banananetwork
/
ansible
1
0
Fork 0
Code Issues Pull Requests Releases Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dehydrated
wip
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
ansible/playbooks/dns.yml

144 lines
5.0 KiB
YAML
Raw Permalink Blame History

- name: Configure hatoria as dns server
hosts: hatoria.banananet.work
vars:
# Source: https://docs.hetzner.com/dns-console/dns/general/authoritative-name-servers
hetzner_authoritatives:
- ns1.first-ns.de.
- robotns2.second-ns.de.
- robotns3.second-ns.com.
hetzner_authoritatives_ip:
# ns1.first-ns.de.
- "213.239.242.238"
- "2a01:4f8:0:a101::a:1"
# robotns2.second-ns.de.
- "213.133.105.6"
- "2a01:4f8:d0a:2004::2"
# robotns3.second-ns.com.
- "193.47.99.3"
- "2001:67c:192c::add:a3"
mailbox_mx:
- 10 mxext1.mailbox.org.
- 10 mxext2.mailbox.org.
- 20 mxext3.mailbox.org.
mailbox_spf: >-
"v=spf1 include:mailbox.org"
mailbox_dkim_keys:
- name: MBO0001
data: >-
"v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2K4PavXoNY8eGK2u61"
"LIQlOHS8f5sWsCK5b+HMOfo0M+aNHwfqlVdzi/IwmYnuDKuXYuCllrgnxZ4fG4yV"
"aux58v9grVsFHdzdjPlAQfp5rkiETYpCMZwgsmdseJ4CoZaosPHLjPumFE/Ua2WA"
"QQljnunsM9TONM9L6KxrO9t5IISD1XtJb0bq1lVI/e72k3mnPd/q77qzhTDmwN4T"
"SNJZN8sxzUJx9HNSMRRoEIHSDLTIJUK+Up8IeCx0B7CiOzG5w/cHyZ3AM5V8lkqB"
"aTDK46AwTkTVGJf59QxUZArG3FEH5vy9HzDmy0tGG+053/x4RqkhqMg5/ClDm+lp"
"ZqWwIDAQAB"
- name: MBO0002
data: >-
"v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxEKIg2c48ecfmy/+r"
"j35sBOhdfIYGNDCMeHy0b36DX6MNtS7zA/VDR2q5ubtHzraL5uUGas8kb/33wtrW"
"FYxierLRXy12qj8ItdYCRugu9tXTByEED05WdBtRzJmrb8YBMfeK0E0K3wwoWfhI"
"k/wzKbjMkbqYBOTYLlIcVGQWzOfN7/n3n+VChfu6sGFK3k2qrJNnw22iFy4C8Ks7"
"j77+tCpm0PoUwA2hOdLrRw3ldx2E9PH0GVwIMJRgekY6cS7DrbHrj/AeGlwfwwCS"
"i9T23mYvc79nVrh2+82ZqmkpZSTD2qq+ukOkyjdRuUPck6e2b+x141Nzd81dIZVf"
"OEiwIDAQAB"
roles:
- role: dns/master
domain: banananet.work
main_nameserver_domain: "ns1.banananet.work" # required glue entry already configured
responsible_mail_name: hostmaster.banananet.work
slaves_ip: "{{ hetzner_authoritatives_ip }}"
entries:
# main NS entry
- type: NS
data: ns1.banananet.work.
# Hetzner NS entries
- type: NS
data: "{{ hetzner_authoritatives }}"
# limit CA
- type: CAA
data: 0 issue "letsencrypt.org"
# Mailbox Mail configuration
- domain: bca8c01774fd59c9756c68532174fd5b85762fee # domain verification
type: TXT
data: 7a99f795a552c812b55c7f809920bf25db96137b
- type: MX
data: "{{ mailbox_mx }}"
- type: TXT
data: "{{ mailbox_spf }}"
- domain: "{{ mailbox_dkim_keys[0].name }}._domainkey"
type: TXT
data: "{{ mailbox_dkim_keys[0].data }}"
- domain: "{{ mailbox_dkim_keys[1].name }}._domainkey"
type: TXT
data: "{{ mailbox_dkim_keys[1].data }}"
- domain: _dmarc
type: TXT
data: v=DMARC1;p=none
- domain: autoconfig
type: CNAME
data: mailbox.org.
- domain: _autodiscover._tcp
type: SRV
data: "0 0 443 mailbox.org."
- domain: _submission._tcp
type: SRV
data: "10 10 465 smtp.mailbox.org."
- domain: _imaps._tcp
type: SRV
data: "10 10 993 imap.mailbox.org."
- domain: _hkps.tcp
type: SRV
data: "10 10 443 pgp.mailbox.org."
# other entries
- domain: _minecraft._tcp.wg
type: SRV
data: "10 10 10110 mc.wg.{{ domain }}."
- role: dns/master
domain: forumderschan.de
main_nameserver_domain: "ns1.banananet.work"
responsible_mail_name: hostmaster.banananet.work
slaves_ip: "{{ hetzner_authoritatives_ip }}"
entries:
# main NS entry
- type: NS
data: ns1.banananet.work.
# Hetzner NS entries
- type: NS
data: "{{ hetzner_authoritatives }}"
# limit CA
- type: CAA
data: 0 issue "letsencrypt.org"
- role: dns/master
domain: stadtpiraten-karlsruhe.de
main_nameserver_domain: "ns1.banananet.work"
responsible_mail_name: hostmaster.banananet.work
entries:
# main NS entry
- type: NS
data: ns1.banananet.work.
# limit CA
- type: CAA
data: 0 issue "letsencrypt.org"
- name: Add public available hosts to dns zones
hosts: public_available
roles:
- role: dns/server_entries
domain: "{{ inventory_hostname }}"
- name: Arbitary entries
# all tasks/roles here must be local only
hosts: all # select any host as not important
run_once: yes # run only once "for first host"
gather_facts: no # do not gather facts from host as these may not be used
roles:
- role: ext_mail/mailjet
tags:
- mailjet
- wg.banananet.work
domain: wg.banananet.work
verification_name: 5803f0f5
verification_data: 5803f0f5f4278d66327350f7a8141b70
Reference in New Issue View Git Blame Copy Permalink