diff options
| -rw-r--r-- | playbook.yaml | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/playbook.yaml b/playbook.yaml index d11ff6a..25bf1fe 100644 --- a/playbook.yaml +++ b/playbook.yaml @@ -8,6 +8,84 @@ hosts: xmpp_server tasks: + # We allow status code 400 here as this is returned by deSEC if the domain + # already exists. Ideally, we should filter out genuinely good/bad requests + # here using the response. + - name: Ensure domain exists in deSEC + ansible.builtin.uri: + url: https://desec.io/api/v1/domains/ + method: POST + status_code: [201, 400] + body_format: json + headers: + Authorization: Token {{ desec_token }} + body: + name: "{{ virtual_host }}" + register: request + delegate_to: localhost + + - name: Ensure domain is registered + ansible.builtin.uri: + url: https://desec.io/api/v1/domains/{{ virtual_host }}/ + method: GET + headers: + Authorization: Token {{ desec_token }} + register: domain + delegate_to: localhost + + - name: Ensure domain to register DS record is registered + ansible.builtin.uri: + url: https://desec.io/api/v1/domains/?owns_qname={{ parent_host }} + method: GET + headers: + Authorization: Token {{ desec_token }} + register: parent_domain + delegate_to: localhost + + - name: Ensure DS is registered in parent domain + ansible.builtin.uri: + url: "https://desec.io/api/v1/domains/{{ domain_with_ds }}/rrsets/" + method: PUT + body_format: json + headers: + Authorization: Token {{ desec_token }} + body: + - subname: "{{ ds_subname }}" + type: DS + ttl: 3600 + records: "{{ domain_keys }}" + delegate_to: localhost + + - name: Ensure records are registered in subdomain + ansible.builtin.uri: + url: "https://desec.io/api/v1/domains/{{ virtual_host }}/rrsets/" + method: PUT + body_format: json + headers: + Authorization: Token {{ desec_token }} + body: + - subname: "" + type: AAAA + ttl: 3600 + records: ["{{ public_ip }}"] + - subname: "turn" + type: CNAME + ttl: 3600 + records: ["{{ virtual_host }}."] + - subname: "upload" + type: CNAME + ttl: 3600 + records: ["{{ virtual_host }}."] + - subname: "_xmpps-client._tcp" + type: SRV + ttl: 3600 + records: ["0 5 5223 {{ virtual_host }}."] + - subname: "_xmpps-server._tcp" + type: SRV + ttl: 3600 + records: ["0 5 5270 {{ virtual_host }}."] + delegate_to: localhost + # We specifically use apt instead of the more general package module here, # because we want to ensure the cache is updated before we try and install # anything. This is needed because, on a freh Debian install on AWS @@ -202,3 +280,13 @@ name: coturn state: restarted become: true + + vars: + domain_keys: >- + {{- domain.json["keys"] + | map(attribute='ds') + | flatten + | select("search", " 13 2 ") -}} + parent_host: "{{ virtual_host.split('.')[1:] | join('.') }}" + domain_with_ds: "{{ parent_domain.json | map(attribute='name') | first }}" + ds_subname: "{{ virtual_host | regex_replace('.' + domain_with_ds, '') }}" |