kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-31 10:19:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

sys-svc-dns: add apex A/AAAA records for SYS_SVC_DNS_BASE_DOMAINS via task_include

Browse Source 
This update introduces apex (@) A and optional AAAA records for all base SLD domains.
The tasks were moved into a new 02_apex.yml file and are looped using
SYS_SVC_DNS_BASE_DOMAINS. CAA record loops were updated accordingly.
See details: https://chatgpt.com/share/68c385c3-1804-800f-8c78-8614bc853f77
This commit is contained in:
Kevin Veen-Birkenbach
2025-09-12 04:30:59 +02:00
parent fcc9dc71ef
commit cce33373ba
4 changed files with 44 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
roles/sys-svc-dns/tasks/01_core.yml
View File

@@ -5,6 +5,13 @@
The variable "CLOUDFLARE_API_TOKEN" must be defined and cannot be empty!
when: (CLOUDFLARE_API_TOKEN|default('')|trim) == ''
- name: "Apply apex A/AAAA for base domains"
include_tasks: 02_apex.yml
loop: "{{ SYS_SVC_DNS_BASE_DOMAINS | list }}"
loop_control:
loop_var: base_domain
label: "{{ base_domain }}"
- name: "Ensure all CAA records are present"
community.general.cloudflare_dns:
api_token: "{{ CLOUDFLARE_API_TOKEN }}"
@@ -16,7 +23,7 @@
value: "{{ item.1.value }}"
ttl: 1
state: present
loop: "{{ base_sld_domains | product(caa_entries) | list }}"
loop: "{{ SYS_SVC_DNS_BASE_DOMAINS | product(caa_entries) | list }}"
loop_control:
label: "{{ item.0 }} → {{ item.1.tag }}"
async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"

28
roles/sys-svc-dns/tasks/02_apex.yml Normal file
View File

@@ -0,0 +1,28 @@
---
- name: "Ensure A @ for {{ base_domain }}"
community.general.cloudflare_dns:
api_token: "{{ CLOUDFLARE_API_TOKEN }}"
zone: "{{ base_domain }}"
type: A
name: "@"
content: "{{ networks.internet.ip4 }}"
proxied: false
ttl: 1
state: present
async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
- name: "Ensure AAAA @ for {{ base_domain }} (if IPv6 is global)"
community.general.cloudflare_dns:
api_token: "{{ CLOUDFLARE_API_TOKEN }}"
zone: "{{ base_domain }}"
type: AAAA
name: "@"
content: "{{ networks.internet.ip6 }}"
proxied: false
ttl: 1
state: present
when:
- (networks.internet.ip6 | default('') | trim) != ''
async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"