diff --git a/roles/nsd/tasks/zones.yml b/roles/nsd/tasks/zones.yml index 8b90003..c557f5f 100644 --- a/roles/nsd/tasks/zones.yml +++ b/roles/nsd/tasks/zones.yml @@ -12,7 +12,7 @@ web_hostname_block: |- {% for webserver in groups['webservers'] -%} {% for web_hostname in (hostvars[webserver]['web_hostname'] | select('match', '.+' ~ item.name)) -%} - {{ web_hostname | regex_replace('\.' ~ item.name ~ '$', '') }} IN CNAME {{ webserver }}. + {{ web_hostname | regex_replace('\.' ~ item.name ~ '$', '') }} IN CNAME {{ webserver }}. {% endfor %} {% endfor %} diff --git a/roles/nsd/templates/zones/libertus.eu.zone.j2 b/roles/nsd/templates/zones/libertus.eu.zone.j2 index 5f91cef..6524ee8 100644 --- a/roles/nsd/templates/zones/libertus.eu.zone.j2 +++ b/roles/nsd/templates/zones/libertus.eu.zone.j2 @@ -8,26 +8,26 @@ $TTL 86400 ) {% for server in groups['nsdservers'] %} - IN NS {{ server }}. +@ IN NS {{ server }}. {% endfor %} $ORIGIN {{ item.name }}. - IN CAA 0 issue "letsencrypt.org" - IN MX 1 mail.dmz.mateu.be. - IN A 82.66.135.228 - IN AAAA 2a01:e0a:9bd:2811::10 - 3600 IN TXT "v=spf1 mx a:ks3370405.kimsufi.com -all" - 3600 IN TXT "spf2.0/mfrom mx a:ks3370405.kimsufi.com -all" -_dmarc 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:postmaster@mateu.be; adkim=s; aspf=s" -dkim._domainkey 3600 IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB" -_jabber._tcp IN SRV 0 0 5269 jabber.dmz.mateu.be. -_xmpp-client._tcp IN SRV 0 0 5222 jabber.dmz.mateu.be. -_xmpp-server._tcp IN SRV 0 0 5269 jabber.dmz.mateu.be. -_xmppconnect IN TXT "_xmpp-client-xbosh=https://xmpp.libertus.eu/http-bind" -altsrv IN CNAME ks3370405.kimsufi.com. -p IN MX 1 mail.dmz.mateu.be. -p 3600 IN TXT "v=spf1 mx a:ks3370405.kimsufi.com -all" -p 3600 IN TXT "spf2.0/mfrom mx a:ks3370405.kimsufi.com -all" -_dmarc.p 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:postmaster@mateu.be; adkim=s; aspf=s" -dkim._domainkey.p 3600 IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB" +@ IN CAA 0 issue "letsencrypt.org" +@ IN MX 1 mail.dmz.mateu.be. +@ IN A 82.66.135.228 +@ IN AAAA 2a01:e0a:9bd:2811::10 +@ 3600 IN TXT "v=spf1 mx a:ks3370405.kimsufi.com -all" +@ 3600 IN TXT "spf2.0/mfrom mx a:ks3370405.kimsufi.com -all" +_dmarc 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:postmaster@mateu.be; adkim=s; aspf=s" +dkim._domainkey 3600 IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB" +_jabber._tcp IN SRV 0 0 5269 jabber.dmz.mateu.be. +_xmpp-client._tcp IN SRV 0 0 5222 jabber.dmz.mateu.be. +_xmpp-server._tcp IN SRV 0 0 5269 jabber.dmz.mateu.be. +_xmppconnect IN TXT "_xmpp-client-xbosh=https://xmpp.libertus.eu/http-bind" +altsrv IN CNAME ks3370405.kimsufi.com. +p IN MX 1 mail.dmz.mateu.be. +p 3600 IN TXT "v=spf1 mx a:ks3370405.kimsufi.com -all" +p 3600 IN TXT "spf2.0/mfrom mx a:ks3370405.kimsufi.com -all" +_dmarc.p 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:postmaster@mateu.be; adkim=s; aspf=s" +dkim._domainkey.p 3600 IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB" {{ web_hostname_block }} diff --git a/roles/nsd/templates/zones/mateu.be.zone.j2 b/roles/nsd/templates/zones/mateu.be.zone.j2 index aaeea58..7828d59 100644 --- a/roles/nsd/templates/zones/mateu.be.zone.j2 +++ b/roles/nsd/templates/zones/mateu.be.zone.j2 @@ -9,91 +9,91 @@ $TTL 86400 {% for server in groups['nsdservers'] %} {% for ip_family in ['v4', 'v6'] %} - IN NS {{ server | regex_replace('^([a-z0-9-]+)\\.', '\\1-' ~ ip_family ~ '.') }}. +@ IN NS {{ server | regex_replace('^([a-z0-9-]+)\\.', '\\1-' ~ ip_family ~ '.') }}. {% endfor %} {% endfor %} $ORIGIN {{ item.name }}. - IN CAA 0 issue "letsencrypt.org" - IN MX 1 mail.dmz.mateu.be. - 3600 IN TXT "v=spf1 mx a:ks3370405.kimsufi.com -all" - 3600 IN TXT "spf2.0/mfrom mx a:ks3370405.kimsufi.com -all" -_dmarc 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:postmaster@mateu.be; adkim=s; aspf=s" -dkim._domainkey 3600 IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB" -libertus.eu._report._dmarc 3600 IN TXT "v=DMARC1;" -nintendojo.fr._report._dmarc 3600 IN TXT "v=DMARC1;" -p.libertus.eu._report._dmarc 3600 IN TXT "v=DMARC1;" -altsrv IN CNAME ks3370405.kimsufi.com. -backup IN A 10.233.212.60 -baybay-ponay IN AAAA 2a01:e0a:9bd:2810:9e6b:ff:fe13:ef88 -bt.dmz IN A 82.66.135.228 -bt.dmz IN AAAA 2a01:e0a:9bd:2811::3 -ciol IN A 109.190.68.133 -derdriu IN A 10.233.212.77 -dns1.dmz IN A 82.66.135.228 -dns1-v4.dmz IN A 82.66.135.228 -dns1.dmz IN AAAA 2a01:e0a:9bd:2811::16 -dns1-v6.dmz IN AAAA 2a01:e0a:9bd:2811::16 -dom IN A 10.233.212.15 -dom.dmz IN A 82.66.135.228 -dom.dmz IN AAAA 2a01:e0a:9bd:2811::15 -emerandon.st IN CNAME altsrv -enbarr.dmz IN AAAA 2a01:e0a:9bd:2811::50 -es1.dmz IN AAAA 2a01:e0a:9bd:2811::21 -es1.dmz IN A 82.66.135.228 -evse IN A 10.233.211.198 -fc IN A 10.233.211.194 -frederica.dmz IN A 82.66.135.228 -frederica.dmz IN AAAA 2a01:e0a:9bd:2811::60 -ftp IN A 10.233.212.14 -ftp.dmz IN A 82.66.135.228 -ftp.dmz IN AAAA 2a01:e0a:9bd:2811::14 -garage1.dmz IN A 82.66.135.228 -garage1.dmz IN AAAA 2a01:e0a:9bd:2811::11 -garreg-mach IN A 10.233.212.66 -haproxy.dmz IN A 82.66.135.228 -haproxy.dmz IN AAAA 2a01:e0a:9bd:2811::2 -imprimante IN A 10.233.212.94 -jabber.dmz IN A 82.66.135.228 -jabber.dmz IN AAAA 2a01:e0a:9bd:2811::10 -machinbox IN A 82.66.135.228 -machinbox IN AAAA 2a01:e0a:9bd:2810::1 -mail-relay IN A 37.187.5.75 -mail.dmz IN A 82.66.135.228 -mail.dmz IN AAAA 2a01:e0a:9bd:2811::4 -mailalt IN CNAME ks3370405.kimsufi.com. -masto1.dmz IN A 82.66.135.228 -masto1.dmz IN AAAA 2a01:e0a:9bd:2811::19 -munin.dmz IN A 82.66.135.228 -munin.dmz IN AAAA 2a01:e0a:9bd:2811::12 -nfs IN A 10.233.212.60 -nsd-master1.ext IN A 51.158.238.190 -nsd-master1-v4.ext IN A 51.158.238.190 -nsd-master1.ext IN AAAA 2001:bc8:5090:5bb:dc00:ff:fe20:8869 -nsd-master1-v6.ext IN AAAA 2001:bc8:5090:5bb:dc00:ff:fe20:8869 -pt1.dmz IN A 82.66.135.228 -pt1.dmz IN AAAA 2a01:e0a:9bd:2811::20 -rb IN A 194.156.203.253 -rc IN A 10.233.211.195 -ror1.dmz IN A 82.66.135.228 -ror1.dmz IN AAAA 2a01:e0a:9bd:2811::18 -sachetpa.st IN CNAME altsrv -serenor.dmz IN AAAA 2a01:e0a:9bd:2811::59 -serenor.dmz IN A 82.66.135.228 -syslog.dmz IN AAAA 2a01:e0a:9bd:2811::8 -unifi.dmz IN A 82.66.135.228 -unifi.dmz IN AAAA 2a01:e0a:9bd:2811::13 -veretcle.st IN CNAME altsrv -voice1.dmz IN A 82.66.135.228 -voice1.dmz IN AAAA 2a01:e0a:9bd:2811::7 -voice3.dmz IN A 82.66.135.228 -voice3.dmz IN AAAA 2a01:e0a:9bd:2811::9 -web1.dmz IN A 82.66.135.228 -web1.dmz IN AAAA 2a01:e0a:9bd:2811::5 -web2.dmz IN A 82.66.135.228 -web2.dmz IN AAAA 2a01:e0a:9bd:2811::6 -web3.dmz IN A 82.66.135.228 -web3.dmz IN AAAA 2a01:e0a:9bd:2811::17 -k3s1.ext IN A 51.159.232.38 -k3s1.ext IN AAAA 2001:bc8:51b0:292:dc00:ff:fe0c:20bb +@ IN CAA 0 issue "letsencrypt.org" +@ IN MX 1 mail.dmz.mateu.be. +@ 3600 IN TXT "v=spf1 mx a:ks3370405.kimsufi.com -all" +@ 3600 IN TXT "spf2.0/mfrom mx a:ks3370405.kimsufi.com -all" +_dmarc 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:postmaster@mateu.be; adkim=s; aspf=s" +dkim._domainkey 3600 IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB" +libertus.eu._report._dmarc 3600 IN TXT "v=DMARC1;" +nintendojo.fr._report._dmarc 3600 IN TXT "v=DMARC1;" +p.libertus.eu._report._dmarc 3600 IN TXT "v=DMARC1;" +altsrv IN CNAME ks3370405.kimsufi.com. +backup IN A 10.233.212.60 +baybay-ponay IN AAAA 2a01:e0a:9bd:2810:9e6b:ff:fe13:ef88 +bt.dmz IN A 82.66.135.228 +bt.dmz IN AAAA 2a01:e0a:9bd:2811::3 +ciol IN A 109.190.68.133 +derdriu IN A 10.233.212.77 +dns1.dmz IN A 82.66.135.228 +dns1-v4.dmz IN A 82.66.135.228 +dns1.dmz IN AAAA 2a01:e0a:9bd:2811::16 +dns1-v6.dmz IN AAAA 2a01:e0a:9bd:2811::16 +dom IN A 10.233.212.15 +dom.dmz IN A 82.66.135.228 +dom.dmz IN AAAA 2a01:e0a:9bd:2811::15 +emerandon.st IN CNAME altsrv +enbarr.dmz IN AAAA 2a01:e0a:9bd:2811::50 +es1.dmz IN AAAA 2a01:e0a:9bd:2811::21 +es1.dmz IN A 82.66.135.228 +evse IN A 10.233.211.198 +fc IN A 10.233.211.194 +frederica.dmz IN A 82.66.135.228 +frederica.dmz IN AAAA 2a01:e0a:9bd:2811::60 +ftp IN A 10.233.212.14 +ftp.dmz IN A 82.66.135.228 +ftp.dmz IN AAAA 2a01:e0a:9bd:2811::14 +garage1.dmz IN A 82.66.135.228 +garage1.dmz IN AAAA 2a01:e0a:9bd:2811::11 +garreg-mach IN A 10.233.212.66 +haproxy.dmz IN A 82.66.135.228 +haproxy.dmz IN AAAA 2a01:e0a:9bd:2811::2 +imprimante IN A 10.233.212.94 +jabber.dmz IN A 82.66.135.228 +jabber.dmz IN AAAA 2a01:e0a:9bd:2811::10 +machinbox IN A 82.66.135.228 +machinbox IN AAAA 2a01:e0a:9bd:2810::1 +mail-relay IN A 37.187.5.75 +mail.dmz IN A 82.66.135.228 +mail.dmz IN AAAA 2a01:e0a:9bd:2811::4 +mailalt IN CNAME altsrv +masto1.dmz IN A 82.66.135.228 +masto1.dmz IN AAAA 2a01:e0a:9bd:2811::19 +munin.dmz IN A 82.66.135.228 +munin.dmz IN AAAA 2a01:e0a:9bd:2811::12 +nfs IN A 10.233.212.60 +nsd-master1.ext IN A 51.158.238.190 +nsd-master1-v4.ext IN A 51.158.238.190 +nsd-master1.ext IN AAAA 2001:bc8:5090:5bb:dc00:ff:fe20:8869 +nsd-master1-v6.ext IN AAAA 2001:bc8:5090:5bb:dc00:ff:fe20:8869 +pt1.dmz IN A 82.66.135.228 +pt1.dmz IN AAAA 2a01:e0a:9bd:2811::20 +rb IN A 194.156.203.253 +rc IN A 10.233.211.195 +ror1.dmz IN A 82.66.135.228 +ror1.dmz IN AAAA 2a01:e0a:9bd:2811::18 +sachetpa.st IN CNAME altsrv +serenor.dmz IN AAAA 2a01:e0a:9bd:2811::59 +serenor.dmz IN A 82.66.135.228 +syslog.dmz IN AAAA 2a01:e0a:9bd:2811::8 +unifi.dmz IN A 82.66.135.228 +unifi.dmz IN AAAA 2a01:e0a:9bd:2811::13 +veretcle.st IN CNAME altsrv +voice1.dmz IN A 82.66.135.228 +voice1.dmz IN AAAA 2a01:e0a:9bd:2811::7 +voice3.dmz IN A 82.66.135.228 +voice3.dmz IN AAAA 2a01:e0a:9bd:2811::9 +web1.dmz IN A 82.66.135.228 +web1.dmz IN AAAA 2a01:e0a:9bd:2811::5 +web2.dmz IN A 82.66.135.228 +web2.dmz IN AAAA 2a01:e0a:9bd:2811::6 +web3.dmz IN A 82.66.135.228 +web3.dmz IN AAAA 2a01:e0a:9bd:2811::17 +k3s1.ext IN A 51.159.232.38 +k3s1.ext IN AAAA 2001:bc8:51b0:292:dc00:ff:fe0c:20bb {{ web_hostname_block }} diff --git a/roles/nsd/templates/zones/nintendojo.fr.zone.j2 b/roles/nsd/templates/zones/nintendojo.fr.zone.j2 index b0898d1..59cd21a 100644 --- a/roles/nsd/templates/zones/nintendojo.fr.zone.j2 +++ b/roles/nsd/templates/zones/nintendojo.fr.zone.j2 @@ -8,18 +8,18 @@ $TTL 86400 ) {% for server in groups['nsdservers'] %} - IN NS {{ server }}. +@ IN NS {{ server }}. {% endfor %} $ORIGIN {{ item.name }}. - IN CAA 0 issue "letsencrypt.org" - IN MX 1 mail.dmz.mateu.be. - IN A 82.66.135.228 - IN AAAA 2a01:e0a:9bd:2811::6 - 3600 IN TXT "v=spf1 mx a:ks3370405.kimsufi.com -all" - 3600 IN TXT "spf2.0/mfrom mx a:ks3370405.kimsufi.com -all" - 3600 IN TXT "google-site-verification=rIe1fnrQnv-E1H8qsMtEIhM4XYUqCELshWH9pHkwPBI" -_dmarc 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:postmaster@mateu.be; adkim=s; aspf=s" -dkim._domainkey 3600 IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB" -mumble IN CNAME voice1.dmz.mateu.be. +@ IN CAA 0 issue "letsencrypt.org" +@ IN MX 1 mail.dmz.mateu.be. +@ IN A 82.66.135.228 +@ IN AAAA 2a01:e0a:9bd:2811::6 +@ 3600 IN TXT "v=spf1 mx a:ks3370405.kimsufi.com -all" +@ 3600 IN TXT "spf2.0/mfrom mx a:ks3370405.kimsufi.com -all" +@ 3600 IN TXT "google-site-verification=rIe1fnrQnv-E1H8qsMtEIhM4XYUqCELshWH9pHkwPBI" +_dmarc 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:postmaster@mateu.be; adkim=s; aspf=s" +dkim._domainkey 3600 IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3kGIw5015Q35LLbkGwaBE+wC0PseodezDdkoGwzRsazEWINv1bg0mCIjtDbXLpv5VgRSynRyB+764i15DoFJp6mabcHlXxQVBWMClAtCJ9+Fn6SEwQjFbQeuFVQKH3xMwIq0S+ggP7qhFTaiLBn909Fi8oEMXGvqbBSlvoaeJwIDAQAB" +mumble IN CNAME voice1.dmz.mateu.be. {{ web_hostname_block }} diff --git a/roles/nsd/templates/zones/parking.zone.j2 b/roles/nsd/templates/zones/parking.zone.j2 index 77a6611..3d80b0f 100644 --- a/roles/nsd/templates/zones/parking.zone.j2 +++ b/roles/nsd/templates/zones/parking.zone.j2 @@ -8,12 +8,12 @@ $TTL 86400 ) {% for server in groups['nsdservers'] %} - IN NS {{ server }}. +@ IN NS {{ server }}. {% endfor %} $ORIGIN {{ item.name }}. -@ IN CAA 0 issue ";" -@ IN MX 0 . -@ IN TXT "v=spf1 -all" -@ IN TXT "spf2.0/mfrom -all" -_dmarc IN TXT "v=DMARC1;p=reject;pct=100;sp=reject;aspf=s;" +@ IN CAA 0 issue ";" +@ IN MX 0 . +@ IN TXT "v=spf1 -all" +@ IN TXT "spf2.0/mfrom -all" +_dmarc IN TXT "v=DMARC1;p=reject;pct=100;sp=reject;aspf=s;" diff --git a/roles/nsd/templates/zones/sebicomics.com.zone.j2 b/roles/nsd/templates/zones/sebicomics.com.zone.j2 index cef1b4f..1a66fa3 100644 --- a/roles/nsd/templates/zones/sebicomics.com.zone.j2 +++ b/roles/nsd/templates/zones/sebicomics.com.zone.j2 @@ -8,16 +8,16 @@ $TTL 86400 ) {% for server in groups['nsdservers'] %} - IN NS {{ server }}. +@ IN NS {{ server }}. {% endfor %} $ORIGIN {{ item.name }}. -@ IN CAA 0 issue "letsencrypt.org" -@ IN A 82.66.135.228 -@ IN AAAA 2a01:e0a:9bd:2811::17 -@ IN MX 0 . -@ 3600 IN TXT "v=spf1 -all" -@ 3600 IN TXT "spf2.0/mfrom -all" +@ IN CAA 0 issue "letsencrypt.org" +@ IN A 82.66.135.228 +@ IN AAAA 2a01:e0a:9bd:2811::17 +@ IN MX 0 . +@ 3600 IN TXT "v=spf1 -all" +@ 3600 IN TXT "spf2.0/mfrom -all" _dmarc 3600 IN TXT "v=DMARC1;p=reject;pct=100;sp=reject;aspf=s;" -@ 3600 IN TXT "google-site-verification=Ptj7up6CWDNVy_AQjKrJf9yY08Tu7OTE30XIgG-ISGU" +@ 3600 IN TXT "google-site-verification=Ptj7up6CWDNVy_AQjKrJf9yY08Tu7OTE30XIgG-ISGU" {{ web_hostname_block }}