Matthias Johnson
b38cd94fc8
- Seed postfix-accounts.cf before mailserver start to satisfy Dovecot's requirement for at least one account on first boot - Add failed_when: false to mail user/alias list tasks (files don't exist on first run) - Add forgejo_runner_version (was undefined); default to 12 - Create /srv/forgejo/data/gitea/conf before deploying app.ini - Decouple goaccess sync from restic: new enable_goaccess_sync flag with its own goaccess_sync_* variables - Move Docker installation to bootstrap exclusively; rename docker.yml to networks.yml (runs docker_network role only) - Add radicale_password to vault template and setup.sh - Fix goaccess sync tasks gated on enable_goaccess_sync - Add upstream bug comment to authorized_key deprecation warning - Update CLAUDE.md and README.md throughout Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
103 lines
2.8 KiB
Text
103 lines
2.8 KiB
Text
---
|
|
# ============================================================
|
|
# Linderhof DNS Zones
|
|
# ============================================================
|
|
# Generated by setup.sh — edit to match your DNS needs.
|
|
# This file is loaded automatically by Ansible as part of group_vars.
|
|
#
|
|
# After first mail deployment, retrieve DKIM keys with:
|
|
# docker exec mailserver cat /tmp/docker-mailserver/rspamd/dkim/$domain/mail.pub
|
|
# Then add them to vault.yml under dkim_keys:
|
|
# dkim_keys:
|
|
# $domain: "v=DKIM1; k=rsa; p=..."
|
|
# The mail._domainkey record will be created automatically on next dns.yml run.
|
|
# ============================================================
|
|
|
|
dns_zones:
|
|
- zone: $domain
|
|
records:
|
|
# Root domain
|
|
- name: "@"
|
|
type: A
|
|
records:
|
|
- value: "{{ server_ip }}"
|
|
|
|
- name: "@"
|
|
type: MX
|
|
when: "{{ enable_mail | default(false) }}"
|
|
records:
|
|
- value: "10 {{ mail_hostname }}."
|
|
|
|
- name: "@"
|
|
type: TXT
|
|
when: "{{ enable_mail | default(false) }}"
|
|
records:
|
|
- value: "{{ 'v=spf1 mx -all' | hetzner.hcloud.txt_record }}"
|
|
|
|
# Server A record
|
|
- name: $server_name
|
|
type: A
|
|
records:
|
|
- value: "{{ server_ip }}"
|
|
|
|
- name: www
|
|
type: A
|
|
records:
|
|
- value: "{{ server_ip }}"
|
|
|
|
# Mail subdomain A record
|
|
- name: "{{ mail_hostname.split('.')[0] }}"
|
|
type: A
|
|
when: "{{ enable_mail | default(false) }}"
|
|
records:
|
|
- value: "{{ server_ip }}"
|
|
|
|
# Service CNAMEs
|
|
- name: webmail
|
|
type: CNAME
|
|
when: "{{ enable_mail | default(false) }}"
|
|
records:
|
|
- value: $server_name.$domain.
|
|
|
|
- name: code
|
|
type: CNAME
|
|
when: "{{ enable_forgejo | default(false) }}"
|
|
records:
|
|
- value: $server_name.$domain.
|
|
|
|
- name: watch
|
|
type: CNAME
|
|
when: "{{ enable_monitoring | default(false) }}"
|
|
records:
|
|
- value: $server_name.$domain.
|
|
|
|
- name: rspamd
|
|
type: CNAME
|
|
when: "{{ enable_mail | default(false) }}"
|
|
records:
|
|
- value: $server_name.$domain.
|
|
|
|
- name: stats
|
|
type: CNAME
|
|
when: "{{ enable_goaccess | default(false) }}"
|
|
records:
|
|
- value: $server_name.$domain.
|
|
|
|
- name: chat
|
|
type: CNAME
|
|
when: "{{ enable_tuwunel | default(false) }}"
|
|
records:
|
|
- value: $server_name.$domain.
|
|
|
|
- name: cal
|
|
type: CNAME
|
|
when: "{{ enable_radicale | default(false) }}"
|
|
records:
|
|
- value: $server_name.$domain.
|
|
|
|
# DMARC
|
|
- name: _dmarc
|
|
type: TXT
|
|
when: "{{ enable_mail | default(false) }}"
|
|
records:
|
|
- value: "{{ 'v=DMARC1; p=none; rua=mailto:dmarc@$domain' | hetzner.hcloud.txt_record }}"
|