From fd85d42b133d0ceeda89f285a754efa4d4f7fb49 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Fri, 4 Jun 2021 15:23:13 +0200
Subject: [PATCH 01/33] add ansible configuration

---
 README.md                                |  4 ++
 config/deploy.yml                        |  5 ++
 config/group_vars/all                    |  3 +
 config/hosts                             |  5 ++
 config/roles/common/tasks/main.yml       |  5 ++
 config/roles/knot/handlers/main.yml      |  4 ++
 config/roles/knot/tasks/main.yml         | 27 ++++++++
 config/roles/knot/templates/knot.conf.j2 | 45 +++++++++++++
 knot.conf                                | 85 ------------------------
 9 files changed, 98 insertions(+), 85 deletions(-)
 create mode 100644 config/deploy.yml
 create mode 100644 config/group_vars/all
 create mode 100644 config/hosts
 create mode 100644 config/roles/common/tasks/main.yml
 create mode 100644 config/roles/knot/handlers/main.yml
 create mode 100644 config/roles/knot/tasks/main.yml
 create mode 100644 config/roles/knot/templates/knot.conf.j2
 delete mode 100644 knot.conf

diff --git a/README.md b/README.md
index 11defb0..95dba12 100644
--- a/README.md
+++ b/README.md
@@ -2,3 +2,7 @@
 
 A DNS zone management service to make accessible the [.eu.org](https://nic.eu.org) domain names to everyone.
 
+# Deployment
+
+Deploy the configuration using `ansible-playbook -i config/host config/deploy.yml`
+
diff --git a/config/deploy.yml b/config/deploy.yml
new file mode 100644
index 0000000..8359ca5
--- /dev/null
+++ b/config/deploy.yml
@@ -0,0 +1,5 @@
+---
+- hosts: all
+  roles:
+  - common
+  - knot
diff --git a/config/group_vars/all b/config/group_vars/all
new file mode 100644
index 0000000..3e202d7
--- /dev/null
+++ b/config/group_vars/all
@@ -0,0 +1,3 @@
+---
+zones_dir: "{{ lookup('env', 'ZONE_DIR') | default('../zones', True) }}"
+zones: "{{ lookup('fileglob', zones_dir + '/*.zone', wantlist=True)}}"
diff --git a/config/hosts b/config/hosts
new file mode 100644
index 0000000..ffbd67c
--- /dev/null
+++ b/config/hosts
@@ -0,0 +1,5 @@
+[primary]
+163.172.129.205 ansible_user=root
+
+[secondary]
+51.158.108.60 ansible_user=root
diff --git a/config/roles/common/tasks/main.yml b/config/roles/common/tasks/main.yml
new file mode 100644
index 0000000..82969de
--- /dev/null
+++ b/config/roles/common/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Install common packages
+  apt:
+    pkg:
+      - git
diff --git a/config/roles/knot/handlers/main.yml b/config/roles/knot/handlers/main.yml
new file mode 100644
index 0000000..7458d5c
--- /dev/null
+++ b/config/roles/knot/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+- name: reload knot
+  ansible.builtin.command:
+    cmd: knotc reload
diff --git a/config/roles/knot/tasks/main.yml b/config/roles/knot/tasks/main.yml
new file mode 100644
index 0000000..772fd8b
--- /dev/null
+++ b/config/roles/knot/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- name: Install knot
+  apt:
+    pkg:
+    - knot
+    - knot-dnsutils
+
+- name: Update zones
+  ansible.builtin.copy:
+    src: '{{ zones_dir }}'
+    dest: /var/lib/knot/zones
+    owner: knot
+    group: knot
+    mode: '0644'
+  notify: reload knot
+
+- name:
+  template:
+    src: knot.conf.j2
+    dest: /etc/knot/knot.conf
+  notify: reload knot
+
+- name: Start knot
+  service:
+    name: knot
+    state: started
+    enabled: yes
diff --git a/config/roles/knot/templates/knot.conf.j2 b/config/roles/knot/templates/knot.conf.j2
new file mode 100644
index 0000000..b877fd8
--- /dev/null
+++ b/config/roles/knot/templates/knot.conf.j2
@@ -0,0 +1,45 @@
+server:
+    rundir: "/run/knot"
+    user: knot:knot
+    listen: [ 0.0.0.0@53, ::@53 ]
+
+log:
+  - target: syslog
+    any: info
+
+remote:
+{% for host in groups.all %}
+  - id: {{ hostvars[host].ansible_hostname }}
+    address: [ {{ ( hostvars[host].ansible_all_ipv4_addresses + hostvars[host].ansible_all_ipv6_addresses ) | ansible.netcommon.ipaddr('public') | join(', ') }} ]
+{% endfor %}
+
+acl:
+{% for host in groups.all %}
+  - id: {{ hostvars[host].ansible_hostname }}
+    address: [ {{ ( hostvars[host].ansible_all_ipv4_addresses + hostvars[host].ansible_all_ipv6_addresses ) | ansible.netcommon.ipaddr('public') | join(', ') }} ]
+    action: {% if host in groups.secondary %} transfer {% elif host in groups.primary %} notify {% endif %}
+
+{% endfor %}
+
+template:
+  - id: default
+    storage: "/var/lib/knot"
+    file: "zones/%s.zone"
+
+{% if inventory_hostname in groups.primary %}
+    zonefile-load: difference-no-serial
+    dnssec-signing: on
+    dnssec-policy: default
+    notify: [ {{ groups.secondary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
+    acl: [ {{ groups.secondary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
+{% endif %}
+
+{% if inventory_hostname in groups.secondary %}
+    master: [ {{ groups.primary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
+    acl: [ {{ groups.primary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
+{% endif %}
+
+zone:
+{% for zone in zones %}
+  - domain: {{ zone | basename | splitext | first }}
+{% endfor %}
diff --git a/knot.conf b/knot.conf
deleted file mode 100644
index a78d1b2..0000000
--- a/knot.conf
+++ /dev/null
@@ -1,85 +0,0 @@
-# This is a sample of a minimal configuration file for Knot DNS.
-# See knot.conf(5) or refer to the server documentation.
-
-server:
-    rundir: "/run/knot"
-    user: knot:knot
-    listen: [ 0.0.0.0@53, ::@53 ]
-
-log:
-  - target: syslog
-    any: info
-
-remote:
-#  - id: slave
-#    address: 192.168.1.1@53
-#
-#  - id: master
-#    address: 192.168.2.1@53
-
-  - id: secpb
-    address: [78.194.169.74, 2a01:e34:ec2a:94a0::4]
-
-acl:
-#  - id: acl_slave
-#    address: 192.168.1.1
-#    action: transfer
-#
-#  - id: acl_master
-#    address: 192.168.2.1
-#    action: notify
-
-  - id: secpb_acl
-    address: [78.194.169.74, 2a01:e34:ec2a:94a0::4]
-    action: transfer
-
-template:
-  - id: default
-    storage: "/var/lib/knot"
-    file: "%s.zone"
-    zonefile-load: difference-no-serial
-    dnssec-signing: on
-    dnssec-policy: default
-    notify: secpb
-    acl: secpb_acl
-
-zone:
-#    # Master zone
-#  - domain: example.com
-#    notify: slave
-#    acl: acl_slave
-  - domain: dns-witch.net.eu.org
-
-  - domain: contesludiques.eu.org
-
-  - domain: sumomo.net.eu.org
-
-  - domain: jeuviodeo.fr.eu.org
-
-  - domain: monkeygames.fr.eu.org
-
-  - domain: blog.wehost.lgbt
-
-  - domain: grimoire.eu.org
-  
-  - domain: snug.eu.org
-
-  - domain: wicce.eu.org
-  
-  - domain: stryges.fr.eu.org
-
-  - domain: familier.net.eu.org
-  
-  - domain: dns-witch.eu.org
-
-  - domain: blackconstruct.eu.org
-  
-  - domain: soundsmag.eu.org
-
-  - domain: mutu.fr.eu.org
-  
-  - domain: saimyx.eu.org
-#    # Slave zone
-#  - domain: example.net
-#    master: master
-#    acl: acl_master

From 9665da2dab985b22a081f976d42a361d9d3bc85b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Fri, 4 Jun 2021 15:48:05 +0200
Subject: [PATCH 02/33] remove unused tasks

---
 config/deploy.yml                  | 1 -
 config/roles/common/tasks/main.yml | 5 -----
 config/roles/knot/tasks/main.yml   | 1 +
 3 files changed, 1 insertion(+), 6 deletions(-)
 delete mode 100644 config/roles/common/tasks/main.yml

diff --git a/config/deploy.yml b/config/deploy.yml
index 8359ca5..f25767c 100644
--- a/config/deploy.yml
+++ b/config/deploy.yml
@@ -1,5 +1,4 @@
 ---
 - hosts: all
   roles:
-  - common
   - knot
diff --git a/config/roles/common/tasks/main.yml b/config/roles/common/tasks/main.yml
deleted file mode 100644
index 82969de..0000000
--- a/config/roles/common/tasks/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: Install common packages
-  apt:
-    pkg:
-      - git
diff --git a/config/roles/knot/tasks/main.yml b/config/roles/knot/tasks/main.yml
index 772fd8b..8d9d93e 100644
--- a/config/roles/knot/tasks/main.yml
+++ b/config/roles/knot/tasks/main.yml
@@ -13,6 +13,7 @@
     group: knot
     mode: '0644'
   notify: reload knot
+  when: "inventory_hostname in groups.primary"
 
 - name:
   template:

From 59e3072a71585cb68f8f8cde5388cc5cc8e52b67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Fri, 4 Jun 2021 15:51:46 +0200
Subject: [PATCH 03/33] update readme

---
 README.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 95dba12..0f39214 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,6 @@
 
 A DNS zone management service to make accessible the [.eu.org](https://nic.eu.org) domain names to everyone.
 
-# Deployment
+### Deployment
 
 Deploy the configuration using `ansible-playbook -i config/host config/deploy.yml`
-

From 036c77e33700fe5fc6189b029791025f6523fc0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Fri, 4 Jun 2021 16:06:26 +0200
Subject: [PATCH 04/33] fix zone files copy

---
 config/roles/knot/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/roles/knot/tasks/main.yml b/config/roles/knot/tasks/main.yml
index 8d9d93e..26423c9 100644
--- a/config/roles/knot/tasks/main.yml
+++ b/config/roles/knot/tasks/main.yml
@@ -7,7 +7,7 @@
 
 - name: Update zones
   ansible.builtin.copy:
-    src: '{{ zones_dir }}'
+    src: '{{ zones_dir }}/'
     dest: /var/lib/knot/zones
     owner: knot
     group: knot

From a6a9a646bf5bc9b77eb6716a98755112769a16cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Mon, 7 Jun 2021 18:24:09 +0200
Subject: [PATCH 05/33] add ci script

---
 .gitlab-ci.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 .gitlab-ci.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..67dcb00
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,11 @@
+image: ansible/ansible-runner
+
+before_script:
+  # from https://docs.gitlab.com/ee/ci/ssh_keys/
+  #- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
+  - eval $(ssh-agent -s)
+  - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+  - mkdir -p ~/.ssh
+  - chmod 700 ~/.ssh
+  - echo "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
+  - chmod 644 ~/.ssh/known_hosts

From f0a58499d096464f0a6eccc45312931e9c1e325d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Mon, 7 Jun 2021 18:26:02 +0200
Subject: [PATCH 06/33] add ping job

---
 .gitlab-ci.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 67dcb00..fcb364e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,3 +9,7 @@ before_script:
   - chmod 700 ~/.ssh
   - echo "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
   - chmod 644 ~/.ssh/known_hosts
+
+ping:
+  script:
+  - ansible -i config/hosts -m ping all

From 1ac326f0c1f91dc8646a134aa594a1896f1c59de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Mon, 7 Jun 2021 18:37:40 +0200
Subject: [PATCH 07/33] update known hosts

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index fcb364e..dff7ff0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -7,7 +7,7 @@ before_script:
   - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
   - mkdir -p ~/.ssh
   - chmod 700 ~/.ssh
-  - echo "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
+  - echo "$SSH_KNOWN_HOSTS" >> /root/.ssh/known_hosts
   - chmod 644 ~/.ssh/known_hosts
 
 ping:

From 320e100c116fe7dd056a6a3340c02c5429384d8a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Mon, 7 Jun 2021 18:43:00 +0200
Subject: [PATCH 08/33] fix path

---
 .gitlab-ci.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index dff7ff0..b31a81f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -5,10 +5,10 @@ before_script:
   #- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
   - eval $(ssh-agent -s)
   - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
-  - mkdir -p ~/.ssh
-  - chmod 700 ~/.ssh
+  - mkdir -p /root/.ssh
+  - chmod 700 /root/.ssh
   - echo "$SSH_KNOWN_HOSTS" >> /root/.ssh/known_hosts
-  - chmod 644 ~/.ssh/known_hosts
+  - chmod 644 /root/.ssh/known_hosts
 
 ping:
   script:

From d020ddaaab1919f4309748d6d72eb83ce1869cf9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Mon, 7 Jun 2021 18:44:28 +0200
Subject: [PATCH 09/33] change job

---
 .gitlab-ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b31a81f..63e8ade 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,6 +10,6 @@ before_script:
   - echo "$SSH_KNOWN_HOSTS" >> /root/.ssh/known_hosts
   - chmod 644 /root/.ssh/known_hosts
 
-ping:
+deploy:
   script:
-  - ansible -i config/hosts -m ping all
+  - ansible-playbook -i config/hosts config/deploy.yml

From ab5c8081d2db5c0391f455a36697a5a02fe8bde3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Mon, 7 Jun 2021 18:46:43 +0200
Subject: [PATCH 10/33] install netcommon

---
 .gitlab-ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 63e8ade..92ed128 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,4 +12,5 @@ before_script:
 
 deploy:
   script:
+  - ansible-galaxy collection install ansible.netcommon
   - ansible-playbook -i config/hosts config/deploy.yml

From dba8e70c7137a6b9450d9335a28ef46b2fe3eb7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Mon, 7 Jun 2021 18:48:38 +0200
Subject: [PATCH 11/33] install netaddr

---
 .gitlab-ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 92ed128..8f15736 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -13,4 +13,5 @@ before_script:
 deploy:
   script:
   - ansible-galaxy collection install ansible.netcommon
+  - pip3 install netaddr
   - ansible-playbook -i config/hosts config/deploy.yml

From 23cafb65e2478f435ff06c909b88f82bfa60719f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Mon, 7 Jun 2021 18:55:20 +0200
Subject: [PATCH 12/33] test

---
 .gitlab-ci.yml                      | 2 +-
 config/roles/knot/handlers/main.yml | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8f15736..61f83e2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,7 +2,6 @@ image: ansible/ansible-runner
 
 before_script:
   # from https://docs.gitlab.com/ee/ci/ssh_keys/
-  #- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
   - eval $(ssh-agent -s)
   - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
   - mkdir -p /root/.ssh
@@ -12,6 +11,7 @@ before_script:
 
 deploy:
   script:
+  # TODO: build image with dependencies installed
   - ansible-galaxy collection install ansible.netcommon
   - pip3 install netaddr
   - ansible-playbook -i config/hosts config/deploy.yml
diff --git a/config/roles/knot/handlers/main.yml b/config/roles/knot/handlers/main.yml
index 7458d5c..e2403bb 100644
--- a/config/roles/knot/handlers/main.yml
+++ b/config/roles/knot/handlers/main.yml
@@ -1,4 +1,3 @@
 ---
 - name: reload knot
-  ansible.builtin.command:
-    cmd: knotc reload
+  ansible.builtin.command: knotc reload

From 8694414c4036b3bb7e9e58dbef1f15cb83e2c49f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Mon, 7 Jun 2021 18:56:37 +0200
Subject: [PATCH 13/33] test

---
 config/roles/knot/handlers/main.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/roles/knot/handlers/main.yml b/config/roles/knot/handlers/main.yml
index e2403bb..a9e38d3 100644
--- a/config/roles/knot/handlers/main.yml
+++ b/config/roles/knot/handlers/main.yml
@@ -1,3 +1,4 @@
 ---
 - name: reload knot
-  ansible.builtin.command: knotc reload
+  command:
+    cmd: knotc reload

From 507bb161881b115964bc5b94d5dcd285f9d4f559 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Sun, 25 Jul 2021 17:35:08 +0200
Subject: [PATCH 14/33] add become

---
 config/hosts                        | 4 ++--
 config/roles/knot/handlers/main.yml | 1 +
 config/roles/knot/tasks/main.yml    | 7 ++++++-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/config/hosts b/config/hosts
index ffbd67c..a178558 100644
--- a/config/hosts
+++ b/config/hosts
@@ -1,5 +1,5 @@
 [primary]
-163.172.129.205 ansible_user=root
+dev-ns1.vm ansible_user=roger
 
 [secondary]
-51.158.108.60 ansible_user=root
+dev-ns2.vm ansible_user=roger
diff --git a/config/roles/knot/handlers/main.yml b/config/roles/knot/handlers/main.yml
index a9e38d3..0418a36 100644
--- a/config/roles/knot/handlers/main.yml
+++ b/config/roles/knot/handlers/main.yml
@@ -1,4 +1,5 @@
 ---
 - name: reload knot
+  become: yes
   command:
     cmd: knotc reload
diff --git a/config/roles/knot/tasks/main.yml b/config/roles/knot/tasks/main.yml
index 26423c9..81c3f71 100644
--- a/config/roles/knot/tasks/main.yml
+++ b/config/roles/knot/tasks/main.yml
@@ -1,11 +1,14 @@
 ---
 - name: Install knot
+  become: yes
   apt:
+    update_cache: yes
     pkg:
     - knot
     - knot-dnsutils
 
 - name: Update zones
+  become: yes
   ansible.builtin.copy:
     src: '{{ zones_dir }}/'
     dest: /var/lib/knot/zones
@@ -15,13 +18,15 @@
   notify: reload knot
   when: "inventory_hostname in groups.primary"
 
-- name:
+- name: Deploy conf
+  become: yes
   template:
     src: knot.conf.j2
     dest: /etc/knot/knot.conf
   notify: reload knot
 
 - name: Start knot
+  become: yes
   service:
     name: knot
     state: started

From 39e9de8c77b65c0f4d63fd551a58eaba4e74bc53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Thu, 29 Jul 2021 22:57:24 +0200
Subject: [PATCH 15/33] use catalog zone

---
 .gitlab-ci.yml                       | 24 +++++++++++++++---------
 catalog-zones/dns-witch-catalog.zone |  3 +++
 2 files changed, 18 insertions(+), 9 deletions(-)
 create mode 100644 catalog-zones/dns-witch-catalog.zone

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 61f83e2..b7b082a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,17 +1,23 @@
-image: ansible/ansible-runner
+image: debian:stable-slim
 
 before_script:
+  - apt-get update
+  - apt-get install -y ssh-client
   # from https://docs.gitlab.com/ee/ci/ssh_keys/
   - eval $(ssh-agent -s)
   - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
-  - mkdir -p /root/.ssh
-  - chmod 700 /root/.ssh
-  - echo "$SSH_KNOWN_HOSTS" >> /root/.ssh/known_hosts
-  - chmod 644 /root/.ssh/known_hosts
+  - mkdir -p $HOME/.ssh
+  - chmod 700 $HOME/.ssh
+  - echo "$SSH_KNOWN_HOSTS" >> $HOME/.ssh/known_hosts
+  - chmod 644 $HOME/.ssh/known_hosts
 
 deploy:
   script:
-  # TODO: build image with dependencies installed
-  - ansible-galaxy collection install ansible.netcommon
-  - pip3 install netaddr
-  - ansible-playbook -i config/hosts config/deploy.yml
+  - |
+    for zonefile in zones/*; do
+        zone=$(basename $zonefile)
+        echo $(echo -n $zone | sha1sum | cut -f1 -d' ').zones 0 IN PTR $zone. >> catalog-zone/dns-witch-catalog.zone
+    done
+  - [ -n "$(git diff --name-only HEAD~ zones)" ] && scp $(git diff --name-only HEAD~ zones) ${SSH_PRIMARY_NS}:/var/lib/knot/zones
+  - scp catalog-zones ${SSH_PRIMARY_NS}:/var/lib/knot
+  - ssh ${SSH_PRIMARY_NS} 'chown -R knot:knot /var/lib/knot/{zones,catalog-zones} && knotc reload'
diff --git a/catalog-zones/dns-witch-catalog.zone b/catalog-zones/dns-witch-catalog.zone
new file mode 100644
index 0000000..3ae4021
--- /dev/null
+++ b/catalog-zones/dns-witch-catalog.zone
@@ -0,0 +1,3 @@
+dns-witch-catalog.    300     SOA   ns1.dns-witch.net.eu.org. support.dns-witch.net.eu.org. 2021072102 28800 7200 2419200 300
+dns-witch-catalog.    3600    NS    ns1.dns-witch.net.eu.org.
+dns-witch-catalog.    3600    NS    ns2.dns-witch.net.eu.org.

From 9c9c4bdd4cbe38e3cf599f2d3468e0ebfdb1d91a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Thu, 29 Jul 2021 22:58:52 +0200
Subject: [PATCH 16/33] fix yaml

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b7b082a..074517c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -18,6 +18,6 @@ deploy:
         zone=$(basename $zonefile)
         echo $(echo -n $zone | sha1sum | cut -f1 -d' ').zones 0 IN PTR $zone. >> catalog-zone/dns-witch-catalog.zone
     done
-  - [ -n "$(git diff --name-only HEAD~ zones)" ] && scp $(git diff --name-only HEAD~ zones) ${SSH_PRIMARY_NS}:/var/lib/knot/zones
+  - '[ -n "$(git diff --name-only HEAD~ zones)" ] && scp $(git diff --name-only HEAD~ zones) ${SSH_PRIMARY_NS}:/var/lib/knot/zones'
   - scp catalog-zones ${SSH_PRIMARY_NS}:/var/lib/knot
   - ssh ${SSH_PRIMARY_NS} 'chown -R knot:knot /var/lib/knot/{zones,catalog-zones} && knotc reload'

From 00d3a32d9dacb65d1389dbc20a6f66e149dece35 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Thu, 29 Jul 2021 22:59:55 +0200
Subject: [PATCH 17/33] fix typo

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 074517c..81d5b7a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -16,7 +16,7 @@ deploy:
   - |
     for zonefile in zones/*; do
         zone=$(basename $zonefile)
-        echo $(echo -n $zone | sha1sum | cut -f1 -d' ').zones 0 IN PTR $zone. >> catalog-zone/dns-witch-catalog.zone
+        echo $(echo -n $zone | sha1sum | cut -f1 -d' ').zones 0 IN PTR $zone. >> catalog-zones/dns-witch-catalog.zone
     done
   - '[ -n "$(git diff --name-only HEAD~ zones)" ] && scp $(git diff --name-only HEAD~ zones) ${SSH_PRIMARY_NS}:/var/lib/knot/zones'
   - scp catalog-zones ${SSH_PRIMARY_NS}:/var/lib/knot

From 4c14568d1ff62ae3ffe907445ab8ebfef6624483 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Thu, 29 Jul 2021 23:00:51 +0200
Subject: [PATCH 18/33] fix scp

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 81d5b7a..b728b85 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -19,5 +19,5 @@ deploy:
         echo $(echo -n $zone | sha1sum | cut -f1 -d' ').zones 0 IN PTR $zone. >> catalog-zones/dns-witch-catalog.zone
     done
   - '[ -n "$(git diff --name-only HEAD~ zones)" ] && scp $(git diff --name-only HEAD~ zones) ${SSH_PRIMARY_NS}:/var/lib/knot/zones'
-  - scp catalog-zones ${SSH_PRIMARY_NS}:/var/lib/knot
+  - scp catalog-zones/* ${SSH_PRIMARY_NS}:/var/lib/knot/catalog-zones
   - ssh ${SSH_PRIMARY_NS} 'chown -R knot:knot /var/lib/knot/{zones,catalog-zones} && knotc reload'

From 59cfc3b3564b557dee3a480a87b2589e4fe50ed6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Thu, 29 Jul 2021 23:12:30 +0200
Subject: [PATCH 19/33] add zonecheck

---
 .gitlab-ci.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b728b85..344790e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,7 +2,7 @@ image: debian:stable-slim
 
 before_script:
   - apt-get update
-  - apt-get install -y ssh-client
+  - apt-get install -y ssh-client git knot
   # from https://docs.gitlab.com/ee/ci/ssh_keys/
   - eval $(ssh-agent -s)
   - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
@@ -16,6 +16,7 @@ deploy:
   - |
     for zonefile in zones/*; do
         zone=$(basename $zonefile)
+        kzonecheck -v -o $zone zone/$zonefile
         echo $(echo -n $zone | sha1sum | cut -f1 -d' ').zones 0 IN PTR $zone. >> catalog-zones/dns-witch-catalog.zone
     done
   - '[ -n "$(git diff --name-only HEAD~ zones)" ] && scp $(git diff --name-only HEAD~ zones) ${SSH_PRIMARY_NS}:/var/lib/knot/zones'

From 550805bff19d49ede5ec3c45298bea3b37bd76dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Thu, 29 Jul 2021 23:37:29 +0200
Subject: [PATCH 20/33] fix zone check

---
 .gitlab-ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 344790e..ae8a350 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,8 +15,8 @@ deploy:
   script:
   - |
     for zonefile in zones/*; do
-        zone=$(basename $zonefile)
-        kzonecheck -v -o $zone zone/$zonefile
+        zone=$(basename $zonefile .zone)
+        kzonecheck -v -o $zone $zonefile
         echo $(echo -n $zone | sha1sum | cut -f1 -d' ').zones 0 IN PTR $zone. >> catalog-zones/dns-witch-catalog.zone
     done
   - '[ -n "$(git diff --name-only HEAD~ zones)" ] && scp $(git diff --name-only HEAD~ zones) ${SSH_PRIMARY_NS}:/var/lib/knot/zones'

From ab60278cbae58e027c796309d82884198bdbedc6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Thu, 29 Jul 2021 23:42:53 +0200
Subject: [PATCH 21/33] fix grimoire

---
 .gitlab-ci.yml             | 3 +--
 zones/grimoire.eu.org.zone | 4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ae8a350..d919481 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -19,6 +19,5 @@ deploy:
         kzonecheck -v -o $zone $zonefile
         echo $(echo -n $zone | sha1sum | cut -f1 -d' ').zones 0 IN PTR $zone. >> catalog-zones/dns-witch-catalog.zone
     done
-  - '[ -n "$(git diff --name-only HEAD~ zones)" ] && scp $(git diff --name-only HEAD~ zones) ${SSH_PRIMARY_NS}:/var/lib/knot/zones'
-  - scp catalog-zones/* ${SSH_PRIMARY_NS}:/var/lib/knot/catalog-zones
+  - scp -r zones catalog-zones ${SSH_PRIMARY_NS}:/var/lib/knot/catalog-zones
   - ssh ${SSH_PRIMARY_NS} 'chown -R knot:knot /var/lib/knot/{zones,catalog-zones} && knotc reload'
diff --git a/zones/grimoire.eu.org.zone b/zones/grimoire.eu.org.zone
index b8935e4..3f3ddc2 100644
--- a/zones/grimoire.eu.org.zone
+++ b/zones/grimoire.eu.org.zone
@@ -17,8 +17,8 @@ autel.grimoire.eu.org.	3600	A	95.217.26.22
 ; AAAA Records
 @	IN 3600	  AAAA	2a01:4f9:c010:ed58::1
 *.grimoire.eu.org.  IN	3600	AAAA	2a01:4f9:c010:ed58::1
-autel.grimoire.eu.org.	3600	A	2a01:4f9:c010:ed58::1
-*.autel.grimoire.eu.org.	3600	A	2a01:4f9:c010:ed58::1
+autel.grimoire.eu.org.	3600	AAAA	2a01:4f9:c010:ed58::1
+*.autel.grimoire.eu.org.	3600	AAAA	2a01:4f9:c010:ed58::1
 
 ; MX Records
 @	IN 3600	  MX	10 familier.net.eu.org.

From 54f198a3aaf6c5330414b5a9822e106d1e5464f6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Thu, 29 Jul 2021 23:45:07 +0200
Subject: [PATCH 22/33] fix scp

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d919481..8555d22 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -19,5 +19,5 @@ deploy:
         kzonecheck -v -o $zone $zonefile
         echo $(echo -n $zone | sha1sum | cut -f1 -d' ').zones 0 IN PTR $zone. >> catalog-zones/dns-witch-catalog.zone
     done
-  - scp -r zones catalog-zones ${SSH_PRIMARY_NS}:/var/lib/knot/catalog-zones
+  - scp -r zones catalog-zones ${SSH_PRIMARY_NS}:/var/lib/knot/
   - ssh ${SSH_PRIMARY_NS} 'chown -R knot:knot /var/lib/knot/{zones,catalog-zones} && knotc reload'

From a77fe2b49aa9c03b3d7c630cb4ff517f6d1b7504 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Thu, 29 Jul 2021 23:47:21 +0200
Subject: [PATCH 23/33] simplify ci

---
 .gitlab-ci.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8555d22..ef119bc 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,7 +2,7 @@ image: debian:stable-slim
 
 before_script:
   - apt-get update
-  - apt-get install -y ssh-client git knot
+  - apt-get install -y ssh-client knot
   # from https://docs.gitlab.com/ee/ci/ssh_keys/
   - eval $(ssh-agent -s)
   - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
@@ -16,6 +16,7 @@ deploy:
   - |
     for zonefile in zones/*; do
         zone=$(basename $zonefile .zone)
+        echo "Checking zone $zone..."
         kzonecheck -v -o $zone $zonefile
         echo $(echo -n $zone | sha1sum | cut -f1 -d' ').zones 0 IN PTR $zone. >> catalog-zones/dns-witch-catalog.zone
     done

From b37df1b293162dbc060081605eb9f2e63211cc92 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Fri, 30 Jul 2021 10:33:33 +0200
Subject: [PATCH 24/33] split job

---
 .gitlab-ci.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ef119bc..9cb2fc7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -11,7 +11,7 @@ before_script:
   - echo "$SSH_KNOWN_HOSTS" >> $HOME/.ssh/known_hosts
   - chmod 644 $HOME/.ssh/known_hosts
 
-deploy:
+build:
   script:
   - |
     for zonefile in zones/*; do
@@ -20,5 +20,8 @@ deploy:
         kzonecheck -v -o $zone $zonefile
         echo $(echo -n $zone | sha1sum | cut -f1 -d' ').zones 0 IN PTR $zone. >> catalog-zones/dns-witch-catalog.zone
     done
+
+deploy:
+  script:
   - scp -r zones catalog-zones ${SSH_PRIMARY_NS}:/var/lib/knot/
   - ssh ${SSH_PRIMARY_NS} 'chown -R knot:knot /var/lib/knot/{zones,catalog-zones} && knotc reload'

From 37fd063c0530e4453a8d74fce7ea29e38d0ceece Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Fri, 30 Jul 2021 11:03:48 +0200
Subject: [PATCH 25/33] add stages

---
 .gitlab-ci.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9cb2fc7..8a994b0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -11,7 +11,12 @@ before_script:
   - echo "$SSH_KNOWN_HOSTS" >> $HOME/.ssh/known_hosts
   - chmod 644 $HOME/.ssh/known_hosts
 
+stages:
+- build
+- deploy
+
 build:
+  stage: build
   script:
   - |
     for zonefile in zones/*; do
@@ -22,6 +27,7 @@ build:
     done
 
 deploy:
+  stage: deploy
   script:
   - scp -r zones catalog-zones ${SSH_PRIMARY_NS}:/var/lib/knot/
   - ssh ${SSH_PRIMARY_NS} 'chown -R knot:knot /var/lib/knot/{zones,catalog-zones} && knotc reload'

From 53dfa8d824e178fc1c55cea9961ac97b23a04317 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Fri, 30 Jul 2021 11:08:59 +0200
Subject: [PATCH 26/33] add artifacts

---
 .gitlab-ci.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8a994b0..76b6fc8 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -25,6 +25,10 @@ build:
         kzonecheck -v -o $zone $zonefile
         echo $(echo -n $zone | sha1sum | cut -f1 -d' ').zones 0 IN PTR $zone. >> catalog-zones/dns-witch-catalog.zone
     done
+  artifacts:
+    paths:
+      - catalog-zones/*
+    expire_in: 1 day
 
 deploy:
   stage: deploy

From 65b65aba7f9d60def6ae58805718c316ec79ef9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Fri, 30 Jul 2021 12:46:32 +0200
Subject: [PATCH 27/33] add catalog zone version

---
 catalog-zones/dns-witch-catalog.zone | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/catalog-zones/dns-witch-catalog.zone b/catalog-zones/dns-witch-catalog.zone
index 3ae4021..4a147d0 100644
--- a/catalog-zones/dns-witch-catalog.zone
+++ b/catalog-zones/dns-witch-catalog.zone
@@ -1,3 +1,5 @@
 dns-witch-catalog.    300     SOA   ns1.dns-witch.net.eu.org. support.dns-witch.net.eu.org. 2021072102 28800 7200 2419200 300
 dns-witch-catalog.    3600    NS    ns1.dns-witch.net.eu.org.
 dns-witch-catalog.    3600    NS    ns2.dns-witch.net.eu.org.
+
+version 0 IN TXT "2"

From 02b3954c98a4dcae0a221a9f6473d31e63f5cd55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Fri, 30 Jul 2021 13:39:49 +0200
Subject: [PATCH 28/33] remove config

---
 config/deploy.yml                        |  4 ---
 config/group_vars/all                    |  3 --
 config/hosts                             |  5 ---
 config/roles/knot/handlers/main.yml      |  5 ---
 config/roles/knot/tasks/main.yml         | 33 -----------------
 config/roles/knot/templates/knot.conf.j2 | 45 ------------------------
 6 files changed, 95 deletions(-)
 delete mode 100644 config/deploy.yml
 delete mode 100644 config/group_vars/all
 delete mode 100644 config/hosts
 delete mode 100644 config/roles/knot/handlers/main.yml
 delete mode 100644 config/roles/knot/tasks/main.yml
 delete mode 100644 config/roles/knot/templates/knot.conf.j2

diff --git a/config/deploy.yml b/config/deploy.yml
deleted file mode 100644
index f25767c..0000000
--- a/config/deploy.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-- hosts: all
-  roles:
-  - knot
diff --git a/config/group_vars/all b/config/group_vars/all
deleted file mode 100644
index 3e202d7..0000000
--- a/config/group_vars/all
+++ /dev/null
@@ -1,3 +0,0 @@
----
-zones_dir: "{{ lookup('env', 'ZONE_DIR') | default('../zones', True) }}"
-zones: "{{ lookup('fileglob', zones_dir + '/*.zone', wantlist=True)}}"
diff --git a/config/hosts b/config/hosts
deleted file mode 100644
index a178558..0000000
--- a/config/hosts
+++ /dev/null
@@ -1,5 +0,0 @@
-[primary]
-dev-ns1.vm ansible_user=roger
-
-[secondary]
-dev-ns2.vm ansible_user=roger
diff --git a/config/roles/knot/handlers/main.yml b/config/roles/knot/handlers/main.yml
deleted file mode 100644
index 0418a36..0000000
--- a/config/roles/knot/handlers/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: reload knot
-  become: yes
-  command:
-    cmd: knotc reload
diff --git a/config/roles/knot/tasks/main.yml b/config/roles/knot/tasks/main.yml
deleted file mode 100644
index 81c3f71..0000000
--- a/config/roles/knot/tasks/main.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-- name: Install knot
-  become: yes
-  apt:
-    update_cache: yes
-    pkg:
-    - knot
-    - knot-dnsutils
-
-- name: Update zones
-  become: yes
-  ansible.builtin.copy:
-    src: '{{ zones_dir }}/'
-    dest: /var/lib/knot/zones
-    owner: knot
-    group: knot
-    mode: '0644'
-  notify: reload knot
-  when: "inventory_hostname in groups.primary"
-
-- name: Deploy conf
-  become: yes
-  template:
-    src: knot.conf.j2
-    dest: /etc/knot/knot.conf
-  notify: reload knot
-
-- name: Start knot
-  become: yes
-  service:
-    name: knot
-    state: started
-    enabled: yes
diff --git a/config/roles/knot/templates/knot.conf.j2 b/config/roles/knot/templates/knot.conf.j2
deleted file mode 100644
index b877fd8..0000000
--- a/config/roles/knot/templates/knot.conf.j2
+++ /dev/null
@@ -1,45 +0,0 @@
-server:
-    rundir: "/run/knot"
-    user: knot:knot
-    listen: [ 0.0.0.0@53, ::@53 ]
-
-log:
-  - target: syslog
-    any: info
-
-remote:
-{% for host in groups.all %}
-  - id: {{ hostvars[host].ansible_hostname }}
-    address: [ {{ ( hostvars[host].ansible_all_ipv4_addresses + hostvars[host].ansible_all_ipv6_addresses ) | ansible.netcommon.ipaddr('public') | join(', ') }} ]
-{% endfor %}
-
-acl:
-{% for host in groups.all %}
-  - id: {{ hostvars[host].ansible_hostname }}
-    address: [ {{ ( hostvars[host].ansible_all_ipv4_addresses + hostvars[host].ansible_all_ipv6_addresses ) | ansible.netcommon.ipaddr('public') | join(', ') }} ]
-    action: {% if host in groups.secondary %} transfer {% elif host in groups.primary %} notify {% endif %}
-
-{% endfor %}
-
-template:
-  - id: default
-    storage: "/var/lib/knot"
-    file: "zones/%s.zone"
-
-{% if inventory_hostname in groups.primary %}
-    zonefile-load: difference-no-serial
-    dnssec-signing: on
-    dnssec-policy: default
-    notify: [ {{ groups.secondary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
-    acl: [ {{ groups.secondary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
-{% endif %}
-
-{% if inventory_hostname in groups.secondary %}
-    master: [ {{ groups.primary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
-    acl: [ {{ groups.primary | map('extract', hostvars) | map(attribute='ansible_hostname') | join(', ') }} ]
-{% endif %}
-
-zone:
-{% for zone in zones %}
-  - domain: {{ zone | basename | splitext | first }}
-{% endfor %}

From d8240fbf9b28e567c1057290806a7282f0bdca80 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Fri, 30 Jul 2021 17:15:00 +0200
Subject: [PATCH 29/33] make deploy manual

---
 .gitlab-ci.yml | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 76b6fc8..284a8b3 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -18,13 +18,13 @@ stages:
 build:
   stage: build
   script:
-  - |
-    for zonefile in zones/*; do
-        zone=$(basename $zonefile .zone)
-        echo "Checking zone $zone..."
-        kzonecheck -v -o $zone $zonefile
-        echo $(echo -n $zone | sha1sum | cut -f1 -d' ').zones 0 IN PTR $zone. >> catalog-zones/dns-witch-catalog.zone
-    done
+    - |
+      for zonefile in zones/*; do
+          zone=$(basename $zonefile .zone)
+          echo "Checking zone $zone..."
+          kzonecheck -v -o $zone $zonefile
+          echo $(echo -n $zone | sha1sum | cut -f1 -d' ').zones 0 IN PTR $zone. >> catalog-zones/dns-witch-catalog.zone
+      done
   artifacts:
     paths:
       - catalog-zones/*
@@ -33,5 +33,6 @@ build:
 deploy:
   stage: deploy
   script:
-  - scp -r zones catalog-zones ${SSH_PRIMARY_NS}:/var/lib/knot/
-  - ssh ${SSH_PRIMARY_NS} 'chown -R knot:knot /var/lib/knot/{zones,catalog-zones} && knotc reload'
+    - scp -r zones catalog-zones ${SSH_PRIMARY_NS}:/var/lib/knot/
+    - ssh ${SSH_PRIMARY_NS} 'chown -R knot:knot /var/lib/knot/{zones,catalog-zones} && knotc reload'
+  when: manual

From b6e9ee7956d403cabd54ec61e58bb952a21080a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Tue, 17 Aug 2021 21:35:33 +0200
Subject: [PATCH 30/33] update ci

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 284a8b3..1152a0c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,7 +2,7 @@ image: debian:stable-slim
 
 before_script:
   - apt-get update
-  - apt-get install -y ssh-client knot
+  - apt-get install -y ssh-client knot knot-dnsutils
   # from https://docs.gitlab.com/ee/ci/ssh_keys/
   - eval $(ssh-agent -s)
   - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -

From 0b6d04834227a13cb92a23218ea1b64c3089fd41 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Tue, 17 Aug 2021 22:23:22 +0200
Subject: [PATCH 31/33] update ci

---
 .gitlab-ci.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1152a0c..647cb58 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,7 +9,8 @@ before_script:
   - mkdir -p $HOME/.ssh
   - chmod 700 $HOME/.ssh
   - echo "$SSH_KNOWN_HOSTS" >> $HOME/.ssh/known_hosts
-  - chmod 644 $HOME/.ssh/known_hosts
+  - echo "$SSH_CONFIG" >> $HOME/.ssh/config
+  - chmod 644 $HOME/.ssh/{known_hosts,config}
 
 stages:
 - build
@@ -34,5 +35,5 @@ deploy:
   stage: deploy
   script:
     - scp -r zones catalog-zones ${SSH_PRIMARY_NS}:/var/lib/knot/
-    - ssh ${SSH_PRIMARY_NS} 'chown -R knot:knot /var/lib/knot/{zones,catalog-zones} && knotc reload'
+    - ssh ${SSH_PRIMARY_NS} 'knotc reload'
   when: manual

From 4373b3c422cf28714cb50cdfb644e998196c7d6a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Tue, 17 Aug 2021 22:35:49 +0200
Subject: [PATCH 32/33] fix ci

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 647cb58..64b86fb 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -35,5 +35,5 @@ deploy:
   stage: deploy
   script:
     - scp -r zones catalog-zones ${SSH_PRIMARY_NS}:/var/lib/knot/
-    - ssh ${SSH_PRIMARY_NS} 'knotc reload'
+    - ssh ${SSH_PRIMARY_NS} /usr/sbin/knotc reload
   when: manual

From 85999de4c99ca8ca7ae30a755724e92712ab977a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Berthaud-M=C3=BCller?= <blacksponge@tuta.io>
Date: Tue, 17 Aug 2021 22:38:12 +0200
Subject: [PATCH 33/33] update ci

---
 .gitlab-ci.yml | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 64b86fb..074c72b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,23 +1,14 @@
 image: debian:stable-slim
 
-before_script:
-  - apt-get update
-  - apt-get install -y ssh-client knot knot-dnsutils
-  # from https://docs.gitlab.com/ee/ci/ssh_keys/
-  - eval $(ssh-agent -s)
-  - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
-  - mkdir -p $HOME/.ssh
-  - chmod 700 $HOME/.ssh
-  - echo "$SSH_KNOWN_HOSTS" >> $HOME/.ssh/known_hosts
-  - echo "$SSH_CONFIG" >> $HOME/.ssh/config
-  - chmod 644 $HOME/.ssh/{known_hosts,config}
-
 stages:
 - build
 - deploy
 
 build:
   stage: build
+  before_script:
+    - apt-get update
+    - apt-get install -y knot-dnsutils
   script:
     - |
       for zonefile in zones/*; do
@@ -36,4 +27,15 @@ deploy:
   script:
     - scp -r zones catalog-zones ${SSH_PRIMARY_NS}:/var/lib/knot/
     - ssh ${SSH_PRIMARY_NS} /usr/sbin/knotc reload
+  before_script:
+    - apt-get update
+    - apt-get install -y ssh-client
+      # from https://docs.gitlab.com/ee/ci/ssh_keys/
+    - eval $(ssh-agent -s)
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+    - mkdir -p $HOME/.ssh
+    - chmod 700 $HOME/.ssh
+    - echo "$SSH_KNOWN_HOSTS" >> $HOME/.ssh/known_hosts
+    - echo "$SSH_CONFIG" >> $HOME/.ssh/config
+    - chmod 644 $HOME/.ssh/{known_hosts,config}
   when: manual