added playbook powerdns-bullseye

2022-04-06 12:09:41 +02:00 · 2022-04-06 12:09:41 +02:00 · a1a3891d02
parent 437a1b2f8e
commit a1a3891d02
5 changed files with 57 additions and 0 deletions
--- a/powerdns-bullseye.yml
+++ b/powerdns-bullseye.yml
@ -0,0 +1,11 @@
+---
+- hosts: all
+  become: true
+  tasks:
+    - import_tasks: tasks/debian-general/repositories-bullseye.yml
+    - import_tasks: tasks/debian-general/upgrade.yml
+    - import_tasks: tasks/debian-general/gnupg2.yml
+    - import_tasks: tasks/powerdns-bullseye/gpg-key.yml
+    - import_tasks: tasks/powerdns-bullseye/repositories-authoritative.yml
+    - import_tasks: tasks/debian-general/upgrade.yml
+    - import_tasks: tasks/powerdns-bullseye/powerdns-authoritative.yml
--- a/tasks/debian-general/gnupg2.yml
+++ b/tasks/debian-general/gnupg2.yml
@ -0,0 +1,7 @@
+---
+- name: Ensure gnupg2 is installed and updated
+  ansible.builtin.apt:
+    update_cache: yes
+    cache_valid_time: 0
+    name: gnupg2
+    state: latest
--- a/tasks/powerdns-bullseye/gpg-key.yml
+++ b/tasks/powerdns-bullseye/gpg-key.yml
@ -0,0 +1,19 @@
+---
+- name: Check if PowerDNS GPG key is already present
+  ansible.builtin.stat:
+    path: /etc/apt/trusted.gpg.d/pdns.gpg
+  register: pdns_gpg_presence
+- name: Download armored PowerDNS GPG key
+  ansible.builtin.get_url:
+    url: https://repo.powerdns.com/FD380FBB-pub.asc
+    dest: /tmp/pdns.asc
+  when: not pdns_gpg_presence.stat.exists
+- name: Ensure unarmored PowerDNS GPG key is present
+  ansible.builtin.command:
+    cmd: gpg --dearmor -o /etc/apt/trusted.gpg.d/pdns.gpg /tmp/pdns.asc
+  when: not pdns_gpg_presence.stat.exists
+- name: Remove temporary armored PowerDNS GPG key
+  ansible.builtin.file:
+    path: /tmp/pdns.asc
+    state: absent
+  when: not pdns_gpg_presence.stat.exists
--- a/tasks/powerdns-bullseye/powerdns-authoritative.yml
+++ b/tasks/powerdns-bullseye/powerdns-authoritative.yml
@ -0,0 +1,7 @@
+---
+- name: Ensure PowerDNS authoritative server is installed and updated
+  ansible.builtin.apt:
+    update_cache: yes
+    cache_valid_time: 0
+    name: pdns-server
+    state: latest
--- a/tasks/powerdns-bullseye/repositories-authoritative.yml
+++ b/tasks/powerdns-bullseye/repositories-authoritative.yml
@ -0,0 +1,13 @@
+---
+- name: Ensure PowerDNS repositories are set up correctly
+  ansible.builtin.copy:
+    dest: /etc/apt/sources.list.d/pdns.list
+    content: |
+      deb [arch=amd64] http://repo.powerdns.com/debian bullseye-auth-46 main
+- name: Ensure PowerDNS repository preferences are set up correctly
+  ansible.builtin.copy:
+    dest: /etc/apt/preferences.d/pdns
+    content: |
+      Package: pdns-*
+      Pin: origin repo.powerdns.com
+      Pin-Priority: 600