From b997dabfebe74422de510884b68480fcb3bf1780 Mon Sep 17 00:00:00 2001
From: Matthew Fennell <matthew@fennell.dev>
Date: Thu, 23 May 2024 21:02:51 +0100
Subject: Add anonymous subdomain when requested

This will primiarly be used for motoristic.
---
 playbook.yaml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'playbook.yaml')

diff --git a/playbook.yaml b/playbook.yaml
index 06ebc59..64c0243 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -180,6 +180,21 @@
             {{ acme_account_uri_nonprod }}\""
      delegate_to: localhost
 
+   - name: Ensure anonymous records are added to subdomain, if needed
+     ansible.builtin.uri:
+      url: "https://desec.io/api/v1/domains/{{ virtual_host }}/rrsets/"
+      method: PUT
+      body_format: json
+      headers:
+       Authorization: Token {{ desec_token }}
+      body:
+       - subname: "anon"
+         type: CNAME
+         ttl: 3600
+         records: ["{{ delegate_host }}."]
+     delegate_to: localhost
+     when: anonymous_login
+
    # We specifically use apt instead of the more general package module here,
    # because we want to ensure the cache is updated before we try and install
    # anything. This is needed because, on a freh Debian install on AWS
-- 
cgit v1.2.3