diff --git a/renew-certs.yaml b/renew-certs.yaml index c59a4395893eee70a2b02d34407e70396a2304f3..2e764692f7eb3123ad370a3fbac1639a43324fcd 100644 --- a/renew-certs.yaml +++ b/renew-certs.yaml @@ -33,15 +33,18 @@ file: '{{ playbook_dir }}/tasks/renew-cert.yaml' vars: domains: + - autoconfig.nehes.co - autoconfig.nehe.sr - autoconfig.shore.co.il - elasticsearch.shore.co.il - kibana.shore.co.il - myip.shore.co.il + - nehes.co - nehe.sr - ns4.shore.co.il - registry.shore.co.il - shore.co.il + - www.nehes.co - www.nehe.sr - www.shore.co.il handlers: @@ -103,6 +106,7 @@ delegate_host: host01 domains: - imap.shore.co.il + - mta-sts.nehes.co - mta-sts.nehe.sr - mta-sts.shore.co.il - smtp.shore.co.il diff --git a/roles/router/files/nsd/nehes.co b/roles/router/files/nsd/nehes.co new file mode 100644 index 0000000000000000000000000000000000000000..25a3c3a6a7b7d2b988f0df691b83888017a9c9f4 --- /dev/null +++ b/roles/router/files/nsd/nehes.co @@ -0,0 +1,58 @@ +; vim: filetype=bindzone +$TTL 1h +$ORIGIN nehes.co. +@ IN SOA ns1.shore.co.il. hostmaster ( + 2021071401 + 1h + 5m + 4w + 3h ) + + IN NS ns1.shore.co.il. + IN NS ns4.shore.co.il. + IN A 163.172.74.36 + IN TXT "v=spf1 +mx -all" + IN SPF "v=spf1 +mx -all" + IN MX 10 smtp.shore.co.il. + IN CAA 128 issue "letsencrypt.org" + + +_imaps._tcp IN SRV 0 1 993 imap.shore.co.il. + IN TXT "v=spf1 -all" + IN SPF "v=spf1 -all" + +_submission._tcp IN SRV 0 1 587 smtp.shore.co.il. + IN TXT "v=spf1 -all" + IN SPF "v=spf1 -all" + +_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:postmaster@shore.co.il" + IN TXT "v=spf1 -all" + IN SPF "v=spf1 -all" + +_mta-sts IN TXT "v=STSv1;id=2020072604;" + IN TXT "v=spf1 -all" + IN SPF "v=spf1 -all" + +_carddavs._tcp IN SRV 0 1 443 nextcloud.shore.co.il. + IN TXT "v=spf1 -all" + IN SPF "v=spf1 -all" + +_caldavs._tcp IN SRV 0 1 443 nextcloud.shore.co.il. + IN TXT "v=spf1 -all" + IN SPF "v=spf1 -all" + +autoconfig IN CNAME ns4.shore.co.il. +mta-sts IN CNAME smtp.shore.co.il. +www IN CNAME ns4.shore.co.il. + +host01._domainkey IN TXT ("v=DKIM1\; k=rsa\;" +"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9EM6TzCofz004vL+aBV"; # pragma: allowlist secret +"rUcCE2CjIcBw+k50vOir4JkE/+UxAStV/MHT59S0ObjMnkkjR0YCKKJqBPWwaqva"; # pragma: allowlist secret +"ztZqIj/7g0IsrqoCgVeCcrBEPZ86BN2f4K+r5cWoWwUXtWyVMxJA8J+nnf/7ntLb"; # pragma: allowlist secret +"e63tzKMZepfDHtbgojG88nyi6rdtdJYOIgVKoNhfLS7K4oxSHGmj0RjCO7CbB/8S"; # pragma: allowlist secret +"swJhQMwGXCL87iBiQko8e/rqMxbhAuuYRp/ZbM5UXUc+Ds84PRx4TPOxYUC99x2g"; # pragma: allowlist secret +"TlGIStWa09I0z1JnutqedBrN0uo52DKkA5jLN2xqabZ8RVdVLVmtM50Fbq5EimAK"; # pragma: allowlist secret +"swIDAQAB\;") + +_adsp._domainkey IN TXT "dkim=all;" +_dmarc IN TXT "v=DMARC1;p=quarantine;pct=100;sp=reject;fo=1;rua=mailto:postmaster@shore.co.il;ruf=mailto:postmaster@shore.co.il;adkim=s;aspf=s" diff --git a/roles/router/files/nsd/nehes.co.conf b/roles/router/files/nsd/nehes.co.conf new file mode 100644 index 0000000000000000000000000000000000000000..9bf82c6876b66f5fdd3bee1e8754345bc52ab221 --- /dev/null +++ b/roles/router/files/nsd/nehes.co.conf @@ -0,0 +1,5 @@ +zone: + name: "nehes.co" + zonefile: "nehes.co" + notify: 163.172.74.36 NOKEY #ns4.shore.co.il + provide-xfr: 0.0.0.0/0 NOKEY diff --git a/roles/router/tasks/main.yaml b/roles/router/tasks/main.yaml index c4224de316b9e40759679f9e12f744858bd2cb60..a522f329001977a916101931f1be43e7b4304429 100644 --- a/roles/router/tasks/main.yaml +++ b/roles/router/tasks/main.yaml @@ -237,6 +237,7 @@ loop: - shore.co.il.conf - nehe.sr.conf + - nehes.co.conf copy: dest: '/var/nsd/etc/nsd.conf.d/{{ item }}' mode: preserve @@ -254,6 +255,7 @@ loop: - shore.co.il - nehe.sr + - nehes.co copy: dest: '/var/nsd/zones/{{ item }}' mode: preserve