From f3a0496912c4ceb9d2032946bb0e31525f50a613 Mon Sep 17 00:00:00 2001
From: Matthew Fennell <matthew@fennell.dev>
Date: Sat, 10 Jan 2026 15:39:31 +0000
Subject: Tag all DNS steps

There are some cases where I do not want to run DNS-related steps. For
instance, when setting up a new server, which should replace an existing one,
it is necessary to skip the DNS steps until the server has been fully migrated
and I am ready to switch the hot/cold sides.

Therefore, tag all DNS steps. This allows them to be skipped during ansible
playbook execution using --skip-tags dns.
---
 playbook.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/playbook.yaml b/playbook.yaml
index 2fbaa56..d4db5da 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -89,6 +89,8 @@
    - name: Take note of DANE hash
      ansible.builtin.set_fact:
       dane_hash: "{{ dane_result.stdout }}"
+     tags:
+      - dns
 
    - name: Ensure common records exist
      ansible.builtin.uri:
@@ -144,6 +146,8 @@
           tlsa_selector: "1"
           tlsa_matching: "1"
      delegate_to: localhost
+     tags:
+      - dns
 
    - name: Ensure non-transport records exist
      ansible.builtin.uri:
@@ -199,6 +203,8 @@
           tlsa_matching: "1"
      delegate_to: localhost
      when: not is_transport_server
+     tags:
+      - dns
 
    # We specifically use apt instead of the more general package module here,
    # because we want to ensure the cache is updated before we try and install
-- 
cgit v1.2.3