---
# ============================================================
# Linderhof DNS Zones
# ============================================================
# Generated by setup.sh — edit to match your DNS needs.
# This file is loaded automatically by Ansible as part of group_vars.
#
# After first mail deployment, retrieve DKIM keys with:
#   docker exec mailserver cat /tmp/docker-mailserver/rspamd/dkim/$domain/mail.pub
# Add them to vault.yml and uncomment the mail._domainkey records below.
# ============================================================

dns_zones:
  - zone: $domain
    records:
      # Root domain
      - name: "@"
        type: A
        records:
          - value: $server_ip

      - name: "@"
        type: MX
        records:
          - value: "10 {{ mail_hostname }}."

      - name: "@"
        type: TXT
        records:
          - value: "{{ 'v=spf1 mx -all' | hetzner.hcloud.txt_record }}"

      # Server A record
      - name: $server_name
        type: A
        records:
          - value: $server_ip

      - name: www
        type: A
        records:
          - value: $server_ip

      # Mail subdomain A record (for the mail hostname itself)
      - name: "{{ mail_hostname.split('.')[0] }}"
        type: A
        records:
          - value: $server_ip

      # Service CNAMEs
      - name: webmail
        type: CNAME
        records:
          - value: $server_name.$domain.

      - name: code
        type: CNAME
        records:
          - value: $server_name.$domain.

      - name: watch
        type: CNAME
        records:
          - value: $server_name.$domain.

      - name: rspamd
        type: CNAME
        records:
          - value: $server_name.$domain.

      - name: stats
        type: CNAME
        records:
          - value: $server_name.$domain.

      - name: chat
        type: CNAME
        records:
          - value: $server_name.$domain.

      - name: cal
        type: CNAME
        records:
          - value: $server_name.$domain.

      # DMARC
      - name: _dmarc
        type: TXT
        records:
          - value: "{{ 'v=DMARC1; p=none; rua=mailto:dmarc@$domain' | hetzner.hcloud.txt_record }}"

      # DKIM — uncomment after first mail deployment and add key to vault.yml
      # - name: mail._domainkey
      #   type: TXT
      #   records:
      #     - value: "{{ dkim_keys['$domain'] | hetzner.hcloud.txt_record }}"

# Extra domains (additional mail-hosted domains) — add as needed:
# - zone: example2.com
#   records:
#     - name: "@"
#       type: A
#       records:
#         - value: $server_ip
#
#     - name: "@"
#       type: MX
#       records:
#         - value: "10 {{ mail_hostname }}."
#
#     - name: "@"
#       type: TXT
#       records:
#         - value: "{{ 'v=spf1 mx -all' | hetzner.hcloud.txt_record }}"
#
#     - name: www
#       type: CNAME
#       records:
#         - value: example2.com.
#
#     - name: _dmarc
#       type: TXT
#       records:
#         - value: "{{ 'v=DMARC1; p=none; rua=mailto:dmarc@example2.com' | hetzner.hcloud.txt_record }}"
#
#     # - name: mail._domainkey
#     #   type: TXT
#     #   records:
#     #     - value: "{{ dkim_keys['example2.com'] | hetzner.hcloud.txt_record }}"