Commit e92c4744 authored by nimrod's avatar nimrod
Browse files

nehes.co. 

- New DNS zone for nehes.co.
- Certificates for *.nehes.co.
parent c7c1a297

renew-certs.yaml

+4 −0
Original line number Diff line number Diff line
@@ -33,15 +33,18 @@ 
        file: '{{ playbook_dir }}/tasks/renew-cert.yaml'

      vars:

        domains:

          - autoconfig.nehes.co

          - autoconfig.nehe.sr

          - autoconfig.shore.co.il

          - elasticsearch.shore.co.il

          - kibana.shore.co.il

          - myip.shore.co.il

          - nehes.co

          - nehe.sr

          - ns4.shore.co.il

          - registry.shore.co.il

          - shore.co.il

          - www.nehes.co

          - www.nehe.sr

          - www.shore.co.il

        handlers:
@@ -103,6 +106,7 @@ 
        delegate_host: host01

        domains:

          - imap.shore.co.il

          - mta-sts.nehes.co

          - mta-sts.nehe.sr

          - mta-sts.shore.co.il

          - smtp.shore.co.il

roles/router/files/nsd/nehes.co

0 → 100644
+58 −0
Original line number Diff line number Diff line 
; vim: filetype=bindzone

$TTL 1h

$ORIGIN nehes.co.

@               IN      SOA     ns1.shore.co.il.     hostmaster (

        2021071401

        1h

        5m

        4w

        3h )



        IN      NS      ns1.shore.co.il.

        IN      NS      ns4.shore.co.il.

        IN      A       163.172.74.36

        IN      TXT     "v=spf1 +mx -all"

        IN      SPF     "v=spf1 +mx -all"

        IN      MX      10      smtp.shore.co.il.

        IN      CAA     128 issue "letsencrypt.org"





_imaps._tcp IN  SRV 0 1 993 imap.shore.co.il.

            IN  TXT "v=spf1 -all"

            IN  SPF "v=spf1 -all"



_submission._tcp    IN  SRV  0 1 587 smtp.shore.co.il.

                    IN  TXT "v=spf1 -all"

                    IN  SPF "v=spf1 -all"



_smtp._tls  IN  TXT "v=TLSRPTv1;rua=mailto:postmaster@shore.co.il"

            IN  TXT "v=spf1 -all"

            IN  SPF "v=spf1 -all"



_mta-sts    IN  TXT "v=STSv1;id=2020072604;"

            IN  TXT "v=spf1 -all"

            IN  SPF "v=spf1 -all"



_carddavs._tcp    IN  SRV  0 1 443 nextcloud.shore.co.il.

                  IN  TXT "v=spf1 -all"

                  IN  SPF "v=spf1 -all"



_caldavs._tcp    IN  SRV  0 1 443 nextcloud.shore.co.il.

                 IN  TXT "v=spf1 -all"

                 IN  SPF "v=spf1 -all"



autoconfig      IN  CNAME   ns4.shore.co.il.

mta-sts         IN  CNAME   smtp.shore.co.il.

www             IN  CNAME   ns4.shore.co.il.



host01._domainkey IN    TXT     ("v=DKIM1\; k=rsa\;"

"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9EM6TzCofz004vL+aBV"; #  pragma: allowlist secret

"rUcCE2CjIcBw+k50vOir4JkE/+UxAStV/MHT59S0ObjMnkkjR0YCKKJqBPWwaqva"; #  pragma: allowlist secret

"ztZqIj/7g0IsrqoCgVeCcrBEPZ86BN2f4K+r5cWoWwUXtWyVMxJA8J+nnf/7ntLb"; #  pragma: allowlist secret

"e63tzKMZepfDHtbgojG88nyi6rdtdJYOIgVKoNhfLS7K4oxSHGmj0RjCO7CbB/8S"; #  pragma: allowlist secret

"swJhQMwGXCL87iBiQko8e/rqMxbhAuuYRp/ZbM5UXUc+Ds84PRx4TPOxYUC99x2g"; #  pragma: allowlist secret

"TlGIStWa09I0z1JnutqedBrN0uo52DKkA5jLN2xqabZ8RVdVLVmtM50Fbq5EimAK"; #  pragma: allowlist secret

"swIDAQAB\;")



_adsp._domainkey        IN      TXT     "dkim=all;"

_dmarc  IN      TXT     "v=DMARC1;p=quarantine;pct=100;sp=reject;fo=1;rua=mailto:postmaster@shore.co.il;ruf=mailto:postmaster@shore.co.il;adkim=s;aspf=s"

roles/router/files/nsd/nehes.co.conf

0 → 100644
+5 −0
Original line number Diff line number Diff line 
zone:

        name: "nehes.co"

        zonefile: "nehes.co"

        notify: 163.172.74.36 NOKEY #ns4.shore.co.il

        provide-xfr: 0.0.0.0/0 NOKEY

roles/router/tasks/main.yaml

+2 −0
Original line number Diff line number Diff line
@@ -237,6 +237,7 @@ 
  loop:

    - shore.co.il.conf

    - nehe.sr.conf

    - nehes.co.conf

  copy:

    dest: '/var/nsd/etc/nsd.conf.d/{{ item }}'

    mode: preserve
@@ -254,6 +255,7 @@ 
  loop:

    - shore.co.il

    - nehe.sr

    - nehes.co

  copy:

    dest: '/var/nsd/zones/{{ item }}'

    mode: preserve