Publishing your domain automatically

Once your system has been installed successfully, you will need to publish your DNS information, so your domain can be reached from the internet.

Store the api key for ansible

If you have used Gandi, the process is fairly easy, otherwise, generic explanations are provided in the next section.

First, you will need to store the API and the token in the password store, so Ansible can access it.

For plain text passwords

For plain text passwords, use the following commands:

  • handle: JD461-GANDI
  • key: SVIs912q5RasCmIZ9YDC1XOc

Store the API key in the backup directory:

echo SVIs912q5RasCmIZ9YDC1XOc > backup/sweethome.box/gandi/api-key
chmod 0600 backup/sweethome.box/api-key

You can publish your domain using the following command

If you are using pass

If you are using pass, you will need to add the token to the password database, by using this command on the workstation:

pass insert sweethome.box/gandi/api-key
Enter password for sweethome.box/gandi/api-key: ******
Retype password for sweethome.box/gandi/api-key: ******

Your api key is now safely stored into pass.

Run the command to publish your domain

Everything is handled through an Ansible role, with one command:

cd playbooks
ROLE=dns-publish ansible-playbook -v install.yml

The output should be something like this:

PLAY RECAP *************************************************************************************************************
homebox                    : ok=61   changed=0    unreachable=0    failed=0    skipped=15   rescued=0    ignored=1

Sunday 14 January 2024  19:12:29 +0000 (0:00:00.414)       0:00:12.985 ********
===============================================================================
dns-publish ------------------------------------------------------------- 6.97s
gather_facts ------------------------------------------------------------ 4.08s
common-init ------------------------------------------------------------- 1.68s
include_role ------------------------------------------------------------ 0.17s
set_fact ---------------------------------------------------------------- 0.07s
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
total ------------------------------------------------------------------ 12.98s

If you have an access denied error, first, check your token value.

Now, wait from a few minutes to an hour, and check the dns-status again:

root@bochica ~# dns-status
DNS keys are published:
Zone                          Type Act Pub Size    Algorithm       ID   Location    Keytag
------------------------------------------------------------------------------------------
sweethome.box                 ZSK  Act Pub 256     ECDSAP256SHA256 3    cryptokeys  35623
sweethome.box                 KSK  Act Pub 256     ECDSAP256SHA256 1    cryptokeys  17507
sweethome.box                 KSK  Act Pub 256     ECDSAP256SHA256 2    cryptokeys  41341
root@bochica ~#