initial commit

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-27 15:09:25 -07:00 · 2026-02-27 15:09:25 -07:00 · 75891c3271
commit 75891c3271
129 changed files with 8046 additions and 0 deletions
--- a/inventory/group_vars/all/dns.yml.setup
+++ b/inventory/group_vars/all/dns.yml.setup
@ -0,0 +1,128 @@
+---
+# ============================================================
+# Linderhof DNS Zones
+# ============================================================
+# Generated by setup.sh — edit to match your DNS needs.
+# This file is loaded automatically by Ansible as part of group_vars.
+#
+# After first mail deployment, retrieve DKIM keys with:
+#   docker exec mailserver cat /tmp/docker-mailserver/rspamd/dkim/$domain/mail.pub
+# Add them to vault.yml and uncomment the mail._domainkey records below.
+# ============================================================
+
+dns_zones:
+  - zone: $domain
+    records:
+      # Root domain
+      - name: "@"
+        type: A
+        records:
+          - value: $server_ip
+
+      - name: "@"
+        type: MX
+        records:
+          - value: "10 {{ mail_hostname }}."
+
+      - name: "@"
+        type: TXT
+        records:
+          - value: "{{ 'v=spf1 mx -all' | hetzner.hcloud.txt_record }}"
+
+      # Server A record
+      - name: $server_name
+        type: A
+        records:
+          - value: $server_ip
+
+      - name: www
+        type: A
+        records:
+          - value: $server_ip
+
+      # Mail subdomain A record (for the mail hostname itself)
+      - name: "{{ mail_hostname.split('.')[0] }}"
+        type: A
+        records:
+          - value: $server_ip
+
+      # Service CNAMEs
+      - name: webmail
+        type: CNAME
+        records:
+          - value: $server_name.$domain.
+
+      - name: code
+        type: CNAME
+        records:
+          - value: $server_name.$domain.
+
+      - name: watch
+        type: CNAME
+        records:
+          - value: $server_name.$domain.
+
+      - name: rspamd
+        type: CNAME
+        records:
+          - value: $server_name.$domain.
+
+      - name: stats
+        type: CNAME
+        records:
+          - value: $server_name.$domain.
+
+      - name: chat
+        type: CNAME
+        records:
+          - value: $server_name.$domain.
+
+      - name: cal
+        type: CNAME
+        records:
+          - value: $server_name.$domain.
+
+      # DMARC
+      - name: _dmarc
+        type: TXT
+        records:
+          - value: "{{ 'v=DMARC1; p=none; rua=mailto:dmarc@$domain' | hetzner.hcloud.txt_record }}"
+
+      # DKIM — uncomment after first mail deployment and add key to vault.yml
+      # - name: mail._domainkey
+      #   type: TXT
+      #   records:
+      #     - value: "{{ dkim_keys['$domain'] | hetzner.hcloud.txt_record }}"
+
+# Extra domains (additional mail-hosted domains) — add as needed:
+# - zone: example2.com
+#   records:
+#     - name: "@"
+#       type: A
+#       records:
+#         - value: $server_ip
+#
+#     - name: "@"
+#       type: MX
+#       records:
+#         - value: "10 {{ mail_hostname }}."
+#
+#     - name: "@"
+#       type: TXT
+#       records:
+#         - value: "{{ 'v=spf1 mx -all' | hetzner.hcloud.txt_record }}"
+#
+#     - name: www
+#       type: CNAME
+#       records:
+#         - value: example2.com.
+#
+#     - name: _dmarc
+#       type: TXT
+#       records:
+#         - value: "{{ 'v=DMARC1; p=none; rua=mailto:dmarc@example2.com' | hetzner.hcloud.txt_record }}"
+#
+#     # - name: mail._domainkey
+#     #   type: TXT
+#     #   records:
+#     #     - value: "{{ dkim_keys['example2.com'] | hetzner.hcloud.txt_record }}"