From e92c474436bf7876b8dac104492a4c276f12287b Mon Sep 17 00:00:00 2001 From: Adar Nimrod Date: Wed, 14 Jul 2021 06:38:23 +0300 Subject: [PATCH] nehes.co. - New DNS zone for nehes.co. - Certificates for *.nehes.co. --- renew-certs.yaml | 4 ++ roles/router/files/nsd/nehes.co | 58 ++++++++++++++++++++++++++++ roles/router/files/nsd/nehes.co.conf | 5 +++ roles/router/tasks/main.yaml | 2 + 4 files changed, 69 insertions(+) create mode 100644 roles/router/files/nsd/nehes.co create mode 100644 roles/router/files/nsd/nehes.co.conf diff --git a/renew-certs.yaml b/renew-certs.yaml index c59a439..2e76469 100644 --- a/renew-certs.yaml +++ b/renew-certs.yaml @@ -33,15 +33,18 @@ file: '{{ playbook_dir }}/tasks/renew-cert.yaml' vars: domains: + - autoconfig.nehes.co - autoconfig.nehe.sr - autoconfig.shore.co.il - elasticsearch.shore.co.il - kibana.shore.co.il - myip.shore.co.il + - nehes.co - nehe.sr - ns4.shore.co.il - registry.shore.co.il - shore.co.il + - www.nehes.co - www.nehe.sr - www.shore.co.il handlers: @@ -103,6 +106,7 @@ delegate_host: host01 domains: - imap.shore.co.il + - mta-sts.nehes.co - mta-sts.nehe.sr - mta-sts.shore.co.il - smtp.shore.co.il diff --git a/roles/router/files/nsd/nehes.co b/roles/router/files/nsd/nehes.co new file mode 100644 index 0000000..25a3c3a --- /dev/null +++ b/roles/router/files/nsd/nehes.co @@ -0,0 +1,58 @@ +; vim: filetype=bindzone +$TTL 1h +$ORIGIN nehes.co. +@ IN SOA ns1.shore.co.il. hostmaster ( + 2021071401 + 1h + 5m + 4w + 3h ) + + IN NS ns1.shore.co.il. + IN NS ns4.shore.co.il. + IN A 163.172.74.36 + IN TXT "v=spf1 +mx -all" + IN SPF "v=spf1 +mx -all" + IN MX 10 smtp.shore.co.il. + IN CAA 128 issue "letsencrypt.org" + + +_imaps._tcp IN SRV 0 1 993 imap.shore.co.il. + IN TXT "v=spf1 -all" + IN SPF "v=spf1 -all" + +_submission._tcp IN SRV 0 1 587 smtp.shore.co.il. + IN TXT "v=spf1 -all" + IN SPF "v=spf1 -all" + +_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:postmaster@shore.co.il" + IN TXT "v=spf1 -all" + IN SPF "v=spf1 -all" + +_mta-sts IN TXT "v=STSv1;id=2020072604;" + IN TXT "v=spf1 -all" + IN SPF "v=spf1 -all" + +_carddavs._tcp IN SRV 0 1 443 nextcloud.shore.co.il. + IN TXT "v=spf1 -all" + IN SPF "v=spf1 -all" + +_caldavs._tcp IN SRV 0 1 443 nextcloud.shore.co.il. + IN TXT "v=spf1 -all" + IN SPF "v=spf1 -all" + +autoconfig IN CNAME ns4.shore.co.il. +mta-sts IN CNAME smtp.shore.co.il. +www IN CNAME ns4.shore.co.il. + +host01._domainkey IN TXT ("v=DKIM1\; k=rsa\;" +"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9EM6TzCofz004vL+aBV"; # pragma: allowlist secret +"rUcCE2CjIcBw+k50vOir4JkE/+UxAStV/MHT59S0ObjMnkkjR0YCKKJqBPWwaqva"; # pragma: allowlist secret +"ztZqIj/7g0IsrqoCgVeCcrBEPZ86BN2f4K+r5cWoWwUXtWyVMxJA8J+nnf/7ntLb"; # pragma: allowlist secret +"e63tzKMZepfDHtbgojG88nyi6rdtdJYOIgVKoNhfLS7K4oxSHGmj0RjCO7CbB/8S"; # pragma: allowlist secret +"swJhQMwGXCL87iBiQko8e/rqMxbhAuuYRp/ZbM5UXUc+Ds84PRx4TPOxYUC99x2g"; # pragma: allowlist secret +"TlGIStWa09I0z1JnutqedBrN0uo52DKkA5jLN2xqabZ8RVdVLVmtM50Fbq5EimAK"; # pragma: allowlist secret +"swIDAQAB\;") + +_adsp._domainkey IN TXT "dkim=all;" +_dmarc IN TXT "v=DMARC1;p=quarantine;pct=100;sp=reject;fo=1;rua=mailto:postmaster@shore.co.il;ruf=mailto:postmaster@shore.co.il;adkim=s;aspf=s" diff --git a/roles/router/files/nsd/nehes.co.conf b/roles/router/files/nsd/nehes.co.conf new file mode 100644 index 0000000..9bf82c6 --- /dev/null +++ b/roles/router/files/nsd/nehes.co.conf @@ -0,0 +1,5 @@ +zone: + name: "nehes.co" + zonefile: "nehes.co" + notify: 163.172.74.36 NOKEY #ns4.shore.co.il + provide-xfr: 0.0.0.0/0 NOKEY diff --git a/roles/router/tasks/main.yaml b/roles/router/tasks/main.yaml index c4224de..a522f32 100644 --- a/roles/router/tasks/main.yaml +++ b/roles/router/tasks/main.yaml @@ -237,6 +237,7 @@ loop: - shore.co.il.conf - nehe.sr.conf + - nehes.co.conf copy: dest: '/var/nsd/etc/nsd.conf.d/{{ item }}' mode: preserve @@ -254,6 +255,7 @@ loop: - shore.co.il - nehe.sr + - nehes.co copy: dest: '/var/nsd/zones/{{ item }}' mode: preserve -- GitLab