sort out dynamic domains

suhancz · Oct 29, 2023 · 90f3c98 · 90f3c98
1 parent 836a18b
commit 90f3c98
Show file tree

Hide file tree

Showing 9 changed files with 109 additions and 39 deletions.
diff --git a/tasks/configure_dyndns_subdomain.yml b/tasks/configure_dyndns_subdomain.yml
@@ -19,7 +19,7 @@
   vars:
     record:
       zone: "{% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['owner'] }}.{% endif %}dyndns.{{ mailserver_domain }}"
-      name: "{{ dyndns_item | default('@') }}"
+      name: "{% if dyndns_item | length > 0 %}{{ dyndns_item }}{% else %}@{% endif %}"
       ttl: "3600"
       type: A
       content: "{% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['cidr'].split(', ') | first }}{% else %}{{ ansible_default_ipv4.address }}{% endif %}"
@@ -31,7 +31,7 @@
   vars:
     record:
       zone: "{% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['owner'] }}.{% endif %}dyndns.{{ mailserver_domain }}"
-      name: "{{ dyndns_item | default('@') }}"
+      name: "{% if dyndns_item | length > 0 %}{{ dyndns_item }}{% else %}@{% endif %}"
       ttl: "3600"
       type: AAAA
       content: "{% if dyndns_item | length > 0 %}{{ wg_configs[dyndns_item]['cidr'].split(', ') | last }}{% else %}{{ ansible_default_ipv6.address }}{% endif %}"

diff --git a/tasks/dyndns.yml b/tasks/dyndns.yml
@@ -136,6 +136,7 @@
     - dyndns
     - poweradmin
   ansible.builtin.include_tasks: add_dns_record.yml
+  when: dyndns_item != "server"
   vars:
     record:
       zone: "dyndns.{{ mailserver_domain }}"
@@ -144,7 +145,10 @@
       type: A
       content: "{{ wg_configs[dyndns_item]['cidr'].split(', ') | first }}"
   loop: "{{ wg_configs.keys() | list }}"
+  loop_control:
+    loop_var: dyndns_item
 - name: Add generic DynDNS AAAA records
+  when: dyndns_item != "server"
   tags:
     - dyndns
     - poweradmin
@@ -157,6 +161,8 @@
       type: AAAA
       content: "{{ wg_configs[dyndns_item]['cidr'].split(', ') | last }}"
   loop: "{{ wg_configs.keys() | list }}"
+  loop_control:
+    loop_var: dyndns_item
 - name: Configure DynDNS subdomains
   ansible.builtin.include_tasks: configure_dyndns_subdomain.yml
   when: dyndns_item != "server"

diff --git a/tasks/postfixadmin.yml b/tasks/postfixadmin.yml
@@ -86,20 +86,6 @@
     owner: apache
     group: apache
     mode: u=rw,og=r
-- name: Render PostfixAdmin web config templates
-  tags:
-    - postfixadmin
-  ansible.builtin.template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: u=rw,og=r
-    owner: root
-    group: root
-    backup: yes
-  loop:
-    - { src: "httpd/postfixadmin.conf.j2", dest: "/etc/httpd/conf.d/001-postfixadmin.{{ mailserver_domain }}.conf" }
-    - { src: "httpd/postfixadmin-le-ssl.conf.j2", dest: "/etc/httpd/conf.d/001-postfixadmin.{{ mailserver_domain }}-le-ssl.conf" }
-  notify: Restart httpd
 - name: Set postfixadmin ACLs
   tags: postfixadmin
   ansible.posix.acl:

diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml
@@ -115,18 +115,3 @@
     path: /var/www/poweradmin/install/
     state: absent
   when: 'public_dns == "yes"'
-- name: Render PowerAdmin web config templates
-  tags:
-    - dyndns
-    - poweradmin
-  ansible.builtin.template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: u=rw,og=r
-    owner: root
-    group: root
-    backup: yes
-  loop:
-    - { src: "httpd/poweradmin.conf.j2", dest: "/etc/httpd/conf.d/003-poweradmin.{{ mailserver_domain }}.conf" }
-    - { src: "httpd/poweradmin-le-ssl.conf.j2", dest: "/etc/httpd/conf.d/003-poweradmin.{{ mailserver_domain }}-le-ssl.conf" }
-  notify: Restart httpd
diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml
@@ -129,6 +129,35 @@
     wg_owner: "{{ item.owner }}"
     wg_cidr: "{{ item.cidr }}"
   loop: "{{ wg_clients }}"
+- name: Render PostfixAdmin web config templates
+  tags:
+    - postfixadmin
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: u=rw,og=r
+    owner: root
+    group: root
+    backup: yes
+  loop:
+    - { src: "httpd/postfixadmin.conf.j2", dest: "/etc/httpd/conf.d/001-postfixadmin.{{ mailserver_domain }}.conf" }
+    - { src: "httpd/postfixadmin-le-ssl.conf.j2", dest: "/etc/httpd/conf.d/001-postfixadmin.{{ mailserver_domain }}-le-ssl.conf" }
+  notify: Restart httpd
+- name: Render PowerAdmin web config templates
+  tags:
+    - dyndns
+    - poweradmin
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: u=rw,og=r
+    owner: root
+    group: root
+    backup: yes
+  loop:
+    - { src: "httpd/poweradmin.conf.j2", dest: "/etc/httpd/conf.d/003-poweradmin.{{ mailserver_domain }}.conf" }
+    - { src: "httpd/poweradmin-le-ssl.conf.j2", dest: "/etc/httpd/conf.d/003-poweradmin.{{ mailserver_domain }}-le-ssl.conf" }
+  notify: Restart httpd
 - name: Deploy .htaccess for the WireGuard configs
   ansible.builtin.template:
     src: wireguard/htaccess.j2

diff --git a/templates/httpd/postfixadmin-le-ssl.conf.j2 b/templates/httpd/postfixadmin-le-ssl.conf.j2
@@ -11,13 +11,29 @@ SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
   <Directory />
     Options FollowSymLinks
     AllowOverride All
-    Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
+    <RequireAny>
+      Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
+{% for domain name in wg_configs.keys() | list %}
+{% if dynamic_host_name != "server "%}
+      Require forward-dns {{ dynamic_host_name }}.dyndns.{{ mailserver_domain }}
+      Require forward-dns {{ dynamic_host_name }}.{{ mailserver_admin_user }}.dyndns.{{ mailserver_domain }}
+{% endif %}
+{% endfor %}
+    </RequireAny>
   </Directory>
 
   <Directory /var/www/postfixadmin/public/>
     Options FollowSymLinks MultiViews
     AllowOverride All
-    Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
+    <RequireAny>
+      Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
+{% for domain name in wg_configs.keys() | list %}
+{% if dynamic_host_name != "server "%}
+      Require forward-dns {{ dynamic_host_name }}.dyndns.{{ mailserver_domain }}
+      Require forward-dns {{ dynamic_host_name }}.{{ mailserver_admin_user }}.dyndns.{{ mailserver_domain }}
+{% endif %}
+{% endfor %}
+    </RequireAny>
   </Directory>
 
 

diff --git a/templates/httpd/postfixadmin.conf.j2 b/templates/httpd/postfixadmin.conf.j2
@@ -9,13 +9,29 @@
   <Directory />
     Options FollowSymLinks
     AllowOverride All
-    Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
+    <RequireAny>
+      Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
+{% for domain name in wg_configs.keys() | list %}
+{% if dynamic_host_name != "server "%}
+      Require forward-dns {{ dynamic_host_name }}.dyndns.{{ mailserver_domain }}
+      Require forward-dns {{ dynamic_host_name }}.{{ mailserver_admin_user }}.dyndns.{{ mailserver_domain }}
+{% endif %}
+{% endfor %}
+    </RequireAny>
   </Directory>
 
   <Directory /var/www/postfixadmin/public/>
     Options FollowSymLinks MultiViews
     AllowOverride All
-    Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
+    <RequireAny>
+      Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
+{% for domain name in wg_configs.keys() | list %}
+{% if dynamic_host_name != "server "%}
+      Require forward-dns {{ dynamic_host_name }}.dyndns.{{ mailserver_domain }}
+      Require forward-dns {{ dynamic_host_name }}.{{ mailserver_admin_user }}.dyndns.{{ mailserver_domain }}
+{% endif %}
+{% endfor %}
+    </RequireAny>
   </Directory>
 
 RewriteEngine on

diff --git a/templates/httpd/poweradmin-le-ssl.conf.j2 b/templates/httpd/poweradmin-le-ssl.conf.j2
@@ -11,13 +11,29 @@ SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
   <Directory />
     Options FollowSymLinks
     AllowOverride All
-    Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
+    <RequireAny>
+      Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
+{% for domain name in wg_configs.keys() | list %}
+{% if dynamic_host_name != "server "%}
+      Require forward-dns {{ dynamic_host_name }}.dyndns.{{ mailserver_domain }}
+      Require forward-dns {{ dynamic_host_name }}.{{ mailserver_admin_user }}.dyndns.{{ mailserver_domain }}
+{% endif %}
+{% endfor %}
+    </RequireAny>
   </Directory>
 
   <Directory /var/www/poweradmin/>
     Options FollowSymLinks MultiViews
     AllowOverride All
-    Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
+    <RequireAny>
+      Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
+{% for domain name in wg_configs.keys() | list %}
+{% if dynamic_host_name != "server "%}
+      Require forward-dns {{ dynamic_host_name }}.dyndns.{{ mailserver_domain }}
+      Require forward-dns {{ dynamic_host_name }}.{{ mailserver_admin_user }}.dyndns.{{ mailserver_domain }}
+{% endif %}
+{% endfor %}
+    </RequireAny>
   </Directory>
 
 

diff --git a/templates/httpd/poweradmin.conf.j2 b/templates/httpd/poweradmin.conf.j2
@@ -9,13 +9,29 @@
   <Directory />
     Options FollowSymLinks
     AllowOverride All
-    Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
+    <RequireAny>
+      Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
+{% for domain name in wg_configs.keys() | list %}
+{% if dynamic_host_name != "server "%}
+      Require forward-dns {{ dynamic_host_name }}.dyndns.{{ mailserver_domain }}
+      Require forward-dns {{ dynamic_host_name }}.{{ mailserver_admin_user }}.dyndns.{{ mailserver_domain }}
+{% endif %}
+{% endfor %}
+    </RequireAny>
   </Directory>
 
   <Directory /var/www/poweradmin/>
     Options FollowSymLinks MultiViews
     AllowOverride All
-    Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
+    <RequireAny>
+      Require ip {{ wireguard.ipv4_pool }} {{ wireguard.ipv6_pool }}
+{% for domain name in wg_configs.keys() | list %}
+{% if dynamic_host_name != "server "%}
+      Require forward-dns {{ dynamic_host_name }}.dyndns.{{ mailserver_domain }}
+      Require forward-dns {{ dynamic_host_name }}.{{ mailserver_admin_user }}.dyndns.{{ mailserver_domain }}
+{% endif %}
+{% endfor %}
+    </RequireAny>
   </Directory>
 
 RewriteEngine on