Add anonymous subdomain when requested

This will primiarly be used for motoristic.
author: Matthew Fennell <matthew@fennell.dev> 2024-05-23 21:02:51 +0100
committer: Matthew Fennell <matthew@fennell.dev> 2024-05-23 21:02:51 +0100
commit: b997dabfebe74422de510884b68480fcb3bf1780 (patch)
tree: 08475967e5b2fa368bc1c3e76aab8e8d58562745 /playbook.yaml
parent: 850275469f7da1a9829edfe45bd40b40d3cc6a02 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/playbook.yaml b/playbook.yaml
index 06ebc59..64c0243 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -180,6 +180,21 @@
             {{ acme_account_uri_nonprod }}\""
      delegate_to: localhost
 
+   - name: Ensure anonymous records are added to subdomain, if needed
+     ansible.builtin.uri:
+      url: "https://desec.io/api/v1/domains/{{ virtual_host }}/rrsets/"
+      method: PUT
+      body_format: json
+      headers:
+       Authorization: Token {{ desec_token }}
+      body:
+       - subname: "anon"
+         type: CNAME
+         ttl: 3600
+         records: ["{{ delegate_host }}."]
+     delegate_to: localhost
+     when: anonymous_login
+
    # We specifically use apt instead of the more general package module here,
    # because we want to ensure the cache is updated before we try and install
    # anything. This is needed because, on a freh Debian install on AWS
author	Matthew Fennell <matthew@fennell.dev>	2024-05-23 21:02:51 +0100
committer	Matthew Fennell <matthew@fennell.dev>	2024-05-23 21:02:51 +0100
commit	b997dabfebe74422de510884b68480fcb3bf1780 (patch)
tree	08475967e5b2fa368bc1c3e76aab8e8d58562745 /playbook.yaml
parent	850275469f7da1a9829edfe45bd40b40d3cc6a02 (diff)