aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--host_vars/vultr24
-rw-r--r--roles/dns/templates/zones/aaronly.me.zone.j242
-rw-r--r--roles/dns/templates/zones/liwt.net.zone.j218
3 files changed, 80 insertions, 4 deletions
diff --git a/host_vars/vultr b/host_vars/vultr
index 154ffac..0407938 100644
--- a/host_vars/vultr
+++ b/host_vars/vultr
@@ -1,3 +1,4 @@
+# -*- mode: yaml; -*-
---
ansible_ssh_host: vultr.liwt.net
ansible_ssh_port: 8864
@@ -42,6 +43,29 @@ nameservers:
- ns1.1984.is
- ns2.1984.is
+mail:
+ domains:
+ - liwt.net
+ - aaronly.me
+ dkim:
+ selector: mail
+ bits: 2048
+ port: 8901
+ dmarc:
+ p: none # policy for the domain
+ sp: none # policy for subdomains of this domain
+ aspf: r # alignment mode for SPF (r: relaxed; s: strict)
+ pct: 100 # percent of messages subjected to filtering
+ # reporting URI of aggregate reports
+ # Free DMARC weekly digests by https://dmarc.postmarkapp.com/
+ rua:
+ liwt.net: ???
+ aaronly.me: re+f6lpmirefcg@dmarc.postmarkapp.com
+ # To avoid trashing by GMail
+ google-site-verification:
+ liwt.net: ???
+ aaronly.me: rSh99lenrfS-HnzvEahEDYTj9UvoKeX4NdWmDzD-pxo
+
shadowsocks:
port: 8989
password: "???"
diff --git a/roles/dns/templates/zones/aaronly.me.zone.j2 b/roles/dns/templates/zones/aaronly.me.zone.j2
new file mode 100644
index 0000000..02b5e9b
--- /dev/null
+++ b/roles/dns/templates/zones/aaronly.me.zone.j2
@@ -0,0 +1,42 @@
+; -*- mode: dns; -*-
+; {{ ansible_managed }}
+{% set domain = "aaronly.me" %}
+{% set hostmaster = "hostmaster." + network.domain %}
+$ORIGIN {{ domain }}.
+$TTL 1h
+
+@ IN SOA {{ nameservers[0].ns[0] }}. {{ hostmaster }}. (
+ {{ domain | next_serial }} ; serial number
+ 1d ; refresh
+ 2h ; retry
+ 4w ; expire
+ 1h ; minimum
+ )
+
+; Name servers
+{% for server in nameservers %}
+{% for ns in server.ns %}
+@ IN NS {{ ns }}. ; {{ server.name }}
+{% endfor %}
+{% endfor %}
+
+@ IN A {{ network.ipv4.address }}
+@ IN AAAA {{ network.ipv6.address }}
+dorm-x42 IN A 58.196.142.84
+office IN A 202.120.52.45
+cluster IN A 202.120.52.63
+liteserver IN A 5.2.70.218
+
+www IN CNAME @
+* IN CNAME @
+
+; Mail server
+{% if domain != network.domain %}
+@ IN MX 10 mail.{{ network.domain }}.
+{% endif %}
+@ IN TXT "v=spf1 mx -all"
+@ IN TXT "google-site-verification={{ mail['google-site-verification'][domain] }}"
+_dmarc IN TXT "v=DMARC1; p={{ mail.dmarc.p }}; sp={{ mail.dmarc.sp }}; pct={{ mail.dmarc.pct }}; aspf={{ mail.dmarc.aspf }}; rua=mailto:{{ mail.dmarc.rua[domain] }};"
+{{ mail.dkim.selector }}._domainkey IN TXT "v=DKIM1; k=rsa; s={{ mail.dkim.selector }}; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7LZbXj5HBjT5yoMCnCd5eBLBZ1s/WP0hPQSignjEu4pCtOsPf7f/knhDDD7eMOSlOAa91Dq6e8B0aNKfV2m7e88SvHLnWVhH+kUNIdSQRTrTL6Pt1WAH0XjgDcd0f2MB+ho5GIeRJnLWHoRtrSUoBKgMxnvW8aco/Z/z0/qn5Tcsrz7wP/W7c/eX38SRuanrKUVnE8FqvvshZzaPfqe46WrqKDI6mfeYa0up/1ikUWgAHKVZEXTUCPVBUXxHbyK7a6MgZW+BYkYEeypMnYViq9k+TIHNNjlGbOLXqujn2j/L0r7ORjZX16C1qNf54qvMeklDK1+8KW872F6s+kVKwIDAQAB"
+
+; vim: set ft=bindzone:
diff --git a/roles/dns/templates/zones/liwt.net.zone.j2 b/roles/dns/templates/zones/liwt.net.zone.j2
index fc44279..02e649c 100644
--- a/roles/dns/templates/zones/liwt.net.zone.j2
+++ b/roles/dns/templates/zones/liwt.net.zone.j2
@@ -1,6 +1,7 @@
+; -*- mode: dns; -*-
+; {{ ansible_managed }}
{% set domain = "liwt.net" %}
{% set hostmaster = "hostmaster." + network.domain %}
-; {{ ansible_managed }}
$ORIGIN {{ domain }}.
$TTL 1h
@@ -24,6 +25,7 @@ $TTL 1h
1h ; minimum
)
+; Name servers
{% for server in nameservers %}
{% for ns in server.ns %}
@ IN NS {{ ns }}. ; {{ server.name }}
@@ -32,15 +34,23 @@ $TTL 1h
@ IN A {{ network.ipv4.address }}
@ IN AAAA {{ network.ipv6.address }}
-mail IN A {{ network.ipv4.address }}
-mail IN AAAA {{ network.ipv6.address }}
+vultr IN CNAME @
www IN CNAME @
git IN CNAME @
-vultr IN CNAME @
+carddav IN CNAME @
+caldav IN CNAME @
* IN CNAME @
+; Mail server
+{% if domain == network.domain %}
+mail IN A {{ network.ipv4.address }}
+mail IN AAAA {{ network.ipv6.address }}
@ IN MX 10 mail
+{% endif %}
@ IN TXT "v=spf1 mx -all"
+@ IN TXT "google-site-verification={{ mail['google-site-verification'][domain] }}"
+_dmarc IN TXT "v=DMARC1; p={{ mail.dmarc.p }}; sp={{ mail.dmarc.sp }}; pct={{ mail.dmarc.pct }}; aspf={{ mail.dmarc.aspf }}; rua=mailto:{{ mail.dmarc.rua[domain] }};"
+{{ mail.dkim.selector }}._domainkey IN TXT "v=DKIM1; k=rsa; s={{ mail.dkim.selector }}; p=???"
; vim: set ft=bindzone:
Copyright © 2017-2018 Aaron LI. All Rights Reserved.