +# - name: Install packages +# package: +# name: +# - foo +# state: present + +# - name: Enable services +# systemd: +# enabled: yes +# name: "{{ item }}" +# daemon_reload: yes +# loop: +# - foo.service diff --git a/ansible/roles/public_dns/tasks/main.yaml b/ansible/roles/public_dns/tasks/main.yaml new file mode 100644 index 0000000..6805b9d --- /dev/null +++ b/ansible/roles/public_dns/tasks/main.yaml @@ -0,0 +1,2 @@ +- import_tasks: tasks/common.yaml + # when: foo is defined diff --git a/ansible/run.bash b/ansible/run.bash index 12ab0b7..294ba62 100755 --- a/ansible/run.bash +++ b/ansible/run.bash @@ -36,6 +36,8 @@ elif [ "$target" = "jail_mrmanager_nat_dhcp" ]; then ansible-playbook -v -i environments/jail playbook.yaml --diff --limit mrmanager_nat_dhcp "${@}" elif [ "$target" = "jail_admin_git" ]; then ansible-playbook -v -i environments/jail playbook.yaml --diff --limit admin_git "${@}" +elif [ "$target" = "jail_public_dns" ]; then + ansible-playbook -v -i environments/jail playbook.yaml --diff --limit public_dns "${@}" else die 1 "Unrecognized target" fi