aboutsummaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorAaron LI <aly@aaronly.me>2019-09-21 17:49:12 +0800
committerAaron LI <aly@aaronly.me>2019-09-21 17:49:12 +0800
commit08990fc5461622996cbb7ebb6867b73636d3c446 (patch)
tree8793ace1fd1d93cc9fffb9b8a27cc0ba7682608a /roles
parent46cfbbc64f1aa1af1892401436c6d85f7d8ca810 (diff)
downloadansible-dfly-vps-08990fc5461622996cbb7ebb6867b73636d3c446.tar.bz2
zones/liwt.net: Do not hardcode subdomains
Also reject the 'mail' subdomain from creating the CNAME record, because the 'mail' is used to create the MX record.
Diffstat (limited to 'roles')
-rw-r--r--roles/dns/templates/zones/liwt.net.zone.j222
1 files changed, 16 insertions, 6 deletions
diff --git a/roles/dns/templates/zones/liwt.net.zone.j2 b/roles/dns/templates/zones/liwt.net.zone.j2
index b49c76f..e33948b 100644
--- a/roles/dns/templates/zones/liwt.net.zone.j2
+++ b/roles/dns/templates/zones/liwt.net.zone.j2
@@ -34,10 +34,20 @@ $TTL {{ dns.ttl }}
@ IN A {{ network.ipv4.address }}
@ IN AAAA {{ network.ipv6.address }}
-{% for name in ["vultr", "www", "git", "dav", "*"] %}
+{% set subdomains = [] %}
+{% for name in domains -%}
+ {%- if name["name"] == domain -%}
+ {%- for sub in name["sub"] -%}
+ {{ subdomains.append(sub) }}
+ {%- endfor -%}
+ {%- endif -%}
+{%- endfor %}
+{% for name in subdomains | reject("==", "mail") | list %}
{{ name }} IN CNAME @
{% endfor %}
+* IN CNAME @
+
; Mail server
{% if domain == network.domain %}
mail IN A {{ network.ipv4.address }}
@@ -48,11 +58,11 @@ mail IN AAAA {{ network.ipv6.address }}
@ IN TXT "google-site-verification={{ mail['google-site-verification'][domain] }}"
{% set ruatxt = " rua=mailto:" + mail.dmarc.rua[domain] + ";" %}
{% set ruf = mail.dmarc.ruf | default({}) %}
-{% if ruf[domain] is defined %}
-{% set ruftxt = " ruf=mailto:" + ruf[domain] + ";" %}
-{% else %}
-{% set ruftxt = "" %}
-{% endif %}
+{% if ruf[domain] is defined -%}
+ {%- set ruftxt = " ruf=mailto:" + ruf[domain] + ";" -%}
+{%- else -%}
+ {%- set ruftxt = "" -%}
+{%- endif %}
_dmarc IN TXT "v=DMARC1; p={{ mail.dmarc.p }}; sp={{ mail.dmarc.sp }}; pct={{ mail.dmarc.pct }}; adkim={{ mail.dmarc.adkim }}; aspf={{ mail.dmarc.aspf }}; fo={{ mail.dmarc.fo }};{{ ruatxt }}{{ ruftxt }}"
{% if domain_key is defined %}
{{ domain_key | dkim_record(selector=mail.dkim.selector) | join("\n") }}