diff --git a/roles/srv-web-7-7-dns-records/README.md b/roles/srv-web-7-7-dns-records/README.md deleted file mode 100644 index ca2742d3..00000000 --- a/roles/srv-web-7-7-dns-records/README.md +++ /dev/null @@ -1,37 +0,0 @@ -# Cloudflare DNS Records - -## Description - -This Ansible role automates the management of DNS A-records in Cloudflare zones. It uses the [community.general.cloudflare_dns](https://docs.ansible.com/ansible/latest/collections/community/general/cloudflare_dns_module.html) module to create or update A-records for a list of domains, automatically detects the correct zone for each record, and supports configurable proxy settings. - -## Overview - -Looping over a provided list of domains (`cloudflare_domains`), this role: -- Determines the zone name by extracting the last two labels of each domain. -- Ensures an A-record for each domain points to the specified IP (`cloudflare_target_ip`). -- Honors the `proxied` flag to switch between DNS-only and Cloudflare-proxied modes. -- Provides an optional debug task (`MODE_DEBUG`) to output the domain list before changes. - -Ideal for environments where bulk or dynamic DNS updates are needed, this role abstracts away the complexity of Cloudflare’s zone and record API. - -## Purpose - -Cloudflare DNS Records delivers an idempotent, scalable solution for managing A-records across multiple Cloudflare zones. Whether you need to onboard hundreds of domains or toggle proxy settings in CI/CD pipelines, this role handles the orchestration and ensures consistency. - -## Features - -- **Automatic Zone Detection:** Parses each domain to derive its zone (`example.com`) without manual intervention. -- **Bulk Record Management:** Creates or updates A-records for all entries in `cloudflare_domains`. -- **Proxy Toggle:** Configure `proxied: true` or `false` per record to switch between DNS-only and proxied modes. -- **Debug Support:** Enable `MODE_DEBUG` to print the domain list for validation before execution. -- **Flexible Authentication:** Supports both API token (`api_token`) and Global API key + email. -- **Low-TTL Option:** Use `ttl: 1` for rapid DNS propagation during dynamic updates. - -## Author - -Kevin Veen-Birkenbach - -## License - -Infinito.Nexus NonCommercial License - \ No newline at end of file diff --git a/roles/srv-web-7-7-dns-records/meta/main.yml b/roles/srv-web-7-7-dns-records/meta/main.yml deleted file mode 100644 index c37a608f..00000000 --- a/roles/srv-web-7-7-dns-records/meta/main.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -galaxy_info: - author: "Kevin Veen-Birkenbach" - description: "Manages DNS A-records in Cloudflare zones." - license: "Infinito.Nexus NonCommercial License" - license_url: "https://s.infinito.nexus/license" - company: | - Kevin Veen-Birkenbach - Consulting & Coaching Solutions - https://www.veen.world - min_ansible_version: "2.9" - platforms: - - name: "All" - versions: - - "all" - galaxy_tags: - - "cloudflare" - - "dns" - - "records" - - "ansible" - - "network" - - "automation" - repository: "https://s.infinito.nexus/code" - issue_tracker_url: "https://s.infinito.nexus/issues" - documentation: "https://docs.infinito.nexus" -dependencies: [] \ No newline at end of file diff --git a/roles/srv-web-7-7-dns-records/tasks/main.yml b/roles/srv-web-7-7-dns-records/tasks/main.yml deleted file mode 100644 index 8754d608..00000000 --- a/roles/srv-web-7-7-dns-records/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ -# run_once_srv_web_7_7_dns_records: deactivated - -- name: Create or update Cloudflare A-record for {{ item }} - community.general.cloudflare_dns: - api_token: "{{ CLOUDFLARE_API_TOKEN }}" - zone: "{{ item.split('.')[-2:] | join('.') }}" - state: present - type: A - name: "{{ item }}" - content: "{{ cloudflare_target_ip }}" - ttl: 1 - proxied: "{{ cloudflare_proxied | int }}" - loop: "{{ cloudflare_domains }}" - loop_control: - label: "{{ item }}" - async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}" - poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}" \ No newline at end of file diff --git a/roles/web-app-gitea/tasks/main.yml b/roles/web-app-gitea/tasks/main.yml index 46e58eed..951fd558 100644 --- a/roles/web-app-gitea/tasks/main.yml +++ b/roles/web-app-gitea/tasks/main.yml @@ -58,10 +58,12 @@ - name: Include DNS role to register Gitea domain(s) include_role: - name: srv-web-7-7-dns-records + name: sys-dns-cloudflare-records vars: - CLOUDFLARE_API_TOKEN: "{{ CLOUDFLARE_API_TOKEN }}" - cloudflare_domains: "{{ [ domains | get_domain(application_id) ] }}" - cloudflare_target_ip: "{{ networks.internet.ip4 }}" - cloudflare_proxied: false + cloudflare_records: + - zone: "{{ domains | get_domain(application_id) | to_zone }}" + type: A + name: "{{ domains | get_domain(application_id) }}" + content: "{{ networks.internet.ip4 }}" + proxied: false # Necessary for SSH port when: DNS_PROVIDER == 'cloudflare' \ No newline at end of file diff --git a/roles/web-opt-rdr-www/tasks/main.yml b/roles/web-opt-rdr-www/tasks/main.yml index 8d4f2c3d..248e14d7 100644 --- a/roles/web-opt-rdr-www/tasks/main.yml +++ b/roles/web-opt-rdr-www/tasks/main.yml @@ -18,10 +18,21 @@ - name: Include DNS role to set redirects include_role: - name: srv-web-7-7-dns-records + name: sys-dns-cloudflare-records vars: - CLOUDFLARE_API_TOKEN: "{{ CLOUDFLARE_API_TOKEN }}" - cloudflare_domains: "{{ www_domains }}" - cloudflare_target_ip: "{{ networks.internet.ip4 }}" - cloudflare_proxied: false + cloudflare_records: | + {%- set bare = www_domains | map('regex_replace', '^www\\.(.+)$', '\\1') | list -%} + [ + {%- for d in bare -%} + { + "type": "A", + "zone": "{{ d | to_zone }}", + "name": "{{ d }}", + "content": "{{ networks.internet.ip4 }}", + "proxied": false, + "ttl": 1 + }{{ "," if not loop.last else "" }} + {%- endfor -%} + ] when: DNS_PROVIDER == 'cloudflare' + diff --git a/roles/web-opt-rdr-www/vars/main.yml b/roles/web-opt-rdr-www/vars/main.yml index a5e5e7a1..e1b3686e 100644 --- a/roles/web-opt-rdr-www/vars/main.yml +++ b/roles/web-opt-rdr-www/vars/main.yml @@ -1 +1,2 @@ -application_id: "web-opt-rdr-www" \ No newline at end of file +application_id: "web-opt-rdr-www" +REDIRECT_WWW_FLAVOR: "edge" \ No newline at end of file