nehes.co.

- New DNS zone for nehes.co.
- Certificates for *.nehes.co.

renew-certs.yaml

@@ -33,15 +33,18 @@
         file: '{{ playbook_dir }}/tasks/renew-cert.yaml'
       vars:
         domains:
+          - autoconfig.nehes.co
           - autoconfig.nehe.sr
           - autoconfig.shore.co.il
           - elasticsearch.shore.co.il
           - kibana.shore.co.il
           - myip.shore.co.il
+          - nehes.co
           - nehe.sr
           - ns4.shore.co.il
           - registry.shore.co.il
           - shore.co.il
+          - www.nehes.co
           - www.nehe.sr
           - www.shore.co.il
         handlers:
@@ -103,6 +106,7 @@
         delegate_host: host01
         domains:
           - imap.shore.co.il
+          - mta-sts.nehes.co
           - mta-sts.nehe.sr
           - mta-sts.shore.co.il
           - smtp.shore.co.il

roles/router/files/nsd/nehes.co

+; vim: filetype=bindzone
+$TTL 1h
+$ORIGIN nehes.co.
+@               IN      SOA     ns1.shore.co.il.     hostmaster (
+        2021071401
+        1h
+        5m
+        4w
+        3h )
+
+        IN      NS      ns1.shore.co.il.
+        IN      NS      ns4.shore.co.il.
+        IN      A       163.172.74.36
+        IN      TXT     "v=spf1 +mx -all"
+        IN      SPF     "v=spf1 +mx -all"
+        IN      MX      10      smtp.shore.co.il.
+        IN      CAA     128 issue "letsencrypt.org"
+
+
+_imaps._tcp IN  SRV 0 1 993 imap.shore.co.il.
+            IN  TXT "v=spf1 -all"
+            IN  SPF "v=spf1 -all"
+
+_submission._tcp    IN  SRV  0 1 587 smtp.shore.co.il.
+                    IN  TXT "v=spf1 -all"
+                    IN  SPF "v=spf1 -all"
+
+_smtp._tls  IN  TXT "v=TLSRPTv1;rua=mailto:postmaster@shore.co.il"
+            IN  TXT "v=spf1 -all"
+            IN  SPF "v=spf1 -all"
+
+_mta-sts    IN  TXT "v=STSv1;id=2020072604;"
+            IN  TXT "v=spf1 -all"
+            IN  SPF "v=spf1 -all"
+
+_carddavs._tcp    IN  SRV  0 1 443 nextcloud.shore.co.il.
+                  IN  TXT "v=spf1 -all"
+                  IN  SPF "v=spf1 -all"
+
+_caldavs._tcp    IN  SRV  0 1 443 nextcloud.shore.co.il.
+                 IN  TXT "v=spf1 -all"
+                 IN  SPF "v=spf1 -all"
+
+autoconfig      IN  CNAME   ns4.shore.co.il.
+mta-sts         IN  CNAME   smtp.shore.co.il.
+www             IN  CNAME   ns4.shore.co.il.
+
+host01._domainkey IN    TXT     ("v=DKIM1\; k=rsa\;"
+"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9EM6TzCofz004vL+aBV"; #  pragma: allowlist secret
+"rUcCE2CjIcBw+k50vOir4JkE/+UxAStV/MHT59S0ObjMnkkjR0YCKKJqBPWwaqva"; #  pragma: allowlist secret
+"ztZqIj/7g0IsrqoCgVeCcrBEPZ86BN2f4K+r5cWoWwUXtWyVMxJA8J+nnf/7ntLb"; #  pragma: allowlist secret
+"e63tzKMZepfDHtbgojG88nyi6rdtdJYOIgVKoNhfLS7K4oxSHGmj0RjCO7CbB/8S"; #  pragma: allowlist secret
+"swJhQMwGXCL87iBiQko8e/rqMxbhAuuYRp/ZbM5UXUc+Ds84PRx4TPOxYUC99x2g"; #  pragma: allowlist secret
+"TlGIStWa09I0z1JnutqedBrN0uo52DKkA5jLN2xqabZ8RVdVLVmtM50Fbq5EimAK"; #  pragma: allowlist secret
+"swIDAQAB\;")
+
+_adsp._domainkey        IN      TXT     "dkim=all;"
+_dmarc  IN      TXT     "v=DMARC1;p=quarantine;pct=100;sp=reject;fo=1;rua=mailto:postmaster@shore.co.il;ruf=mailto:postmaster@shore.co.il;adkim=s;aspf=s"

roles/router/files/nsd/nehes.co.conf

+zone:
+        name: "nehes.co"
+        zonefile: "nehes.co"
+        notify: 163.172.74.36 NOKEY #ns4.shore.co.il
+        provide-xfr: 0.0.0.0/0 NOKEY

roles/router/tasks/main.yaml

@@ -237,6 +237,7 @@
   loop:
     - shore.co.il.conf
     - nehe.sr.conf
+    - nehes.co.conf
   copy:
     dest: '/var/nsd/etc/nsd.conf.d/{{ item }}'
     mode: preserve
@@ -254,6 +255,7 @@
   loop:
     - shore.co.il
     - nehe.sr
+    - nehes.co
   copy:
     dest: '/var/nsd/zones/{{ item }}'
     mode: preserve