Automate DKIM sync and add Hetzner resource labels

- Add dkim_sync.yml: generates DKIM keys for all mail_domains, writes keys to stack config (group_vars/all/dkim.yml), and publishes mail._domainkey TXT records via dns.yml — replaces manual vault editing - Remove dkim_keys from vault.yml.setup (public keys don't need encryption) - Add hcloud_labels to config.yml.setup and apply to server + SSH key in provision role, enabling project-level tagging of Hetzner resources - Fix setup.sh next steps: add missing bootstrap step, replace manual DKIM instructions with dkim_sync.yml - Update CLAUDE.md and README.md accordingly Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-28 19:06:24 -07:00 · 2026-02-28 19:06:24 -07:00 · bd90a7e16f
commit bd90a7e16f
parent b38cd94fc8
8 changed files with 89 additions and 30 deletions
--- a/roles/provision/tasks/hetzner.yml
+++ b/roles/provision/tasks/hetzner.yml
@ -3,6 +3,7 @@
  hetzner.hcloud.ssh_key:
    name: "{{ admin_user }}"
    public_key: "{{ admin_ssh_key }}"
+    labels: "{{ hcloud_labels }}"
    api_token: "{{ hcloud_token }}"
    state: present

@ -14,6 +15,7 @@
    location: "{{ hcloud_location }}"
    ssh_keys:
      - "{{ admin_user }}"
+    labels: "{{ hcloud_labels }}"
    api_token: "{{ hcloud_token }}"
    state: present
  register: server_result