From 08990fc5461622996cbb7ebb6867b73636d3c446 Mon Sep 17 00:00:00 2001 From: Aaron LI Date: Sat, 21 Sep 2019 17:49:12 +0800 Subject: zones/liwt.net: Do not hardcode subdomains Also reject the 'mail' subdomain from creating the CNAME record, because the 'mail' is used to create the MX record. --- roles/dns/templates/zones/liwt.net.zone.j2 | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/roles/dns/templates/zones/liwt.net.zone.j2 b/roles/dns/templates/zones/liwt.net.zone.j2 index b49c76f..e33948b 100644 --- a/roles/dns/templates/zones/liwt.net.zone.j2 +++ b/roles/dns/templates/zones/liwt.net.zone.j2 @@ -34,10 +34,20 @@ $TTL {{ dns.ttl }} @ IN A {{ network.ipv4.address }} @ IN AAAA {{ network.ipv6.address }} -{% for name in ["vultr", "www", "git", "dav", "*"] %} +{% set subdomains = [] %} +{% for name in domains -%} + {%- if name["name"] == domain -%} + {%- for sub in name["sub"] -%} + {{ subdomains.append(sub) }} + {%- endfor -%} + {%- endif -%} +{%- endfor %} +{% for name in subdomains | reject("==", "mail") | list %} {{ name }} IN CNAME @ {% endfor %} +* IN CNAME @ + ; Mail server {% if domain == network.domain %} mail IN A {{ network.ipv4.address }} @@ -48,11 +58,11 @@ mail IN AAAA {{ network.ipv6.address }} @ IN TXT "google-site-verification={{ mail['google-site-verification'][domain] }}" {% set ruatxt = " rua=mailto:" + mail.dmarc.rua[domain] + ";" %} {% set ruf = mail.dmarc.ruf | default({}) %} -{% if ruf[domain] is defined %} -{% set ruftxt = " ruf=mailto:" + ruf[domain] + ";" %} -{% else %} -{% set ruftxt = "" %} -{% endif %} +{% if ruf[domain] is defined -%} + {%- set ruftxt = " ruf=mailto:" + ruf[domain] + ";" -%} +{%- else -%} + {%- set ruftxt = "" -%} +{%- endif %} _dmarc IN TXT "v=DMARC1; p={{ mail.dmarc.p }}; sp={{ mail.dmarc.sp }}; pct={{ mail.dmarc.pct }}; adkim={{ mail.dmarc.adkim }}; aspf={{ mail.dmarc.aspf }}; fo={{ mail.dmarc.fo }};{{ ruatxt }}{{ ruftxt }}" {% if domain_key is defined %} {{ domain_key | dkim_record(selector=mail.dkim.selector) | join("\n") }} -- cgit v1.2.2