diff options
author | Aaron LI <aly@aaronly.me> | 2019-09-21 17:49:12 +0800 |
---|---|---|
committer | Aaron LI <aly@aaronly.me> | 2019-09-21 17:49:12 +0800 |
commit | 08990fc5461622996cbb7ebb6867b73636d3c446 (patch) | |
tree | 8793ace1fd1d93cc9fffb9b8a27cc0ba7682608a /roles/dns | |
parent | 46cfbbc64f1aa1af1892401436c6d85f7d8ca810 (diff) | |
download | ansible-dfly-vps-08990fc5461622996cbb7ebb6867b73636d3c446.tar.bz2 |
zones/liwt.net: Do not hardcode subdomains
Also reject the 'mail' subdomain from creating the CNAME record, because
the 'mail' is used to create the MX record.
Diffstat (limited to 'roles/dns')
-rw-r--r-- | roles/dns/templates/zones/liwt.net.zone.j2 | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/roles/dns/templates/zones/liwt.net.zone.j2 b/roles/dns/templates/zones/liwt.net.zone.j2 index b49c76f..e33948b 100644 --- a/roles/dns/templates/zones/liwt.net.zone.j2 +++ b/roles/dns/templates/zones/liwt.net.zone.j2 @@ -34,10 +34,20 @@ $TTL {{ dns.ttl }} @ IN A {{ network.ipv4.address }} @ IN AAAA {{ network.ipv6.address }} -{% for name in ["vultr", "www", "git", "dav", "*"] %} +{% set subdomains = [] %} +{% for name in domains -%} + {%- if name["name"] == domain -%} + {%- for sub in name["sub"] -%} + {{ subdomains.append(sub) }} + {%- endfor -%} + {%- endif -%} +{%- endfor %} +{% for name in subdomains | reject("==", "mail") | list %} {{ name }} IN CNAME @ {% endfor %} +* IN CNAME @ + ; Mail server {% if domain == network.domain %} mail IN A {{ network.ipv4.address }} @@ -48,11 +58,11 @@ mail IN AAAA {{ network.ipv6.address }} @ IN TXT "google-site-verification={{ mail['google-site-verification'][domain] }}" {% set ruatxt = " rua=mailto:" + mail.dmarc.rua[domain] + ";" %} {% set ruf = mail.dmarc.ruf | default({}) %} -{% if ruf[domain] is defined %} -{% set ruftxt = " ruf=mailto:" + ruf[domain] + ";" %} -{% else %} -{% set ruftxt = "" %} -{% endif %} +{% if ruf[domain] is defined -%} + {%- set ruftxt = " ruf=mailto:" + ruf[domain] + ";" -%} +{%- else -%} + {%- set ruftxt = "" -%} +{%- endif %} _dmarc IN TXT "v=DMARC1; p={{ mail.dmarc.p }}; sp={{ mail.dmarc.sp }}; pct={{ mail.dmarc.pct }}; adkim={{ mail.dmarc.adkim }}; aspf={{ mail.dmarc.aspf }}; fo={{ mail.dmarc.fo }};{{ ruatxt }}{{ ruftxt }}" {% if domain_key is defined %} {{ domain_key | dkim_record(selector=mail.dkim.selector) | join("\n") }} |