infra/docs/dns.md

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

62 lines
1.5 KiB
Markdown
Raw Permalink Normal View History

2023-10-28 23:37:31 +00:00
# Changing DNS entries
2023-10-29 15:11:29 +00:00
Our current DNS provider is [namecheap](https://www.namecheap.com/).
We use [OpenTofu](https://opentofu.org) to declaratively manage our pub.solar DNS records.
2023-10-29 15:11:29 +00:00
### Initial setup
You will need to setup the following [namecheap API credentials](https://www.namecheap.com/support/api/intro),
look for "namecheap API key" in the pub.solar Keepass database.
2024-05-08 20:57:07 +00:00
```
NAMECHEAP_API_KEY
NAMECHEAP_API_USER
NAMECHEAP_USER_NAME
```
2024-05-08 20:57:07 +00:00
You will probably also need to add your external IP to the [API allow list](https://ap.www.namecheap.com/settings/tools/apiaccess/whitelisted-ips).
2024-05-08 20:57:07 +00:00
```
dig -4 ip @dns.toys
```
Now, change into the terraform directory and initialize the terraform providers. To decrypt existing state,
search for "terraform state passphrase" in the pub.solar Keepass database.
2023-10-29 15:11:29 +00:00
```
cd terraform
export TF_VAR_state_passphrase=$(secret-tool lookup pub.solar terraform-state-passphrase-dns)
2023-10-29 15:11:29 +00:00
alias tofu="terraform-backend-git --access-logs --tf tofu git terraform"
tofu init
2023-10-29 15:11:29 +00:00
```
Make your changes, e.g. in `dns.tf`.
2024-05-08 20:57:07 +00:00
```
$EDITOR dns.tf
```
2023-10-29 15:11:29 +00:00
Plan your changes using:
2024-05-08 20:57:07 +00:00
2023-10-29 15:11:29 +00:00
```
tofu plan -out pub-solar-infra.plan
2023-10-29 15:11:29 +00:00
```
After verification, apply your changes with:
2024-05-08 20:57:07 +00:00
2023-10-29 15:11:29 +00:00
```
tofu apply "pub-solar-infra.plan"
2023-10-29 15:11:29 +00:00
```
### Useful links
We use terraform-backend-git remote backend with opentofu state encryption for collaboration.
2024-05-08 20:57:07 +00:00
- https://github.com/plumber-cd/terraform-backend-git
- https://opentofu.org/docs/language/state/encryption
Namecheap Terraform provider docs:
2024-05-08 20:57:07 +00:00
- https://registry.terraform.io/providers/namecheap/namecheap/latest/docs