mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-18 17:55:09 +02:00
Kevin Veen-Birkenbach
2620ee088e
- replaced CERTBOT_DNS_API_TOKEN with CLOUDFLARE_API_TOKEN everywhere - introduced generic sys-dns-cloudflare-records role for managing DNS records - added sys-dns-hetzner-rdns role with both Cloud (hcloud) and Robot API flavors - updated Mailu role to: - generate DKIM before DNS setup - delegate DNS + rDNS records to the new generic roles - removed legacy per-role Cloudflare vars (MAILU_CLOUDFLARE_API_TOKEN) - extended group vars with HOSTING_PROVIDER for rDNS flavor decision - added hetzner.hcloud collection to requirements This consolidates DNS management into reusable roles, supports both Cloudflare and Hetzner providers, and standardizes variable naming across the project.
51 lines
1.8 KiB
YAML
51 lines
1.8 KiB
YAML
# Initialize cache dict (works within the play; persists if fact cache is enabled)
|
|
- name: "Ensure cf_zone_ids cache dict exists"
|
|
set_fact:
|
|
cf_zone_ids: "{{ cf_zone_ids | default({}) }}"
|
|
|
|
# Use cached zone_id if available for the apex (to_primary_domain)
|
|
- name: "Load cf_zone_id from cache if present"
|
|
set_fact:
|
|
cf_zone_id: "{{ (cf_zone_ids | default({})).get(domain | to_primary_domain, false) }}"
|
|
|
|
# Only look up from Cloudflare if we still don't have it
|
|
- name: "Ensure Cloudflare Zone ID is known for '{{ domain }}'"
|
|
vars:
|
|
cf_api_url: "https://api.cloudflare.com/client/v4/zones"
|
|
ansible.builtin.uri:
|
|
url: "{{ cf_api_url }}?name={{ domain | to_primary_domain }}"
|
|
method: GET
|
|
headers:
|
|
Authorization: "Bearer {{ CLOUDFLARE_API_TOKEN }}"
|
|
Content-Type: "application/json"
|
|
return_content: yes
|
|
register: cf_zone_lookup_dev
|
|
changed_when: false
|
|
when:
|
|
- not cf_zone_id
|
|
no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
|
|
|
|
- name: "Set fact cf_zone_id and update cache dict"
|
|
set_fact:
|
|
cf_zone_id: "{{ cf_zone_lookup_dev.json.result[0].id }}"
|
|
cf_zone_ids: >-
|
|
{{ (cf_zone_ids | default({}))
|
|
| combine({ (domain | to_primary_domain): cf_zone_lookup_dev.json.result[0].id }) }}
|
|
when:
|
|
- not cf_zone_id
|
|
- cf_zone_lookup_dev.json.result | length > 0
|
|
|
|
- name: "Fail if no Cloudflare zone found for {{ domain | to_primary_domain }}"
|
|
ansible.builtin.fail:
|
|
msg: "No Cloudflare zone found for {{ domain | to_primary_domain }} — aborting!"
|
|
when:
|
|
- not cf_zone_id
|
|
- cf_zone_lookup_dev.json.result | length == 0
|
|
|
|
- name: activate cloudflare cache development mode
|
|
include_tasks: "cloudflare/02_enable_cf_dev_mode.yml"
|
|
when: (ENVIRONMENT | lower) == 'development'
|
|
|
|
- name: purge cloudflare domain cache
|
|
include_tasks: "cloudflare/01_cleanup.yml"
|
|
when: MODE_CLEANUP | bool |