Add DNS repo sync to adm hosts

2024-12-23 22:04:55 +00:00 · 2024-12-23 22:04:55 +00:00 · a0f7145f9c
commit a0f7145f9c
parent e9372af0aa
1 changed files with 38 additions and 1 deletions
--- a/playbooks/adm.yml
+++ b/playbooks/adm.yml
@ -18,7 +18,7 @@
        name: /export
        src: LABEL=/export
        fstype: xfs
-        opts: noatime,noexec,nosuid,nodev
+        opts: noatime,nosuid,nodev
        passno: "0"
        dump: "0"
        state: mounted
@ -73,3 +73,40 @@
        mode: "0600"
        owner: root
        group: "{{ ansible_wheel }}"
+
+    - name: Clone dns repo
+      ansible.builtin.git:
+        dest: /export/dns
+        repo: https://adm01.home.foo.sh/dns.git
+        update: true
+        version: master
+      environment:
+        GIT_SSL_CAINFO: "{{ tls_certs }}/ca.crt"
+        GIT_SSL_CERT: "{{ tls_certs }}/{{ inventory_hostname }}.crt"
+        GIT_SSL_KEY: "{{ tls_private }}/{{ inventory_hostname }}.key"
+      when: 'inventory_hostname != "adm01.home.foo.sh"'
+    - name: Link dns repo
+      ansible.builtin.file:
+        dest: /srv/dns
+        src: /export/dns
+        state: link
+        owner: root
+        group: "{{ ansible_wheel }}"
+        follow: false
+    - name: Add cron job to sync dns repo
+      ansible.builtin.cron:
+        name: sync dns repository
+        job: >-
+          GIT_SSL_CAINFO="{{ tls_certs }}/ca.crt"
+          GIT_SSL_CERT="{{ tls_certs }}/{{ inventory_hostname }}.crt"
+          GIT_SSL_KEY="{{ tls_private }}/{{ inventory_hostname }}.key"
+          git -C /srv/dns pull -q
+        minute: "02"
+      when: 'inventory_hostname != "adm01.home.foo.sh"'
+    - name: Links dns repo to web
+      ansible.builtin.file:
+        dest: "/srv/web/{{ inventory_hostname }}/dns.git"
+        src: /srv/dns/.git
+        state: link
+        owner: root
+        group: "{{ ansible_wheel }}"