kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactor(dns): unify Cloudflare + Hetzner handling across roles

Browse Source 
- replaced CERTBOT_DNS_API_TOKEN with CLOUDFLARE_API_TOKEN everywhere
- introduced generic sys-dns-cloudflare-records role for managing DNS records
- added sys-dns-hetzner-rdns role with both Cloud (hcloud) and Robot API flavors
- updated Mailu role to:
  - generate DKIM before DNS setup
  - delegate DNS + rDNS records to the new generic roles
- removed legacy per-role Cloudflare vars (MAILU_CLOUDFLARE_API_TOKEN)
- extended group vars with HOSTING_PROVIDER for rDNS flavor decision
- added hetzner.hcloud collection to requirements

This consolidates DNS management into reusable roles,
supports both Cloudflare and Hetzner providers,
and standardizes variable naming across the project.
This commit is contained in:
Kevin Veen-Birkenbach
2025-08-16 21:43:01 +02:00
parent 838a55ea94
commit 2620ee088e
28 changed files with 437 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
roles/sys-dns-hetzner-rdns/tasks/flavors/robot.yml Normal file
View File

@@ -0,0 +1,42 @@
---
# Robot flavor (Robot Webservice API)
- name: Assert Robot credentials present
ansible.builtin.assert:
that:
- (HETZNER_ROBOT_USER | default('') | length) > 0
- (HETZNER_ROBOT_PASSWORD | default('') | length) > 0
fail_msg: "Robot credentials required: HETZNER_ROBOT_USER / HETZNER_ROBOT_PASSWORD."
no_log: "{{ hetzner_no_log | bool }}"
- name: Validate records (robot)
ansible.builtin.assert:
that:
- rdns_records | length > 0
- (rdns_records | selectattr('ip_address','defined') | list | length) == (rdns_records | length)
- (rdns_records | selectattr('dns_ptr','defined') | list | length) == (rdns_records | length)
fail_msg: "Each record must have ip_address and dns_ptr for Robot rDNS."
no_log: "{{ hetzner_no_log | bool }}"
- name: Apply rDNS via Hetzner Robot API
vars:
hetzner_robot_base_url: "{{ HETZNER_ROBOT_BASE_URL }}"
ip_path: "{{ item.ip_address | urlencode }}"
ansible.builtin.uri:
url: "{{ hetzner_robot_base_url }}/rdns/{{ ip_path }}"
method: POST
user: "{{ HETZNER_ROBOT_USER }}"
password: "{{ HETZNER_ROBOT_PASSWORD }}"
force_basic_auth: true
headers:
Accept: application/json
body_format: form-urlencoded
body:
ptr: "{{ item.dns_ptr }}"
status_code: [200, 201]
loop: "{{ rdns_records }}"
loop_control:
label: "{{ item.ip_address }} -> {{ item.dns_ptr }}"
async: "{{ hetzner_async_enabled | ternary(hetzner_async_time, omit) }}"
poll: "{{ hetzner_async_enabled | ternary(hetzner_async_poll, omit) }}"
no_log: "{{ hetzner_no_log | bool }}"