Adding DNS role

inventories/production/group_vars/all.yml

@@ -136,3 +136,23 @@ smtp_from: "noreply@{{ base_domain }}"
 smtp_user: "noreply@{{ base_domain }}"
 smtp_password: "changeme_smtp"
 smtp_tls: "starttls"
+
+# DNS / BIND9 — authoritative nameserver
+bind_version: "9.18-22.04_beta"
+# dns_server_ip must be the public IPv4 address of this server.
+# Register ns1.{{ base_domain }} as a glue record at your domain registrar
+# pointing to this IP, then set your domain's nameservers to ns1.{{ base_domain }}.
+dns_server_ip: "changeme_server_public_ip"
+dns_ns_hostname: "ns1.{{ base_domain }}"
+dns_ttl: 3600
+
+# DKIM — retrieve the public key from the Stalwart admin UI at
+# mail.{{ base_domain }} → Settings → DKIM keys after first deployment.
+# Leave empty to skip the DKIM TXT record until the key is available.
+stalwart_dkim_selector: "default"
+stalwart_dkim_public_key: ""  # e.g. "MIGfMA0GCSqGSIb3DQEB..."
+
+# DMARC — email authentication policy
+dmarc_policy: "quarantine"  # none | quarantine | reject
+dmarc_rua: "mailto:dmarc-reports@{{ base_domain }}"
+dmarc_ruf: "mailto:dmarc-forensics@{{ base_domain }}"