geo_dns: add option to set NS TTL for geo domains

Ansible side of commit 5007c1a85e ("tf-stage1: allow setting the NS TTL of geo domains"); both values need to match so our geo nameservers report the same TTL as that returned by the parent zone's nameservers.
2024-04-24 12:05:05 +02:00 · 2022-05-16 15:46:43 +03:00 · 2022-05-16 15:46:43 +03:00 · 733a2133b5
parent 5007c1a85e
commit 733a2133b5
3 changed files with 9 additions and 5 deletions
--- a/group_vars/all/geo.yml
+++ b/group_vars/all/geo.yml
@ -1,5 +1,6 @@
 geo_acme_dns_challenge_ns: redirect.archlinux.org
 geo_domains:
  - geo.mirror.pkgbuild.com
-geo_health_check_paths:
-  geo.mirror.pkgbuild.com: /lastupdate
+geo_options:
+  geo.mirror.pkgbuild.com:
+    health_check_path: /lastupdate
--- a/roles/geo_dns/templates/geo.yml.j2
+++ b/roles/geo_dns/templates/geo.yml.j2
@ -9,19 +9,19 @@ domains:
        - soa: {{ groups['geo_mirrors'] | first }}. root.archlinux.org. 2022042701 3600 1800 604800 3600
        {% for host in groups['geo_mirrors'] %}
        - ns:
-            ttl: 86400
+            ttl: {{ geo_options[domain]['ns_ttl'] | default(86400) }}
            content: {{ host }}
        {% endfor %}
        - lua:
            ttl: 300
            content: >
-              A "ifurlup('https://{{ domain }}{{ geo_health_check_paths[domain] | default('/') }}',
+              A "ifurlup('https://{{ domain }}{{ geo_options[domain]['health_check_path'] | default('/') }}',
              {'{{ groups['geo_mirrors'] | map('extract', hostvars, ['ipv4_address']) | join("', '") }}'},
              {selector='pickclosest', useragent='pdns on {{ inventory_hostname }}'})"
        - lua:
            ttl: 300
            content: >
-              AAAA "ifurlup('https://{{ domain }}{{ geo_health_check_paths[domain] | default('/') }}',
+              AAAA "ifurlup('https://{{ domain }}{{ geo_options[domain]['health_check_path'] | default('/') }}',
              {'{{ groups['geo_mirrors'] | map('extract', hostvars, ['ipv6_address']) | join("', '") }}'},
              {selector='pickclosest', useragent='pdns on {{ inventory_hostname }}'})"
      _acme-challenge.{{ domain }}:
--- a/tf-stage1/archlinux.tf
+++ b/tf-stage1/archlinux.tf
@ -371,6 +371,9 @@ locals {
  #   - name (mandatory, specifies the subdomain to create in the above zone)
  #   - ttl (optional, the TTL of the NS records, defaults to 86400 if unset)
  #
+  # Note: If you use a custom TTL, also add it to geo_options[domain]['ns_ttl']
+  #       in Ansible (see the 'geo_options' variable in group_vars/all/geo.yml)
+  #
  geo_domains = {
    "geo.mirror.pkgbuild.com" = {
      zone_id = hetznerdns_zone.pkgbuild.id