feat: add terraform for DNS

flake.nix

@@ -64,20 +64,35 @@
         };
 
         devShells.default = pkgs.mkShell {
-          buildInputs = with pkgs; [
+          packages = with pkgs; [
-            deploy-rs
+            nix
-            nixpkgs-fmt
             agenix
             cachix
-            editorconfig-checker
+
-            nix
+            nixos-generators
-            nodePackages.prettier
             nvfetcher
+
+            editorconfig-checker
+            nodePackages.prettier
             shellcheck
             shfmt
             treefmt
-            nixos-generators
+            nixpkgs-fmt
+
+            deploy-rs
+
+            terraform
+            terraform-backend-git
           ];
+
+          shellHook = ''
+            export TF_BACKEND_GIT_GIT_REPOSITORY=gitea@git.pub.solar:b12f/terraform-state.git
+            export TF_BACKEND_GIT_GIT_REF=main
+            export TF_BACKEND_GIT_GIT_STATE=b12f.json
+            export TF_BACKEND_HTTP_ENCRYPTION_PROVIDER=sops
+            export TF_BACKEND_HTTP_SOPS_PGP_FP=4406E80E13CD656C
+            export HOSTINGDE_AUTH_TOKEN=$(secret-tool lookup hosting-de terraform-auth-token)
+          '';
         };
       };
 

terraform/.gitignore

@@ -0,0 +1 @@
+/.terraform

terraform/.terraform.lock.hcl

@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/pub-solar/hostingde" {
+  version     = "0.0.5"
+  constraints = ">= 0.0.5"
+  hashes = [
+    "h1:PMKw2Yfpe3O2ojZEY0DvzW6K3nM36RlTECOmb9aL0N0=",
+    "zh:0816e2cf0bb6888c8e9b592bcc1ea7c4b790290e1780ddae5f77cf0659fc947e",
+    "zh:1ca89ce18f4b357f11328a792ac56358e42a87306965a433e5af88b5f94eb7f1",
+    "zh:1f3520a551ad5b9cfec2e27f1e4ab63200b753eddd1f6a530c99971c7c6750ff",
+    "zh:301d1cbb1e04e71e5be15f28bd26b33e2509af5725989a2fbba00acfb47a2c2e",
+    "zh:3430af25e31ae611404e731e0b8659911394147b2ff33ea52af00c48d5d85434",
+    "zh:62d4c85ce42c8c75416bb4122b88614c3a1881bacc568e1b7761cbfa6fdfc5cd",
+    "zh:639e356d866470b4c5db8f379799fd9e7e7a09f255af31de617ebfa39f8908df",
+    "zh:79f26737cc17c0ed98bd1f038ac46fa949f50c5b07b08f3d1478a3ec38ebf40b",
+    "zh:7a2b6ed61c95ab804767900b1bc880e83e71a5753b44e76d64494bc70f3a3dc7",
+    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
+    "zh:92f6bf661a3db365aa3c9aa038d14e49b4a2184d77b915d34de44d4c7650a6d5",
+    "zh:956223963b90bff579f8891ce1e82ad3736dea76bafc5f8e9505b971f2f1697f",
+    "zh:c12967c9e6e7f56473c4c894d489eb4112f5979939b9cd59633e78482fd71a04",
+    "zh:f440efd67806698cb437824d07e72da7b7efe2e0b13cfe2765f2d62e2c48e433",
+    "zh:ff79c2514fa6849acf337c1ed77892184711df0c393d306b5fe9031be20ca29c",
+  ]
+}

terraform/README.md

@@ -0,0 +1,14 @@
+
+Problem:
+
+``` 
+[terraform-backend-git]: ssh: handshake failed: knownhosts: key mismatch
+```
+
+Solution:
+```
+ssh-keyscan git.pub.solar >> ~/.ssh/known_hosts
+```
+
+https://github.com/go-git/go-git/issues/411
+

terraform/b12f.io.tf

@@ -0,0 +1,149 @@
+resource "hostingde_zone" "b12f" {
+  name = "b12f.io"
+  type = "NATIVE"
+}
+
+resource "hostingde_record" "b12f-frikandel-AAAA" {
+  zone_id = hostingde_zone.b12f.id
+  name = "frikandel.b12f.io"
+  type = "AAAA"
+  content = "2a01:4f8:c2c:b60::"
+  ttl = 300
+}
+
+resource "hostingde_record" "b12f-frikandel-A" {
+  zone_id = hostingde_zone.b12f.id
+  name = "frikandel.b12f.io"
+  type = "A"
+  content = "128.140.109.213"
+  ttl = 300
+}
+
+resource "hostingde_record" "b12f-frikandel-initrd-A" {
+  zone_id = hostingde_zone.b12f.id
+  name = "frikandel-initrd.b12f.io"
+  type = "A"
+  content = "128.140.109.213"
+  ttl = 300
+}
+
+resource "hostingde_record" "b12f-vpn-AAAA" {
+  zone_id = hostingde_zone.b12f.id
+  name = "vpn.b12f.io"
+  type = "AAAA"
+  content = "2a01:4f8:c2c:b60::"
+  ttl = 300
+}
+
+resource "hostingde_record" "b12f-vpn-A" {
+  zone_id = hostingde_zone.b12f.id
+  name = "vpn.b12f.io"
+  type = "A"
+  content = "128.140.109.213"
+  ttl = 300
+}
+
+resource "hostingde_record" "b12f-web" {
+  zone_id = hostingde_zone.b12f.id
+  name = "b12f.io"
+  type = "ALIAS"
+  content = "frikandel.b12f.io"
+  ttl = 300
+}
+
+resource "hostingde_record" "b12f-www" {
+  zone_id = hostingde_zone.b12f.id
+  name = "www.b12f.io"
+  type = "CNAME"
+  content = "frikandel.b12f.io"
+  ttl = 300
+}
+
+resource "hostingde_record" "b12f-mail" {
+  zone_id = hostingde_zone.b12f.id
+  name = "mail.b12f.io"
+  type = "CNAME"
+  content = "frikandel.b12f.io"
+  ttl = 300
+}
+
+resource "hostingde_record" "b12f-autoconfig" {
+  zone_id = hostingde_zone.b12f.id
+  name = "autoconfig.b12f.io"
+  type = "CNAME"
+  content = "mail.b12f.io"
+  ttl = 300
+}
+
+resource "hostingde_record" "b12f-autodiscover" {
+  zone_id = hostingde_zone.b12f.id
+  name = "autodiscover.b12f.io"
+  type = "CNAME"
+  content = "mail.b12f.io"
+  ttl = 300
+}
+
+# resource "hostingde_record" "b12f-mx" {
+#   zone_id = hostingde_zone.b12f.id
+#   name = "b12f.io"
+#   type = "MX"
+#   content = "mail.b12f.io"
+#   priority = 10
+#   ttl = 300
+# }
+
+resource "hostingde_record" "b12f-spf" {
+  zone_id = hostingde_zone.b12f.id
+  name = "b12f.io"
+  type = "TXT"
+  content = "\"v=spf1 a:mail.b12f.io -all\""
+  ttl = 300
+}
+
+resource "hostingde_record" "b12f-droppie-AAAA" {
+  zone_id = hostingde_zone.b12f.id
+  name = "droppie.b12f.io"
+  type = "AAAA"
+  content = "2a02:908:5b1:e3c0:3::"
+  ttl = 300
+}
+
+resource "hostingde_record" "b12f-pie-AAAA" {
+  zone_id = hostingde_zone.b12f.id
+  name = "pie.b12f.io"
+  type = "AAAA"
+  content = "2a02:908:5b1:e3c0:2::"
+  ttl = 300
+}
+
+resource "hostingde_record" "b12f-firefly" {
+  zone_id = hostingde_zone.b12f.id
+  name = "firefly.b12f.io"
+  type = "CNAME"
+  content = "pie.b12f.io"
+  ttl = 300
+}
+
+resource "hostingde_record" "b12f-firefly-importer" {
+  zone_id = hostingde_zone.b12f.id
+  name = "firefly-importer.b12f.io"
+  type = "CNAME"
+  content = "pie.b12f.io"
+  ttl = 300
+}
+
+resource "hostingde_record" "b12f-invoicing" {
+  zone_id = hostingde_zone.b12f.id
+  name = "invoicing.b12f.io"
+  type = "CNAME"
+  content = "pie.b12f.io"
+  ttl = 300
+}
+
+resource "hostingde_record" "b12f-paperless" {
+  zone_id = hostingde_zone.b12f.id
+  name = "paperless.b12f.io"
+  type = "CNAME"
+  content = "pie.b12f.io"
+  ttl = 300
+}

terraform/benjaminbaedorf.eu.tf

@@ -0,0 +1,64 @@
+resource "hostingde_zone" "bbeu" {
+  name = "benjaminbaedorf.eu"
+  type = "NATIVE"
+}
+
+resource "hostingde_record" "bbeu-web" {
+  zone_id = hostingde_zone.bbeu.id
+  name = "benjaminbaedorf.eu"
+  type = "ALIAS"
+  content = "b12f.io"
+  ttl = 300
+}
+
+resource "hostingde_record" "bbeu-www" {
+  zone_id = hostingde_zone.bbeu.id
+  name = "www.benjaminbaedorf.eu"
+  type = "CNAME"
+  content = "b12f.io"
+  ttl = 300
+}
+
+# resource "hostingde_record" "bbeu-mx-1" {
+#   zone_id = hostingde_zone.bbeu.id
+#   name = "benjaminbaedorf.eu"
+#   type = "MX"
+#   content = "mx01.routing.net"
+#   priority = 10
+#   ttl = 300
+# }
+#
+# resource "hostingde_record" "bbeu-mx-2" {
+#   zone_id = hostingde_zone.bbeu.id
+#   name = "benjaminbaedorf.eu"
+#   type = "MX"
+#   content = "mx02.routing.net"
+#   priority = 10
+#   ttl = 300
+# }
+#
+# resource "hostingde_record" "bbeu-mx-3" {
+#   zone_id = hostingde_zone.bbeu.id
+#   name = "benjaminbaedorf.eu"
+#   type = "MX"
+#   content = "mx03.routing.net"
+#   priority = 10
+#   ttl = 300
+# }
+#
+# resource "hostingde_record" "bbeu-mx-backup" {
+#   zone_id = hostingde_zone.bbeu.id
+#   name = "benjaminbaedorf.eu"
+#   type = "MX"
+#   content = "mxbackup.routing.net"
+#   priority = 20
+#   ttl = 300
+# }
+
+resource "hostingde_record" "bbeu-spf" {
+  zone_id = hostingde_zone.bbeu.id
+  name = "benjaminbaedorf.eu"
+  type = "TXT"
+  content = "\"v=spf1 include:spf.routing.net ?all\""
+  ttl = 300
+}

terraform/providers.tf

@@ -0,0 +1,13 @@
+terraform {
+  required_version = "~> 1.5.3"
+  required_providers {
+    hostingde = {
+      source = "pub-solar/hostingde"
+      version = ">=0.0.5"
+    }
+  }
+}
+
+provider "hostingde" {
+  # Configuration options
+}