Document domain_with_ds and ds_subname

I found these variables a bit confusing after having to interact with them again. It is useful to have some context now I have forgotten all about the DS record setup!
author: Matthew Fennell <matthew@fennell.dev> 2025-08-11 08:10:37 +0100
committer: Matthew Fennell <matthew@fennell.dev> 2025-08-11 08:10:37 +0100
commit: 88661808abe13a93969fe43727bc61d737597ba0 (patch)
tree: bbc81bd7b5ae74f6e3dec29ffc15b34c8572c871
parent: c66c6c1c14b9987e1a79a5027607267419df6289 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/playbook.yaml b/playbook.yaml
index 39e6e82..55d8851 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -460,12 +460,22 @@
 
    parent_host: "{{ virtual_host.split('.')[1:] | join('.') }}"
 
+   # When the virtual host is on a subdomain, we want a DS record on the parent
+   # domain. This is so we can manage the subdomain as a separate domain on
+   # deSEC, and enforce some separation between nonprod and prod.
+   #
+   # If virtual_host is "continuous.nonprod.example.org", then domain_with_ds
+   # is "example.org".
    domain_with_ds: >-
     {{- parent_domain.json
     | map(attribute='name')
     | first
     | default("") -}}
 
+   # To register the DS record, we need the subname to point to.
+   #
+   # If virtual_host is "continuous.nonprod.example.org", then ds_subname is
+   # "continuous.nonprod".
    ds_subname: "{{ virtual_host | regex_replace('.' + domain_with_ds, '') }}"
 
    delegate_host: >-
author	Matthew Fennell <matthew@fennell.dev>	2025-08-11 08:10:37 +0100
committer	Matthew Fennell <matthew@fennell.dev>	2025-08-11 08:10:37 +0100
commit	88661808abe13a93969fe43727bc61d737597ba0 (patch)
tree	bbc81bd7b5ae74f6e3dec29ffc15b34c8572c871
parent	c66c6c1c14b9987e1a79a5027607267419df6289 (diff)