From 48d35b39c07b8e4844e8dc351d1dada9006820f4 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Sun, 23 Apr 2023 23:57:57 +0200
Subject: [PATCH 1/2] use separate role for package management

---
 ansible/hermes.yml                     | 14 +-------------
 ansible/inventory/host_vars/hermes.yml |  4 ++++
 ansible/requirements.yml               |  3 +++
 3 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/ansible/hermes.yml b/ansible/hermes.yml
index 0440e0d..3c05e29 100644
--- a/ansible/hermes.yml
+++ b/ansible/hermes.yml
@@ -6,20 +6,8 @@
 
 - name: Install services
   hosts: all
-  pre_tasks:
-    - name: Update repositories
-      apt:
-        autoremove: true
-        upgrade: yes
-        state: latest
-        update_cache: yes
-        cache_valid_time: 86400 # One day
-    - name: Install packages
-      apt:
-        pkg:
-          - qemu-guest-agent
-          - dnsutils
   roles:
+    - {role: 'setup-apt', tags: 'setup-apt'}
     - {role: 'dnsmasq', tags: 'dnsmasq'}
     - {role: 'nsd', tags: 'nsd'}
     - {role: 'ssh-ca', tags: 'ssh-ca'}
diff --git a/ansible/inventory/host_vars/hermes.yml b/ansible/inventory/host_vars/hermes.yml
index 1092d00..c2a2498 100644
--- a/ansible/inventory/host_vars/hermes.yml
+++ b/ansible/inventory/host_vars/hermes.yml
@@ -1,3 +1,7 @@
+apt_install_packages:
+  - qemu-guest-agent
+  - dnsutils
+
 ssh_ca_dir: /root/ssh_ca
 ssh_ca_user_ca_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKOClnK6/Hj8INjEgULY/lD2FM/nbiJHqaSXtEw4+Fj User Certificate Authority for DMZ"
 ssh_ca_host_ca_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x Host Certficate Authority for DMZ"
diff --git a/ansible/requirements.yml b/ansible/requirements.yml
index e945591..c30fccb 100644
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@@ -1,3 +1,6 @@
+- name: setup-apt
+  src: https://github.com/sunscrapers/ansible-role-apt.git
+  scm: git
 - name: cloudinit-wait
   src: https://git.pim.kunis.nl/pim/ansible-role-cloudinit-wait
   scm: git

From 39d94671de12351603c8ea486cb326c299e1db02 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Mon, 24 Apr 2023 00:00:28 +0200
Subject: [PATCH 2/2] manage DNS with resolv.conf again

---
 ansible/hermes.yml  | 5 +++++
 ansible/resolv.conf | 1 +
 2 files changed, 6 insertions(+)
 create mode 100644 ansible/resolv.conf

diff --git a/ansible/hermes.yml b/ansible/hermes.yml
index 3c05e29..042f034 100644
--- a/ansible/hermes.yml
+++ b/ansible/hermes.yml
@@ -6,6 +6,11 @@
 
 - name: Install services
   hosts: all
+  pre_tasks:
+    - name: Copy resolv.conf
+      copy:
+        src: resolv.conf
+        dest: /etc/resolv.conf
   roles:
     - {role: 'setup-apt', tags: 'setup-apt'}
     - {role: 'dnsmasq', tags: 'dnsmasq'}
diff --git a/ansible/resolv.conf b/ansible/resolv.conf
new file mode 100644
index 0000000..14b2a3d
--- /dev/null
+++ b/ansible/resolv.conf
@@ -0,0 +1 @@
+nameserver 192.168.30.1