slfhst/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

♻️: automate web hostname block for zones

Browse Source
This commit is contained in:
VC
2024-07-05 11:53:54 +02:00
parent c60460f7ea
commit 4cd6760484
6 changed files with 25 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
roles/nsd/tasks/zones.yml
View File

@@ -8,8 +8,13 @@
group: nsd
mode: "0o644"
vars:
# This generates 99 different serial per day
dns_serial: "{{ ansible_date_time.epoch }}"
web_hostname_block: |-
{% for webserver in groups['webservers'] -%}
{% for web_hostname in (hostvars[webserver]['web_hostname'] | select('match', '.+' ~ item.name)) -%}
{{ web_hostname }}. IN CNAME {{ webserver }}.
{% endfor %}
{% endfor %}
- name: Create zone key dir
ansible.builtin.file:

16
roles/nsd/templates/zones/libertus.eu.zone.j2
View File

@@ -1,5 +1,5 @@
$TTL 86400
@ SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. (
@ IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. (
{{ dns_serial }}; timestamp serial number
28800; Refresh
7200; Retry
@@ -8,7 +8,7 @@ $TTL 86400
)
{% for server in groups['nsdservers'] %}
NS {{ server }}.
IN NS {{ server }}.
{% endfor %}
$ORIGIN {{ item.name }}.
@@ -23,19 +23,9 @@ _xmpp-client._tcp IN SRV 0 0 5222 jabber.dmz.mateu.be.
_xmpp-server._tcp IN SRV 0 0 5269 jabber.dmz.mateu.be.
_xmppconnect IN TXT "_xmpp-client-xbosh=https://xmpp.libertus.eu/http-bind"
altsrv IN CNAME ks3370405.kimsufi.com.
blog IN CNAME web1.dmz.mateu.be.
conference IN CNAME jabber.dmz.mateu.be.
dkim._domainkey IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB"
dkim._domainkey.p IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB"
fav IN CNAME web1.dmz.mateu.be.
imap IN CNAME mail.dmz.mateu.be.
mail IN CNAME web1.dmz.mateu.be.
o IN CNAME web1.dmz.mateu.be.
p IN MX 1 mail.dmz.mateu.be.
p 3600 IN TXT "v=spf1 mx a:ks3370405.kimsufi.com -all"
p 3600 IN TXT "spf2.0/mfrom mx a:ks3370405.kimsufi.com -all"
perso IN CNAME web1.dmz.mateu.be.
rss IN CNAME web1.dmz.mateu.be.
smtp IN CNAME mail.dmz.mateu.be.
upload IN CNAME jabber.dmz.mateu.be.
xmpp IN CNAME jabber.dmz.mateu.be.
{{ web_hostname_block }}

13
roles/nsd/templates/zones/mateu.be.zone.j2
View File

@@ -1,5 +1,5 @@
$TTL 86400
@ SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. (
@ IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. (
{{ dns_serial }}; timestamp serial number
28800; Refresh
7200; Retry
@@ -8,7 +8,7 @@ $TTL 86400
)
{% for server in groups['nsdservers'] %}
NS {{ server }}.
IN NS {{ server }}.
{% endfor %}
$ORIGIN {{ item.name }}.
@@ -16,15 +16,12 @@ $ORIGIN {{ item.name }}.
3600 IN TXT "v=spf1 mx a:ks3370405.kimsufi.com -all"
3600 IN TXT "spf2.0/mfrom mx a:ks3370405.kimsufi.com -all"
IN CAA 0 issue "letsencrypt.org"
*.garage IN CNAME garage
_dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:postmaster@mateu.be; adkim=s; aspf=s"
altsrv IN CNAME ks3370405.kimsufi.com.
backup IN A 10.233.212.60
baybay-ponay IN AAAA 2a01:e0a:9bd:2810:9e6b:ff:fe13:ef88
bt IN CNAME bt.dmz.mateu.be.
bt.dmz IN A 82.66.135.228
bt.dmz IN AAAA 2a01:e0a:9bd:2811::3
btf IN CNAME bt.dmz
ciol IN A 109.190.68.133
derdriu IN A 10.233.212.77
dkim._domainkey IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB"
@@ -44,7 +41,6 @@ frederica.dmz IN AAAA 2a01:e0a:9bd:2811::60
ftp IN A 10.233.212.14
ftp.dmz IN A 82.66.135.228
ftp.dmz IN AAAA 2a01:e0a:9bd:2811::14
garage IN CNAME garage1.dmz.mateu.be.
garage1.dmz IN A 82.66.135.228
garage1.dmz IN AAAA 2a01:e0a:9bd:2811::11
garreg-mach IN A 10.233.212.66
@@ -53,7 +49,6 @@ haproxy.dmz IN AAAA 2a01:e0a:9bd:2811::2
imprimante IN A 10.233.212.94
jabber.dmz IN A 82.66.135.228
jabber.dmz IN AAAA 2a01:e0a:9bd:2811::10
jackett IN CNAME bt.dmz.mateu.be.
libertus.eu._report._dmarc IN TXT "v=DMARC1;"
machinbox IN A 82.66.135.228
machinbox IN AAAA 2a01:e0a:9bd:2810::1
@@ -63,7 +58,6 @@ mail.dmz IN AAAA 2a01:e0a:9bd:2811::4
mailalt IN CNAME ks3370405.kimsufi.com.
masto1.dmz IN A 82.66.135.228
masto1.dmz IN AAAA 2a01:e0a:9bd:2811::19
munin IN CNAME munin.dmz
munin.dmz IN A 82.66.135.228
munin.dmz IN AAAA 2a01:e0a:9bd:2811::12
nfs IN A 10.233.212.60
@@ -74,7 +68,6 @@ p.libertus.eu._report._dmarc IN TXT "v=DMARC1;"
pipoworld.fr._report._dmarc IN TXT "v=DMARC1;"
pt1.dmz IN A 82.66.135.228
pt1.dmz IN AAAA 2a01:e0a:9bd:2811::20
r IN CNAME web1.dmz
rb IN A 194.156.203.253
rc IN A 10.233.211.195
ror1.dmz IN A 82.66.135.228
@@ -82,7 +75,6 @@ ror1.dmz IN AAAA 2a01:e0a:9bd:2811::18
sachetpa.st IN CNAME altsrv
serenor.dmz IN AAAA 2a01:e0a:9bd:2811::59
serenor.dmz IN A 82.66.135.228
sonarr IN CNAME bt.dmz
syslog.dmz IN AAAA 2a01:e0a:9bd:2811::8
unifi.dmz IN A 82.66.135.228
unifi.dmz IN AAAA 2a01:e0a:9bd:2811::13
@@ -97,3 +89,4 @@ web2.dmz IN A 82.66.135.228
web2.dmz IN AAAA 2a01:e0a:9bd:2811::6
web3.dmz IN A 82.66.135.228
web3.dmz IN AAAA 2a01:e0a:9bd:2811::17
{{ web_hostname_block }}

17
roles/nsd/templates/zones/nintendojo.fr.zone.j2
View File

@@ -1,5 +1,5 @@
$TTL 86400
@ SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. (
@ IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. (
{{ dns_serial }}; timestamp serial number
28800; Refresh
7200; Retry
@@ -8,7 +8,7 @@ $TTL 86400
)
{% for server in groups['nsdservers'] %}
NS {{ server }}.
IN NS {{ server }}.
{% endfor %}
$ORIGIN {{ item.name }}.
@@ -20,17 +20,6 @@ $ORIGIN {{ item.name }}.
3600 IN TXT "google-site-verification=rIe1fnrQnv-E1H8qsMtEIhM4XYUqCELshWH9pHkwPBI"
IN CAA 0 issue "letsencrypt.org"
_dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:postmaster@mateu.be; adkim=s; aspf=s"
analyse IN CNAME web2.dmz.mateu.be.
dkim._domainkey IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB"
forum IN CNAME web2.dmz.mateu.be.
m IN CNAME masto1.dmz.mateu.be.
medias.m IN CNAME mastodon-ndfr.garage.mateu.be.
mm IN CNAME mail.dmz.mateu.be.
mumble IN CNAME voice1.dmz.mateu.be.
original.p IN CNAME peertube-original-ndfr.garage.mateu.be.
p IN CNAME pt1.dmz.mateu.be.
perso IN CNAME web1.dmz.mateu.be.
playlists.p IN CNAME peertube-videos-ndfr.garage.mateu.be.
radio IN CNAME voice3.dmz.mateu.be.
videos.p IN CNAME peertube-playlists-ndfr.garage.mateu.be.
www IN CNAME web2.dmz.mateu.be.
{{ web_hostname_block }}

14
roles/nsd/templates/zones/parking.zone.j2
View File

@@ -1,5 +1,5 @@
$TTL 86400
@ SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. (
@ IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. (
{{ dns_serial }}; timestamp serial number
28800; Refresh
7200; Retry
@@ -8,12 +8,12 @@ $TTL 86400
)
{% for server in groups['nsdservers'] %}
NS {{ server }}.
IN NS {{ server }}.
{% endfor %}
$ORIGIN {{ item.name }}.
@ CAA 0 issue ";"
@ MX 0 .
@ TXT "v=spf1 -all"
@ TXT "spf2.0/mfrom -all"
_dmarc TXT "v=DMARC1;p=reject;pct=100;sp=reject;aspf=s;"
@ IN CAA 0 issue ";"
@ IN MX 0 .
@ IN TXT "v=spf1 -all"
@ IN TXT "spf2.0/mfrom -all"
_dmarc IN TXT "v=DMARC1;p=reject;pct=100;sp=reject;aspf=s;"

6
roles/nsd/templates/zones/pipoworld.fr.zone.j2
View File

@@ -1,5 +1,5 @@
$TTL 86400
@ SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. (
@ IN SOA {{ groups['master_nsdservers'] | first }}. tech.ovh.net. (
{{ dns_serial }}; timestamp serial number
28800; Refresh
7200; Retry
@@ -8,7 +8,7 @@ $TTL 86400
)
{% for server in groups['nsdservers'] %}
NS {{ server }}.
IN NS {{ server }}.
{% endfor %}
$ORIGIN {{ item.name }}.
@@ -18,4 +18,4 @@ $ORIGIN {{ item.name }}.
IN CAA 0 issue "letsencrypt.org"
_dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:postmaster@mateu.be; adkim=s; aspf=s"
dkim._domainkey IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB"
mm IN CNAME mail.dmz.mateu.be.
{{ web_hostname_block }}