diff --git a/roles/nsd/tasks/zones.yml b/roles/nsd/tasks/zones.yml index e4919e9..489da8f 100644 --- a/roles/nsd/tasks/zones.yml +++ b/roles/nsd/tasks/zones.yml @@ -8,8 +8,13 @@ group: nsd mode: "0o644" vars: - # This generates 99 different serial per day dns_serial: "{{ ansible_date_time.epoch }}" + web_hostname_block: |- + {% for webserver in groups['webservers'] -%} + {% for web_hostname in (hostvars[webserver]['web_hostname'] | select('match', '.+' ~ item.name)) -%} + {{ web_hostname }}. IN CNAME {{ webserver }}. + {% endfor %} + {% endfor %} - name: Create zone key dir ansible.builtin.file: diff --git a/roles/nsd/templates/zones/libertus.eu.zone.j2 b/roles/nsd/templates/zones/libertus.eu.zone.j2 index 1b44404..4211e4b 100644 --- a/roles/nsd/templates/zones/libertus.eu.zone.j2 +++ b/roles/nsd/templates/zones/libertus.eu.zone.j2 @@ -1,5 +1,5 @@ $TTL 86400 -@ SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. ( +@ IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. ( {{ dns_serial }}; timestamp serial number 28800; Refresh 7200; Retry @@ -8,7 +8,7 @@ $TTL 86400 ) {% for server in groups['nsdservers'] %} - NS {{ server }}. + IN NS {{ server }}. {% endfor %} $ORIGIN {{ item.name }}. @@ -23,19 +23,9 @@ _xmpp-client._tcp IN SRV 0 0 5222 jabber.dmz.mateu.be. _xmpp-server._tcp IN SRV 0 0 5269 jabber.dmz.mateu.be. _xmppconnect IN TXT "_xmpp-client-xbosh=https://xmpp.libertus.eu/http-bind" altsrv IN CNAME ks3370405.kimsufi.com. -blog IN CNAME web1.dmz.mateu.be. -conference IN CNAME jabber.dmz.mateu.be. dkim._domainkey IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB" dkim._domainkey.p IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB" -fav IN CNAME web1.dmz.mateu.be. -imap IN CNAME mail.dmz.mateu.be. -mail IN CNAME web1.dmz.mateu.be. -o IN CNAME web1.dmz.mateu.be. p IN MX 1 mail.dmz.mateu.be. p 3600 IN TXT "v=spf1 mx a:ks3370405.kimsufi.com -all" p 3600 IN TXT "spf2.0/mfrom mx a:ks3370405.kimsufi.com -all" -perso IN CNAME web1.dmz.mateu.be. -rss IN CNAME web1.dmz.mateu.be. -smtp IN CNAME mail.dmz.mateu.be. -upload IN CNAME jabber.dmz.mateu.be. -xmpp IN CNAME jabber.dmz.mateu.be. +{{ web_hostname_block }} diff --git a/roles/nsd/templates/zones/mateu.be.zone.j2 b/roles/nsd/templates/zones/mateu.be.zone.j2 index 8edfde5..b07667d 100644 --- a/roles/nsd/templates/zones/mateu.be.zone.j2 +++ b/roles/nsd/templates/zones/mateu.be.zone.j2 @@ -1,5 +1,5 @@ $TTL 86400 -@ SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. ( +@ IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. ( {{ dns_serial }}; timestamp serial number 28800; Refresh 7200; Retry @@ -8,7 +8,7 @@ $TTL 86400 ) {% for server in groups['nsdservers'] %} - NS {{ server }}. + IN NS {{ server }}. {% endfor %} $ORIGIN {{ item.name }}. @@ -16,15 +16,12 @@ $ORIGIN {{ item.name }}. 3600 IN TXT "v=spf1 mx a:ks3370405.kimsufi.com -all" 3600 IN TXT "spf2.0/mfrom mx a:ks3370405.kimsufi.com -all" IN CAA 0 issue "letsencrypt.org" -*.garage IN CNAME garage _dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:postmaster@mateu.be; adkim=s; aspf=s" altsrv IN CNAME ks3370405.kimsufi.com. backup IN A 10.233.212.60 baybay-ponay IN AAAA 2a01:e0a:9bd:2810:9e6b:ff:fe13:ef88 -bt IN CNAME bt.dmz.mateu.be. bt.dmz IN A 82.66.135.228 bt.dmz IN AAAA 2a01:e0a:9bd:2811::3 -btf IN CNAME bt.dmz ciol IN A 109.190.68.133 derdriu IN A 10.233.212.77 dkim._domainkey IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB" @@ -44,7 +41,6 @@ frederica.dmz IN AAAA 2a01:e0a:9bd:2811::60 ftp IN A 10.233.212.14 ftp.dmz IN A 82.66.135.228 ftp.dmz IN AAAA 2a01:e0a:9bd:2811::14 -garage IN CNAME garage1.dmz.mateu.be. garage1.dmz IN A 82.66.135.228 garage1.dmz IN AAAA 2a01:e0a:9bd:2811::11 garreg-mach IN A 10.233.212.66 @@ -53,7 +49,6 @@ haproxy.dmz IN AAAA 2a01:e0a:9bd:2811::2 imprimante IN A 10.233.212.94 jabber.dmz IN A 82.66.135.228 jabber.dmz IN AAAA 2a01:e0a:9bd:2811::10 -jackett IN CNAME bt.dmz.mateu.be. libertus.eu._report._dmarc IN TXT "v=DMARC1;" machinbox IN A 82.66.135.228 machinbox IN AAAA 2a01:e0a:9bd:2810::1 @@ -63,7 +58,6 @@ mail.dmz IN AAAA 2a01:e0a:9bd:2811::4 mailalt IN CNAME ks3370405.kimsufi.com. masto1.dmz IN A 82.66.135.228 masto1.dmz IN AAAA 2a01:e0a:9bd:2811::19 -munin IN CNAME munin.dmz munin.dmz IN A 82.66.135.228 munin.dmz IN AAAA 2a01:e0a:9bd:2811::12 nfs IN A 10.233.212.60 @@ -74,7 +68,6 @@ p.libertus.eu._report._dmarc IN TXT "v=DMARC1;" pipoworld.fr._report._dmarc IN TXT "v=DMARC1;" pt1.dmz IN A 82.66.135.228 pt1.dmz IN AAAA 2a01:e0a:9bd:2811::20 -r IN CNAME web1.dmz rb IN A 194.156.203.253 rc IN A 10.233.211.195 ror1.dmz IN A 82.66.135.228 @@ -82,7 +75,6 @@ ror1.dmz IN AAAA 2a01:e0a:9bd:2811::18 sachetpa.st IN CNAME altsrv serenor.dmz IN AAAA 2a01:e0a:9bd:2811::59 serenor.dmz IN A 82.66.135.228 -sonarr IN CNAME bt.dmz syslog.dmz IN AAAA 2a01:e0a:9bd:2811::8 unifi.dmz IN A 82.66.135.228 unifi.dmz IN AAAA 2a01:e0a:9bd:2811::13 @@ -97,3 +89,4 @@ web2.dmz IN A 82.66.135.228 web2.dmz IN AAAA 2a01:e0a:9bd:2811::6 web3.dmz IN A 82.66.135.228 web3.dmz IN AAAA 2a01:e0a:9bd:2811::17 +{{ web_hostname_block }} diff --git a/roles/nsd/templates/zones/nintendojo.fr.zone.j2 b/roles/nsd/templates/zones/nintendojo.fr.zone.j2 index 51a1534..d4c0f1a 100644 --- a/roles/nsd/templates/zones/nintendojo.fr.zone.j2 +++ b/roles/nsd/templates/zones/nintendojo.fr.zone.j2 @@ -1,5 +1,5 @@ $TTL 86400 -@ SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. ( +@ IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. ( {{ dns_serial }}; timestamp serial number 28800; Refresh 7200; Retry @@ -8,7 +8,7 @@ $TTL 86400 ) {% for server in groups['nsdservers'] %} - NS {{ server }}. + IN NS {{ server }}. {% endfor %} $ORIGIN {{ item.name }}. @@ -20,17 +20,6 @@ $ORIGIN {{ item.name }}. 3600 IN TXT "google-site-verification=rIe1fnrQnv-E1H8qsMtEIhM4XYUqCELshWH9pHkwPBI" IN CAA 0 issue "letsencrypt.org" _dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:postmaster@mateu.be; adkim=s; aspf=s" -analyse IN CNAME web2.dmz.mateu.be. dkim._domainkey IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB" -forum IN CNAME web2.dmz.mateu.be. -m IN CNAME masto1.dmz.mateu.be. -medias.m IN CNAME mastodon-ndfr.garage.mateu.be. -mm IN CNAME mail.dmz.mateu.be. mumble IN CNAME voice1.dmz.mateu.be. -original.p IN CNAME peertube-original-ndfr.garage.mateu.be. -p IN CNAME pt1.dmz.mateu.be. -perso IN CNAME web1.dmz.mateu.be. -playlists.p IN CNAME peertube-videos-ndfr.garage.mateu.be. -radio IN CNAME voice3.dmz.mateu.be. -videos.p IN CNAME peertube-playlists-ndfr.garage.mateu.be. -www IN CNAME web2.dmz.mateu.be. +{{ web_hostname_block }} diff --git a/roles/nsd/templates/zones/parking.zone.j2 b/roles/nsd/templates/zones/parking.zone.j2 index a619276..77a6611 100644 --- a/roles/nsd/templates/zones/parking.zone.j2 +++ b/roles/nsd/templates/zones/parking.zone.j2 @@ -1,5 +1,5 @@ $TTL 86400 -@ SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. ( +@ IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. ( {{ dns_serial }}; timestamp serial number 28800; Refresh 7200; Retry @@ -8,12 +8,12 @@ $TTL 86400 ) {% for server in groups['nsdservers'] %} - NS {{ server }}. + IN NS {{ server }}. {% endfor %} $ORIGIN {{ item.name }}. -@ CAA 0 issue ";" -@ MX 0 . -@ TXT "v=spf1 -all" -@ TXT "spf2.0/mfrom -all" -_dmarc TXT "v=DMARC1;p=reject;pct=100;sp=reject;aspf=s;" +@ IN CAA 0 issue ";" +@ IN MX 0 . +@ IN TXT "v=spf1 -all" +@ IN TXT "spf2.0/mfrom -all" +_dmarc IN TXT "v=DMARC1;p=reject;pct=100;sp=reject;aspf=s;" diff --git a/roles/nsd/templates/zones/pipoworld.fr.zone.j2 b/roles/nsd/templates/zones/pipoworld.fr.zone.j2 index 6a22b27..24ae816 100644 --- a/roles/nsd/templates/zones/pipoworld.fr.zone.j2 +++ b/roles/nsd/templates/zones/pipoworld.fr.zone.j2 @@ -1,5 +1,5 @@ $TTL 86400 -@ SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. ( +@ IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. ( {{ dns_serial }}; timestamp serial number 28800; Refresh 7200; Retry @@ -8,7 +8,7 @@ $TTL 86400 ) {% for server in groups['nsdservers'] %} - NS {{ server }}. + IN NS {{ server }}. {% endfor %} $ORIGIN {{ item.name }}. @@ -18,4 +18,4 @@ $ORIGIN {{ item.name }}. IN CAA 0 issue "letsencrypt.org" _dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:postmaster@mateu.be; adkim=s; aspf=s" dkim._domainkey IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB" -mm IN CNAME mail.dmz.mateu.be. +{{ web_hostname_block }}