Automate DKIM sync and add Hetzner resource labels
- Add dkim_sync.yml: generates DKIM keys for all mail_domains, writes keys to stack config (group_vars/all/dkim.yml), and publishes mail._domainkey TXT records via dns.yml — replaces manual vault editing - Remove dkim_keys from vault.yml.setup (public keys don't need encryption) - Add hcloud_labels to config.yml.setup and apply to server + SSH key in provision role, enabling project-level tagging of Hetzner resources - Fix setup.sh next steps: add missing bootstrap step, replace manual DKIM instructions with dkim_sync.yml - Update CLAUDE.md and README.md accordingly Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
b38cd94fc8
commit
bd90a7e16f
8 changed files with 89 additions and 30 deletions
|
|
@ -4,13 +4,7 @@
|
|||
# Zone definitions live in $LINDERHOF_DIR/group_vars/all/dns.yml
|
||||
# (generated from inventory/group_vars/all/dns.yml.setup by setup.sh).
|
||||
#
|
||||
# To add DKIM keys after first mail deployment:
|
||||
# docker exec mailserver cat /tmp/docker-mailserver/rspamd/dkim/<domain>/mail.pub
|
||||
# Then add to vault.yml:
|
||||
# ansible-vault edit $LINDERHOF_DIR/group_vars/all/vault.yml
|
||||
# dkim_keys:
|
||||
# example.com: "v=DKIM1; k=rsa; p=..."
|
||||
# And uncomment the mail._domainkey record in dns.yml.
|
||||
# DKIM records are managed automatically by dkim_sync.yml — do not add manually.
|
||||
#
|
||||
# Usage: ansible-playbook playbooks/dns.yml
|
||||
- name: Manage DNS zones on Hetzner Cloud
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue