Add a script for creating DNS records in Cloudflare#692
Conversation
link2xt
left a comment
link2xt
left a comment
There was a problem hiding this comment.
CAA record is simply not created, DKIM key is missing.
Also this script will need to be maintained if merged and we don't use cloudflare so cannot test it.
If we want to automate uploading DNS records to APIs, I would at least use existing solution like https://github.com/StackExchange/dnscontrol instead of rolling out our own that only supports cloudflare and is not used by anyone else.
| create_record "$(generate_post_data_txt_record "$CHATMAIL_FULL_DNS_NAME" '\"v=spf1 a ~all\"')" | ||
| create_record "$(generate_post_data_txt_record "_dmarc.$CHATMAIL_FULL_DNS_NAME" '\"v=DMARC1;p=reject;adkim=s;aspf=s\"')" | ||
| create_record "$(generate_post_data_txt_record "_adsp._domainkey.$CHATMAIL_FULL_DNS_NAME" '\"dkim=discardable\"')" | ||
| create_record "$(generate_post_data_txt_record "opendkim._domainkey.$CHATMAIL_FULL_DNS_NAME" '\"v=DKIM1;k=rsa;p=;s=email;t=s\"')" |
There was a problem hiding this comment.
p= value is empty, so there is no actual DKIM key.
hpk42
left a comment
hpk42
left a comment
There was a problem hiding this comment.
I am generally in favor of finding a way to automatically set DNS records instead of just reading/verifying them.
But maintaining a bash script in scripts/ with manual instructions how to use it is not a good way to introduce it.
Better to think about integration into "cmdeploy" CLI flows related to DNS, and also consider it from the documentation side ("how to deal with DNS" is probably the most major pain point in setting up a relay). We could put the cloud-flare script into an "examples" section after #711 is merged.
this is what i'm using, i'm working on a hook that calls dnscontrol to push the records via api for common providers. if this is not preferred we may be able to make py infra do the work, but i'd need to research it a bit more since it's newer framework for me |
pyinfra is mostly about SSHing into the server and installing stuff there. For DNS we only need to do things locally, like generating a zonefile or dnsconfig.js for dnscontrol. |
unless this is already started, i'll likely pick it up and experiment this week if time allows |
|
Let's close this PR since in the current state it is not finished and likely not the approach we want to take. |
4 participants
A small script that allows you to create all the necessary DNS records in Cloudflare.