From 73f9d84b31992d0d52150e559d64e662233c8645 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 29 Oct 2023 02:51:21 +0200 Subject: [PATCH] feat: terraform DNS for namecheap initial commit --- dns.nix | 167 ------------------------------- flake.lock | 87 ----------------- flake.nix | 6 +- terraform.nix | 57 ----------- terraform/dns.tf | 190 ++++++++++++++++++++++++++++++++++++ terraform/providers.tf | 13 +++ terraform/remote-backend.tf | 7 ++ 7 files changed, 211 insertions(+), 316 deletions(-) delete mode 100644 dns.nix delete mode 100644 terraform.nix create mode 100644 terraform/dns.tf create mode 100644 terraform/providers.tf create mode 100644 terraform/remote-backend.tf diff --git a/dns.nix b/dns.nix deleted file mode 100644 index 73bbcdbb..00000000 --- a/dns.nix +++ /dev/null @@ -1,167 +0,0 @@ -{ ... }: -{ -# https://registry.terraform.io/providers/namecheap/namecheap/latest/docs - resource."namecheap_domain_records"."pub-solar" = { - domain = "pub.solar"; - mode = "OVERWRITE"; - email_type = "MX"; - - record = [ - { - hostname = "flora-6"; - type = "CNAME"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "auth"; - type = "CNAME"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "ci"; - type = "CNAME"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "git"; - type = "CNAME"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "stream"; - type = "CNAME"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "list"; - type = "A"; - address = "80.71.153.210"; - } - { - hostname = "obs-portal"; - type = "CNAME"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "vpn"; - type = "CNAME"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "cache"; - type = "A"; - address = "95.217.225.160"; - } - { - hostname = "factorio"; - type = "A"; - address = "80.244.242.2"; - } - { - hostname = "collabora"; - type = "A"; - address = "95.217.225.160"; - } - { - hostname = "@"; - type = "ALIAS"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - ttl = 300; - } - { - hostname = "chat"; - type = "CNAME"; - address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone."; - } - { - hostname = "cloud"; - type = "CNAME"; - address = "nc-web.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "coturn"; - type = "CNAME"; - address = "nc-hpb.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "hpb"; - type = "CNAME"; - address = "nc-hpb.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "dimension"; - type = "CNAME"; - address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone."; - } - { - hostname = "element"; - type = "CNAME"; - address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone."; - } - { - hostname = "files"; - type = "CNAME"; - address = "mastodon-proxy.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone."; - } - { - hostname = "mastodon"; - type = "CNAME"; - address = "mastodon-proxy.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone."; - } - { - hostname = "matrix"; - type = "CNAME"; - address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone."; - } - { - hostname = "www"; - type = "CNAME"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "@"; - type = "TXT"; - address = "v=spf1 include:spf.greenbaum.cloud a:list.pub.solar ~all"; - } - { - hostname = "list"; - type = "TXT"; - address = "v=spf1 a:list.pub.solar ?all"; - } - { - hostname = "_dmarc"; - type = "TXT"; - address = "v=DMARC1; p=reject;"; - } - { - hostname = "_dmarc.list"; - type = "TXT"; - address = "v=DMARC1; p=reject;"; - } - { - hostname = "@"; - type = "MX"; - address = "mx2.greenbaum.cloud."; - mx_pref = "0"; - } - { - hostname = "list"; - type = "MX"; - address = "list.pub.solar"; - mx_pref = "0"; - } - { - hostname = "nachtigall"; - type = "A"; - address = "138.201.80.102"; - } - { - hostname = "nachtigall"; - type = "AAAA"; - address = "2a01:4f8:172:1c25::1"; - } - # SRV records can only be changed via NameCheap Web UI - # add comment - ]; - }; -} diff --git a/flake.lock b/flake.lock index 9e7b6898..e3292e82 100644 --- a/flake.lock +++ b/flake.lock @@ -26,38 +26,6 @@ "type": "github" } }, - "bats-assert": { - "flake": false, - "locked": { - "lastModified": 1636059754, - "narHash": "sha256-ewME0l27ZqfmAwJO4h5biTALc9bDLv7Bl3ftBzBuZwk=", - "owner": "bats-core", - "repo": "bats-assert", - "rev": "34551b1d7f8c7b677c1a66fc0ac140d6223409e5", - "type": "github" - }, - "original": { - "owner": "bats-core", - "repo": "bats-assert", - "type": "github" - } - }, - "bats-support": { - "flake": false, - "locked": { - "lastModified": 1548869839, - "narHash": "sha256-Gr4ntadr42F2Ks8Pte2D4wNDbijhujuoJi4OPZnTAZU=", - "owner": "bats-core", - "repo": "bats-support", - "rev": "d140a65044b2d6810381935ae7f0c94c7023c8c3", - "type": "github" - }, - "original": { - "owner": "bats-core", - "repo": "bats-support", - "type": "github" - } - }, "deploy-rs": { "inputs": { "flake-compat": "flake-compat", @@ -154,21 +122,6 @@ "type": "github" } }, - "flake-utils_2": { - "locked": { - "lastModified": 1634851050, - "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c91f3de5adaf1de973b797ef7485e441a65b8935", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -310,7 +263,6 @@ "nix-darwin": "nix-darwin", "nixos-flake": "nixos-flake", "nixpkgs": "nixpkgs", - "terranix": "terranix", "unstable": "unstable" } }, @@ -344,45 +296,6 @@ "type": "github" } }, - "terranix": { - "inputs": { - "bats-assert": "bats-assert", - "bats-support": "bats-support", - "flake-utils": "flake-utils_2", - "nixpkgs": [ - "nixpkgs" - ], - "terranix-examples": "terranix-examples" - }, - "locked": { - "lastModified": 1695406838, - "narHash": "sha256-xiUfVD6rtsVWFotVtUW3Q1nQh4obKzgvpN1wqZuGXvM=", - "owner": "terranix", - "repo": "terranix", - "rev": "fc9077ca02ab5681935dbf0ecd725c4d889b9275", - "type": "github" - }, - "original": { - "owner": "terranix", - "repo": "terranix", - "type": "github" - } - }, - "terranix-examples": { - "locked": { - "lastModified": 1636300201, - "narHash": "sha256-0n1je1WpiR6XfCsvi8ZK7GrpEnMl+DpwhWaO1949Vbc=", - "owner": "terranix", - "repo": "terranix-examples", - "rev": "a934aa1cf88f6bd6c6ddb4c77b77ec6e1660bd5e", - "type": "github" - }, - "original": { - "owner": "terranix", - "repo": "terranix-examples", - "type": "github" - } - }, "unstable": { "locked": { "lastModified": 1698318101, diff --git a/flake.nix b/flake.nix index 48b6fa15..ee389cb9 100644 --- a/flake.nix +++ b/flake.nix @@ -14,9 +14,6 @@ flake-parts.url = "github:hercules-ci/flake-parts"; nixos-flake.url = "github:srid/nixos-flake"; - terranix.url = "github:terranix/terranix"; - terranix.inputs.nixpkgs.follows = "nixpkgs"; - deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; @@ -29,13 +26,12 @@ keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = inputs@{ self, terranix, ... }: + outputs = inputs@{ self, ... }: inputs.flake-parts.lib.mkFlake { inherit inputs; } { systems = [ "x86_64-linux" "aarch64-linux" ]; imports = [ inputs.nixos-flake.flakeModule - # ./terraform.nix ./public-keys ./lib ./overlays diff --git a/terraform.nix b/terraform.nix deleted file mode 100644 index 9dad0647..00000000 --- a/terraform.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ inputs -, self -, ... -}: { - perSystem = { config, pkgs, system, ... }: - let - terraform = pkgs.terraform; - - tf-infra-dns = inputs.terranix.lib.terranixConfiguration { - inherit system; - modules = [ ./dns.nix ]; - }; - - tf-infra-nodes = inputs.terranix.lib.terranixConfiguration { - inherit system; - modules = [ - ./host.nix - ./vms.nix - ]; - }; - in { - packages = { - inherit tf-infra-dns tf-infra-nodes; - }; - - apps = { - apply-dns = { - type = "app"; - program = toString (pkgs.writers.writeBash "apply" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${tf-infra-dns} config.tf.json \ - && ${terraform}/bin/terraform init \ - && ${terraform}/bin/terraform apply - ''); - }; - apply-nodes = { - type = "app"; - program = toString (pkgs.writers.writeBash "apply" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${tf-infra-nodes} config.tf.json \ - && ${terraform}/bin/terraform init \ - && ${terraform}/bin/terraform apply - ''); - }; - # nix run ".#destroy" - destroy-dns = { - type = "app"; - program = toString (pkgs.writers.writeBash "destroy" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${tf-infra-dns} config.tf.json \ - && ${terraform}/bin/terraform init \ - && ${terraform}/bin/terraform destroy - ''); - }; - }; - }; -} diff --git a/terraform/dns.tf b/terraform/dns.tf new file mode 100644 index 00000000..355a879e --- /dev/null +++ b/terraform/dns.tf @@ -0,0 +1,190 @@ +# https://registry.terraform.io/providers/namecheap/namecheap/latest/docs +resource "namecheap_domain_records" "pub-solar" { + domain = "pub.solar" + mode = "OVERWRITE" + email_type = "MX" + + record { + hostname = "flora-6" + type = "A" + address = "80.71.153.210" + ttl = 60 + } + record { + hostname = "auth" + type = "CNAME" + address = "nachtigall.pub.solar" + ttl = 60 + } + record { + hostname = "ci" + type = "A" + address = "80.71.153.210" + ttl = 60 + } + record { + hostname = "git" + type = "CNAME" + address = "nachtigall.pub.solar" + ttl = 60 + } + record { + hostname = "stream" + type = "A" + address = "80.71.153.210" + ttl = 60 + } + record { + hostname = "list" + type = "A" + address = "80.71.153.210" + ttl = 60 + } + record { + hostname = "obs-portal" + type = "A" + address = "80.71.153.210" + ttl = 60 + } + record { + hostname = "vpn" + type = "A" + address = "80.71.153.210" + ttl = 60 + } + record { + hostname = "cache" + type = "A" + address = "95.217.225.160" + ttl = 60 + } + record { + hostname = "factorio" + type = "A" + address = "80.244.242.2" + ttl = 60 + } + record { + hostname = "collabora" + type = "A" + address = "80.71.153.210" + ttl = 60 + } + record { + hostname = "@" + type = "CNAME" + address = "nachtigall.pub.solar" + ttl = 60 + } + record { + hostname = "chat" + type = "A" + address = "85.88.23.162" + ttl = 60 + } + record { + hostname = "cloud" + type = "A" + address = "80.71.153.133" + ttl = 60 + } + record { + hostname = "coturn" + type = "A" + address = "80.71.153.239" + ttl = 60 + } + record { + hostname = "hpb" + type = "A" + address = "80.71.153.239" + ttl = 60 + } + record { + hostname = "dimension" + type = "A" + address = "85.88.23.162" + ttl = 60 + } + record { + hostname = "element" + type = "A" + address = "85.88.23.162" + ttl = 60 + } + record { + hostname = "files" + type = "CNAME" + address = "nachtigall.pub.solar" + ttl = 60 + } + record { + hostname = "mastodon" + type = "CNAME" + address = "nachtigall.pub.solar" + ttl = 60 + } + record { + hostname = "matrix" + type = "A" + address = "85.88.23.162" + ttl = 60 + } + record { + hostname = "www" + type = "CNAME" + address = "nachtigall.pub.solar" + ttl = 60 + } + record { + hostname = "@" + type = "TXT" + address = "v=spf1 include:spf.greenbaum.cloud a:list.pub.solar ~all" + } + record { + hostname = "list" + type = "TXT" + address = "v=spf1 a:list.pub.solar ?all" + } + record { + hostname = "_dmarc" + type = "TXT" + address = "v=DMARC1; p=reject;" + } + record { + hostname = "_dmarc.list" + type = "TXT" + address = "v=DMARC1; p=reject;" + } + record { + hostname = "@" + type = "MX" + address = "mx2.greenbaum.cloud." + mx_pref = "0" + } + record { + hostname = "list" + type = "MX" + address = "list.pub.solar" + mx_pref = "0" + } + record { + hostname = "nachtigall" + type = "A" + ttl = 60 + address = "138.201.80.102" + } + record { + hostname = "nachtigall" + type = "AAAA" + ttl = 60 + address = "2a01:4f8:172:1c25::1" + } + record { + hostname = "matrix.test" + type = "CNAME" + address = "nachtigall.pub.solar" + } + # SRV records can only be changed via NameCheap Web UI + # add comment +} diff --git a/terraform/providers.tf b/terraform/providers.tf new file mode 100644 index 00000000..0301fd5c --- /dev/null +++ b/terraform/providers.tf @@ -0,0 +1,13 @@ +terraform { + required_version = "~> 1.2.3" + required_providers { + namecheap = { + source = "namecheap/namecheap" + version = "2.1.0" + } + } +} + +provider "namecheap" { + # Configuration options +} diff --git a/terraform/remote-backend.tf b/terraform/remote-backend.tf new file mode 100644 index 00000000..fcfa35d3 --- /dev/null +++ b/terraform/remote-backend.tf @@ -0,0 +1,7 @@ +# https://www.terraform.io/language/v1.2.x/settings/backends/manta +terraform { + backend "manta" { + path = "pub-solar/nachtigall" + object_name = "terraform.tfstate" + } +}