Automate DKIM sync and add Hetzner resource labels
- Add dkim_sync.yml: generates DKIM keys for all mail_domains, writes keys to stack config (group_vars/all/dkim.yml), and publishes mail._domainkey TXT records via dns.yml — replaces manual vault editing - Remove dkim_keys from vault.yml.setup (public keys don't need encryption) - Add hcloud_labels to config.yml.setup and apply to server + SSH key in provision role, enabling project-level tagging of Hetzner resources - Fix setup.sh next steps: add missing bootstrap step, replace manual DKIM instructions with dkim_sync.yml - Update CLAUDE.md and README.md accordingly Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
b38cd94fc8
commit
bd90a7e16f
8 changed files with 89 additions and 30 deletions
|
|
@ -40,12 +40,14 @@ Note: Inventory and vault password are set via `ANSIBLE_INVENTORY` and `ANSIBLE_
|
|||
- `provision.yml` - Provision a cloud VM (Hetzner)
|
||||
- `dns.yml` - Manage DNS zones/records via Hetzner DNS API
|
||||
- `bootstrap.yml` - First-time server setup (run once as root before site.yml)
|
||||
- `dkim_sync.yml` - Fetch DKIM keys from mailserver and publish to DNS (run once after first mail deploy)
|
||||
|
||||
**Full deployment order** (fresh server):
|
||||
1. `provision.yml` - create server, auto-writes IP to hosts.yml and config.yml
|
||||
2. `dns.yml` - create DNS records
|
||||
3. `bootstrap.yml` - users, SSH hardening, packages, Docker (connects as root)
|
||||
4. `site.yml` - deploy all services
|
||||
5. `dkim_sync.yml` - generate DKIM keys, write to stack config, publish to DNS
|
||||
|
||||
**Playbook Execution Order** (via `site.yml`):
|
||||
1. networks.yml - Pre-create all Docker networks (must run before any service)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue