- name: Configure nvak as dns server hosts: nvak.banananet.work vars: # Source: https://docs.hetzner.com/dns-console/dns/general/authoritative-name-servers hetzner_authoritatives: - ns1.first-ns.de. - robotns2.second-ns.de. - robotns3.second-ns.com. hetzner_authoritatives_ip: # ns1.first-ns.de. - "213.239.242.238" - "2a01:4f8:0:a101::a:1" # robotns2.second-ns.de. - "213.133.105.6" - "2a01:4f8:d0a:2004::2" # robotns3.second-ns.com. - "193.47.99.3" - "2001:67c:192c::add:a3" mailbox_mx: - 10 mxext1.mailbox.org. - 10 mxext2.mailbox.org. - 20 mxext3.mailbox.org. mailbox_spf: >- "v=spf1 include:mailbox.org" mailbox_dkim_keys: - name: MBO0001 data: >- "v=DKIM1; k=rsa; " "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2K4PavXoNY8eGK2u61" "LIQlOHS8f5sWsCK5b+HMOfo0M+aNHwfqlVdzi/IwmYnuDKuXYuCllrgnxZ4fG4yV" "aux58v9grVsFHdzdjPlAQfp5rkiETYpCMZwgsmdseJ4CoZaosPHLjPumFE/Ua2WA" "QQljnunsM9TONM9L6KxrO9t5IISD1XtJb0bq1lVI/e72k3mnPd/q77qzhTDmwN4T" "SNJZN8sxzUJx9HNSMRRoEIHSDLTIJUK+Up8IeCx0B7CiOzG5w/cHyZ3AM5V8lkqB" "aTDK46AwTkTVGJf59QxUZArG3FEH5vy9HzDmy0tGG+053/x4RqkhqMg5/ClDm+lp" "ZqWwIDAQAB" - name: MBO0002 data: >- "v=DKIM1; k=rsa; " "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxEKIg2c48ecfmy/+r" "j35sBOhdfIYGNDCMeHy0b36DX6MNtS7zA/VDR2q5ubtHzraL5uUGas8kb/33wtrW" "FYxierLRXy12qj8ItdYCRugu9tXTByEED05WdBtRzJmrb8YBMfeK0E0K3wwoWfhI" "k/wzKbjMkbqYBOTYLlIcVGQWzOfN7/n3n+VChfu6sGFK3k2qrJNnw22iFy4C8Ks7" "j77+tCpm0PoUwA2hOdLrRw3ldx2E9PH0GVwIMJRgekY6cS7DrbHrj/AeGlwfwwCS" "i9T23mYvc79nVrh2+82ZqmkpZSTD2qq+ukOkyjdRuUPck6e2b+x141Nzd81dIZVf" "OEiwIDAQAB" roles: - role: dns/master domain: banananet.work responsible_mail_name: hostmaster.banananet.work slaves_ip: "{{ hetzner_authoritatives_ip }}" entries: # Hetzner NS entries - type: NS data: "{{ hetzner_authoritatives }}" # limit CA - type: CAA data: 0 issue "letsencrypt.org" # Mailbox Mail configuration - domain: bca8c01774fd59c9756c68532174fd5b85762fee # domain verification type: TXT data: 7a99f795a552c812b55c7f809920bf25db96137b - type: MX data: "{{ mailbox_mx }}" - type: TXT data: "{{ mailbox_spf }}" - domain: "{{ mailbox_dkim_keys[0].name }}._domainkey" type: TXT data: "{{ mailbox_dkim_keys[0].data }}" - domain: "{{ mailbox_dkim_keys[1].name }}._domainkey" type: TXT data: "{{ mailbox_dkim_keys[1].data }}" - domain: _dmarc type: TXT data: v=DMARC1;p=none - domain: autoconfig type: CNAME data: mailbox.org. - domain: _autodiscover._tcp type: SRV data: "0 0 443 mailbox.org." - domain: _submission._tcp type: SRV data: "10 10 465 smtp.mailbox.org." - domain: _imaps._tcp type: SRV data: "10 10 993 imap.mailbox.org." - domain: _hkps.tcp type: SRV data: "10 10 443 pgp.mailbox.org." # other entries - domain: _minecraft._tcp.wg type: SRV data: "10 10 10110 mc.wg.{{ domain }}." - role: dns/master domain: forumderschan.de responsible_mail_name: hostmaster.banananet.work slaves_ip: "{{ hetzner_authoritatives_ip }}" entries: # Glue record - type: NS data: ns1.banananet.work. # Hetzner NS entries - type: NS data: "{{ hetzner_authoritatives }}" # limit CA - type: CAA data: 0 issue "letsencrypt.org" - role: dns/master domain: stadtpiraten-karlsruhe.de responsible_mail_name: hostmaster.banananet.work entries: # Glue record - type: NS data: ns1.banananet.work. # limit CA - type: CAA data: 0 issue "letsencrypt.org" - name: Add public available hosts to dns zones hosts: public_available roles: - role: dns/server_entries domain: "{{ inventory_hostname }}" - name: Arbitary entries # all tasks/roles here must be local only hosts: all # select any host as not important run_once: yes # run only once "for first host" gather_facts: no # do not gather facts from host as these may not be used roles: