refactor(dns): unify Cloudflare + Hetzner handling across roles

- replaced CERTBOT_DNS_API_TOKEN with CLOUDFLARE_API_TOKEN everywhere - introduced generic sys-dns-cloudflare-records role for managing DNS records - added sys-dns-hetzner-rdns role with both Cloud (hcloud) and Robot API flavors - updated Mailu role to: - generate DKIM before DNS setup - delegate DNS + rDNS records to the new generic roles - removed legacy per-role Cloudflare vars (MAILU_CLOUDFLARE_API_TOKEN) - extended group vars with HOSTING_PROVIDER for rDNS flavor decision - added hetzner.hcloud collection to requirements This consolidates DNS management into reusable roles, supports both Cloudflare and Hetzner providers, and standardizes variable naming across the project.
2025-08-29 15:06:26 +02:00 · 2025-08-16 21:43:01 +02:00
parent 838a55ea94
commit 2620ee088e
28 changed files with 437 additions and 159 deletions
--- a/roles/web-app-mailu/vars/main.yml
+++ b/roles/web-app-mailu/vars/main.yml
@@ -43,7 +43,6 @@ MAILU_SUBNET:                         "{{ networks.local['web-app-mailu'].subnet

 ## Credentials
 MAILU_SECRET_KEY:                     "{{ applications | get_app_conf(application_id,'credentials.secret_key') }}"
-MAILU_CLOUDFLARE_API_TOKEN:           "{{ CERTBOT_DNS_API_TOKEN }}"
 MAILU_API_TOKEN:                      "{{ applications | get_app_conf(application_id, 'credentials.api_token') }}"

 ## OIDC
@@ -55,16 +54,7 @@ MAILU_OIDC_ENABLE_USER_CREATION:      "{{ applications | get_app_conf(applicatio
 # @see https://github.com/heviat/Mailu-OIDC/tree/2024.06
 MAILU_DOCKER_FLAVOR:                  "{{ 'ghcr.io/heviat' if MAILU_OIDC_ENABLED | bool else 'ghcr.io/mailu' }}"

-MAILU_DMARC_RUF:     "{{ applications | get_app_conf(application_id, 'users.administrator.email') }}"
+MAILU_DMARC_RUF:                      "{{ applications | get_app_conf(application_id, 'users.administrator.email') }}"

-MAILU_DKIM_KEY_FILE: "{{ MAILU_DOMAIN }}.dkim.key"
-MAILU_DKIM_KEY_PATH: "/dkim/{{ MAILU_DKIM_KEY_FILE }}"
-
-MAILU_DNS_SRV_RECORDS:
-  submission:   { port: 587, priority: 20, weight: 1 }
-  submissions:  { port: 465, priority: 20, weight: 1 }
-  imaps:        { port: 993, priority: 20, weight: 1 }
-  imap:         { port: 143, priority: 20, weight: 1 }
-  pop3s:        { port: 995, priority: 20, weight: 1 }
-  pop3:         { port: 110, priority: 20, weight: 1 }
-  autodiscover: { port: 443, priority: 20, weight: 1 }
+MAILU_DKIM_KEY_FILE:                  "{{ MAILU_DOMAIN }}.dkim.key"
+MAILU_DKIM_KEY_PATH:                  "/dkim/{{ MAILU_DKIM_KEY_FILE }}"