Verified Commit 733a2133 authored by Evangelos Foutras's avatar Evangelos Foutras 🐱
Browse files

geo_dns: add option to set NS TTL for geo domains

Ansible side of commit 5007c1a8 ("tf-stage1: allow setting the NS
TTL of geo domains"); both values need to match so our geo nameservers
report the same TTL as that returned by the parent zone's nameservers.
parent 5007c1a8
geo_acme_dns_challenge_ns: redirect.archlinux.org
geo_domains:
- geo.mirror.pkgbuild.com
geo_health_check_paths:
geo.mirror.pkgbuild.com: /lastupdate
geo_options:
geo.mirror.pkgbuild.com:
health_check_path: /lastupdate
......@@ -9,19 +9,19 @@ domains:
- soa: {{ groups['geo_mirrors'] | first }}. root.archlinux.org. 2022042701 3600 1800 604800 3600
{% for host in groups['geo_mirrors'] %}
- ns:
ttl: 86400
ttl: {{ geo_options[domain]['ns_ttl'] | default(86400) }}
content: {{ host }}
{% endfor %}
- lua:
ttl: 300
content: >
A "ifurlup('https://{{ domain }}{{ geo_health_check_paths[domain] | default('/') }}',
A "ifurlup('https://{{ domain }}{{ geo_options[domain]['health_check_path'] | default('/') }}',
{'{{ groups['geo_mirrors'] | map('extract', hostvars, ['ipv4_address']) | join("', '") }}'},
{selector='pickclosest', useragent='pdns on {{ inventory_hostname }}'})"
- lua:
ttl: 300
content: >
AAAA "ifurlup('https://{{ domain }}{{ geo_health_check_paths[domain] | default('/') }}',
AAAA "ifurlup('https://{{ domain }}{{ geo_options[domain]['health_check_path'] | default('/') }}',
{'{{ groups['geo_mirrors'] | map('extract', hostvars, ['ipv6_address']) | join("', '") }}'},
{selector='pickclosest', useragent='pdns on {{ inventory_hostname }}'})"
_acme-challenge.{{ domain }}:
......
......@@ -371,6 +371,9 @@ locals {
# - name (mandatory, specifies the subdomain to create in the above zone)
# - ttl (optional, the TTL of the NS records, defaults to 86400 if unset)
#
# Note: If you use a custom TTL, also add it to geo_options[domain]['ns_ttl']
# in Ansible (see the 'geo_options' variable in group_vars/all/geo.yml)
#
geo_domains = {
"geo.mirror.pkgbuild.com" = {
zone_id = hetznerdns_zone.pkgbuild.id
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment