From 73f9d84b31992d0d52150e559d64e662233c8645 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 29 Oct 2023 02:51:21 +0200 Subject: [PATCH 1/8] feat: terraform DNS for namecheap initial commit --- dns.nix | 167 ------------------------------- flake.lock | 87 ----------------- flake.nix | 6 +- terraform.nix | 57 ----------- terraform/dns.tf | 190 ++++++++++++++++++++++++++++++++++++ terraform/providers.tf | 13 +++ terraform/remote-backend.tf | 7 ++ 7 files changed, 211 insertions(+), 316 deletions(-) delete mode 100644 dns.nix delete mode 100644 terraform.nix create mode 100644 terraform/dns.tf create mode 100644 terraform/providers.tf create mode 100644 terraform/remote-backend.tf diff --git a/dns.nix b/dns.nix deleted file mode 100644 index 73bbcdb..0000000 --- a/dns.nix +++ /dev/null @@ -1,167 +0,0 @@ -{ ... }: -{ -# https://registry.terraform.io/providers/namecheap/namecheap/latest/docs - resource."namecheap_domain_records"."pub-solar" = { - domain = "pub.solar"; - mode = "OVERWRITE"; - email_type = "MX"; - - record = [ - { - hostname = "flora-6"; - type = "CNAME"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "auth"; - type = "CNAME"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "ci"; - type = "CNAME"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "git"; - type = "CNAME"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "stream"; - type = "CNAME"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "list"; - type = "A"; - address = "80.71.153.210"; - } - { - hostname = "obs-portal"; - type = "CNAME"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "vpn"; - type = "CNAME"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "cache"; - type = "A"; - address = "95.217.225.160"; - } - { - hostname = "factorio"; - type = "A"; - address = "80.244.242.2"; - } - { - hostname = "collabora"; - type = "A"; - address = "95.217.225.160"; - } - { - hostname = "@"; - type = "ALIAS"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - ttl = 300; - } - { - hostname = "chat"; - type = "CNAME"; - address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone."; - } - { - hostname = "cloud"; - type = "CNAME"; - address = "nc-web.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "coturn"; - type = "CNAME"; - address = "nc-hpb.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "hpb"; - type = "CNAME"; - address = "nc-hpb.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "dimension"; - type = "CNAME"; - address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone."; - } - { - hostname = "element"; - type = "CNAME"; - address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone."; - } - { - hostname = "files"; - type = "CNAME"; - address = "mastodon-proxy.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone."; - } - { - hostname = "mastodon"; - type = "CNAME"; - address = "mastodon-proxy.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone."; - } - { - hostname = "matrix"; - type = "CNAME"; - address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone."; - } - { - hostname = "www"; - type = "CNAME"; - address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone."; - } - { - hostname = "@"; - type = "TXT"; - address = "v=spf1 include:spf.greenbaum.cloud a:list.pub.solar ~all"; - } - { - hostname = "list"; - type = "TXT"; - address = "v=spf1 a:list.pub.solar ?all"; - } - { - hostname = "_dmarc"; - type = "TXT"; - address = "v=DMARC1; p=reject;"; - } - { - hostname = "_dmarc.list"; - type = "TXT"; - address = "v=DMARC1; p=reject;"; - } - { - hostname = "@"; - type = "MX"; - address = "mx2.greenbaum.cloud."; - mx_pref = "0"; - } - { - hostname = "list"; - type = "MX"; - address = "list.pub.solar"; - mx_pref = "0"; - } - { - hostname = "nachtigall"; - type = "A"; - address = "138.201.80.102"; - } - { - hostname = "nachtigall"; - type = "AAAA"; - address = "2a01:4f8:172:1c25::1"; - } - # SRV records can only be changed via NameCheap Web UI - # add comment - ]; - }; -} diff --git a/flake.lock b/flake.lock index 9e7b689..e3292e8 100644 --- a/flake.lock +++ b/flake.lock @@ -26,38 +26,6 @@ "type": "github" } }, - "bats-assert": { - "flake": false, - "locked": { - "lastModified": 1636059754, - "narHash": "sha256-ewME0l27ZqfmAwJO4h5biTALc9bDLv7Bl3ftBzBuZwk=", - "owner": "bats-core", - "repo": "bats-assert", - "rev": "34551b1d7f8c7b677c1a66fc0ac140d6223409e5", - "type": "github" - }, - "original": { - "owner": "bats-core", - "repo": "bats-assert", - "type": "github" - } - }, - "bats-support": { - "flake": false, - "locked": { - "lastModified": 1548869839, - "narHash": "sha256-Gr4ntadr42F2Ks8Pte2D4wNDbijhujuoJi4OPZnTAZU=", - "owner": "bats-core", - "repo": "bats-support", - "rev": "d140a65044b2d6810381935ae7f0c94c7023c8c3", - "type": "github" - }, - "original": { - "owner": "bats-core", - "repo": "bats-support", - "type": "github" - } - }, "deploy-rs": { "inputs": { "flake-compat": "flake-compat", @@ -154,21 +122,6 @@ "type": "github" } }, - "flake-utils_2": { - "locked": { - "lastModified": 1634851050, - "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c91f3de5adaf1de973b797ef7485e441a65b8935", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -310,7 +263,6 @@ "nix-darwin": "nix-darwin", "nixos-flake": "nixos-flake", "nixpkgs": "nixpkgs", - "terranix": "terranix", "unstable": "unstable" } }, @@ -344,45 +296,6 @@ "type": "github" } }, - "terranix": { - "inputs": { - "bats-assert": "bats-assert", - "bats-support": "bats-support", - "flake-utils": "flake-utils_2", - "nixpkgs": [ - "nixpkgs" - ], - "terranix-examples": "terranix-examples" - }, - "locked": { - "lastModified": 1695406838, - "narHash": "sha256-xiUfVD6rtsVWFotVtUW3Q1nQh4obKzgvpN1wqZuGXvM=", - "owner": "terranix", - "repo": "terranix", - "rev": "fc9077ca02ab5681935dbf0ecd725c4d889b9275", - "type": "github" - }, - "original": { - "owner": "terranix", - "repo": "terranix", - "type": "github" - } - }, - "terranix-examples": { - "locked": { - "lastModified": 1636300201, - "narHash": "sha256-0n1je1WpiR6XfCsvi8ZK7GrpEnMl+DpwhWaO1949Vbc=", - "owner": "terranix", - "repo": "terranix-examples", - "rev": "a934aa1cf88f6bd6c6ddb4c77b77ec6e1660bd5e", - "type": "github" - }, - "original": { - "owner": "terranix", - "repo": "terranix-examples", - "type": "github" - } - }, "unstable": { "locked": { "lastModified": 1698318101, diff --git a/flake.nix b/flake.nix index 48b6fa1..ee389cb 100644 --- a/flake.nix +++ b/flake.nix @@ -14,9 +14,6 @@ flake-parts.url = "github:hercules-ci/flake-parts"; nixos-flake.url = "github:srid/nixos-flake"; - terranix.url = "github:terranix/terranix"; - terranix.inputs.nixpkgs.follows = "nixpkgs"; - deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; @@ -29,13 +26,12 @@ keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = inputs@{ self, terranix, ... }: + outputs = inputs@{ self, ... }: inputs.flake-parts.lib.mkFlake { inherit inputs; } { systems = [ "x86_64-linux" "aarch64-linux" ]; imports = [ inputs.nixos-flake.flakeModule - # ./terraform.nix ./public-keys ./lib ./overlays diff --git a/terraform.nix b/terraform.nix deleted file mode 100644 index 9dad064..0000000 --- a/terraform.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ inputs -, self -, ... -}: { - perSystem = { config, pkgs, system, ... }: - let - terraform = pkgs.terraform; - - tf-infra-dns = inputs.terranix.lib.terranixConfiguration { - inherit system; - modules = [ ./dns.nix ]; - }; - - tf-infra-nodes = inputs.terranix.lib.terranixConfiguration { - inherit system; - modules = [ - ./host.nix - ./vms.nix - ]; - }; - in { - packages = { - inherit tf-infra-dns tf-infra-nodes; - }; - - apps = { - apply-dns = { - type = "app"; - program = toString (pkgs.writers.writeBash "apply" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${tf-infra-dns} config.tf.json \ - && ${terraform}/bin/terraform init \ - && ${terraform}/bin/terraform apply - ''); - }; - apply-nodes = { - type = "app"; - program = toString (pkgs.writers.writeBash "apply" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${tf-infra-nodes} config.tf.json \ - && ${terraform}/bin/terraform init \ - && ${terraform}/bin/terraform apply - ''); - }; - # nix run ".#destroy" - destroy-dns = { - type = "app"; - program = toString (pkgs.writers.writeBash "destroy" '' - if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi - cp ${tf-infra-dns} config.tf.json \ - && ${terraform}/bin/terraform init \ - && ${terraform}/bin/terraform destroy - ''); - }; - }; - }; -} diff --git a/terraform/dns.tf b/terraform/dns.tf new file mode 100644 index 0000000..355a879 --- /dev/null +++ b/terraform/dns.tf @@ -0,0 +1,190 @@ +# https://registry.terraform.io/providers/namecheap/namecheap/latest/docs +resource "namecheap_domain_records" "pub-solar" { + domain = "pub.solar" + mode = "OVERWRITE" + email_type = "MX" + + record { + hostname = "flora-6" + type = "A" + address = "80.71.153.210" + ttl = 60 + } + record { + hostname = "auth" + type = "CNAME" + address = "nachtigall.pub.solar" + ttl = 60 + } + record { + hostname = "ci" + type = "A" + address = "80.71.153.210" + ttl = 60 + } + record { + hostname = "git" + type = "CNAME" + address = "nachtigall.pub.solar" + ttl = 60 + } + record { + hostname = "stream" + type = "A" + address = "80.71.153.210" + ttl = 60 + } + record { + hostname = "list" + type = "A" + address = "80.71.153.210" + ttl = 60 + } + record { + hostname = "obs-portal" + type = "A" + address = "80.71.153.210" + ttl = 60 + } + record { + hostname = "vpn" + type = "A" + address = "80.71.153.210" + ttl = 60 + } + record { + hostname = "cache" + type = "A" + address = "95.217.225.160" + ttl = 60 + } + record { + hostname = "factorio" + type = "A" + address = "80.244.242.2" + ttl = 60 + } + record { + hostname = "collabora" + type = "A" + address = "80.71.153.210" + ttl = 60 + } + record { + hostname = "@" + type = "CNAME" + address = "nachtigall.pub.solar" + ttl = 60 + } + record { + hostname = "chat" + type = "A" + address = "85.88.23.162" + ttl = 60 + } + record { + hostname = "cloud" + type = "A" + address = "80.71.153.133" + ttl = 60 + } + record { + hostname = "coturn" + type = "A" + address = "80.71.153.239" + ttl = 60 + } + record { + hostname = "hpb" + type = "A" + address = "80.71.153.239" + ttl = 60 + } + record { + hostname = "dimension" + type = "A" + address = "85.88.23.162" + ttl = 60 + } + record { + hostname = "element" + type = "A" + address = "85.88.23.162" + ttl = 60 + } + record { + hostname = "files" + type = "CNAME" + address = "nachtigall.pub.solar" + ttl = 60 + } + record { + hostname = "mastodon" + type = "CNAME" + address = "nachtigall.pub.solar" + ttl = 60 + } + record { + hostname = "matrix" + type = "A" + address = "85.88.23.162" + ttl = 60 + } + record { + hostname = "www" + type = "CNAME" + address = "nachtigall.pub.solar" + ttl = 60 + } + record { + hostname = "@" + type = "TXT" + address = "v=spf1 include:spf.greenbaum.cloud a:list.pub.solar ~all" + } + record { + hostname = "list" + type = "TXT" + address = "v=spf1 a:list.pub.solar ?all" + } + record { + hostname = "_dmarc" + type = "TXT" + address = "v=DMARC1; p=reject;" + } + record { + hostname = "_dmarc.list" + type = "TXT" + address = "v=DMARC1; p=reject;" + } + record { + hostname = "@" + type = "MX" + address = "mx2.greenbaum.cloud." + mx_pref = "0" + } + record { + hostname = "list" + type = "MX" + address = "list.pub.solar" + mx_pref = "0" + } + record { + hostname = "nachtigall" + type = "A" + ttl = 60 + address = "138.201.80.102" + } + record { + hostname = "nachtigall" + type = "AAAA" + ttl = 60 + address = "2a01:4f8:172:1c25::1" + } + record { + hostname = "matrix.test" + type = "CNAME" + address = "nachtigall.pub.solar" + } + # SRV records can only be changed via NameCheap Web UI + # add comment +} diff --git a/terraform/providers.tf b/terraform/providers.tf new file mode 100644 index 0000000..0301fd5 --- /dev/null +++ b/terraform/providers.tf @@ -0,0 +1,13 @@ +terraform { + required_version = "~> 1.2.3" + required_providers { + namecheap = { + source = "namecheap/namecheap" + version = "2.1.0" + } + } +} + +provider "namecheap" { + # Configuration options +} diff --git a/terraform/remote-backend.tf b/terraform/remote-backend.tf new file mode 100644 index 0000000..fcfa35d --- /dev/null +++ b/terraform/remote-backend.tf @@ -0,0 +1,7 @@ +# https://www.terraform.io/language/v1.2.x/settings/backends/manta +terraform { + backend "manta" { + path = "pub-solar/nachtigall" + object_name = "terraform.tfstate" + } +} From 0cc3926aac8ffac4393076a0d37aa791a6a224b0 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 29 Oct 2023 12:38:00 +0100 Subject: [PATCH 2/8] feat: add additional test DNS entries, switch stream to nachtigall --- terraform/dns.tf | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/terraform/dns.tf b/terraform/dns.tf index 355a879..5cc98f8 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -14,7 +14,6 @@ resource "namecheap_domain_records" "pub-solar" { hostname = "auth" type = "CNAME" address = "nachtigall.pub.solar" - ttl = 60 } record { hostname = "ci" @@ -26,19 +25,16 @@ resource "namecheap_domain_records" "pub-solar" { hostname = "git" type = "CNAME" address = "nachtigall.pub.solar" - ttl = 60 } record { hostname = "stream" - type = "A" - address = "80.71.153.210" - ttl = 60 + type = "CNAME" + address = "nachtigall.pub.solar" } record { hostname = "list" - type = "A" - address = "80.71.153.210" - ttl = 60 + type = "CNAME" + address = "nachtigall.pub.solar" } record { hostname = "obs-portal" @@ -116,13 +112,11 @@ resource "namecheap_domain_records" "pub-solar" { hostname = "files" type = "CNAME" address = "nachtigall.pub.solar" - ttl = 60 } record { hostname = "mastodon" type = "CNAME" address = "nachtigall.pub.solar" - ttl = 60 } record { hostname = "matrix" @@ -134,7 +128,6 @@ resource "namecheap_domain_records" "pub-solar" { hostname = "www" type = "CNAME" address = "nachtigall.pub.solar" - ttl = 60 } record { hostname = "@" @@ -171,13 +164,11 @@ resource "namecheap_domain_records" "pub-solar" { record { hostname = "nachtigall" type = "A" - ttl = 60 address = "138.201.80.102" } record { hostname = "nachtigall" type = "AAAA" - ttl = 60 address = "2a01:4f8:172:1c25::1" } record { @@ -185,6 +176,16 @@ resource "namecheap_domain_records" "pub-solar" { type = "CNAME" address = "nachtigall.pub.solar" } + record { + hostname = "chat.test" + type = "CNAME" + address = "nachtigall.pub.solar" + } + record { + hostname = "test" + type = "CNAME" + address = "nachtigall.pub.solar" + } # SRV records can only be changed via NameCheap Web UI # add comment } From cc24383f23119d57882142a394b04dd343db12eb Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 29 Oct 2023 12:46:46 +0100 Subject: [PATCH 3/8] fix: add account and url to manta remote state backend, only TRITON_KEY_ID required in env now. Also add .terraform to gitignore and add terraform lock file --- .gitignore | 3 ++- terraform/.terraform.lock.hcl | 23 +++++++++++++++++++++++ terraform/remote-backend.tf | 2 ++ 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 terraform/.terraform.lock.hcl diff --git a/.gitignore b/.gitignore index cf86910..44f0c69 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ *.tf.json /tags.* -.direnv \ No newline at end of file +.direnv +.terraform diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl new file mode 100644 index 0000000..e007f5b --- /dev/null +++ b/terraform/.terraform.lock.hcl @@ -0,0 +1,23 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/namecheap/namecheap" { + version = "2.1.0" + constraints = "2.1.0" + hashes = [ + "h1:p8LqzJtI4Mkxhcam2s73eFJzctlAZXZJ0Wwgd51Kyto=", + "zh:3731f5f14a0958cd27a589ef7daa9be786b6490f2309c429eb2e9862aa4ac5f7", + "zh:3cbceb12ec3521d9dfbd890eee731a40f4e1f42de30d28fc1d1e524091148caa", + "zh:44095af1b1d1ee6d4b930e21e3c5bf0f81d9df65fe04f6f1e55d46713c240b21", + "zh:693e169228fe0c5fb1989425b1ad42c1206f8187c9932b4daee5a5c5e851a28e", + "zh:6b04c3c2666db3050f49bc85151496fe33cf852db9ad8fc6f455d1daf0a2bba6", + "zh:85fd126a573cc468f8d5d1b90f4a94f5977ea40623b1c5cd7c799bb95ef233bd", + "zh:99014437ef4e96161b0029efa12f05fa1ab63ff9bc0a255b0a249e17b4f8587a", + "zh:a4d8288ef01d4002a5aa07d1e64e4504757f07d6ada24fbf7d3670ceb24d2871", + "zh:d27f7798cbe1957294bb08459b1fbabe68721cc9cc50afee80bda87ce674dab8", + "zh:d85483f90380829d05b8a2725ce50bf2ee766d6c1cbef223b388d19c5a92dce2", + "zh:ddfecfbefd32e40386b482a2610e4173a52591afea3861f041041439d51d34da", + "zh:f9a10edfe11dbc4947cbb2f0db8935050693d5fff3b6559096288c689c2dd847", + "zh:fae14a74781a94bcaac07b6d533dd9eb1e40c1d152eb6ee49b2a44cdf5740cfe", + ] +} diff --git a/terraform/remote-backend.tf b/terraform/remote-backend.tf index fcfa35d..ec9f804 100644 --- a/terraform/remote-backend.tf +++ b/terraform/remote-backend.tf @@ -3,5 +3,7 @@ terraform { backend "manta" { path = "pub-solar/nachtigall" object_name = "terraform.tfstate" + account = "pub_solar" + url = "https://eu-central.manta.greenbaum.cloud" } } From 9cf2ba9d6758f59d3cb18228b5b00e745202ad19 Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Sun, 29 Oct 2023 13:00:23 +0100 Subject: [PATCH 4/8] devshell: Add terraform 1.12 --- flake.lock | 17 +++++++++++++++++ flake.nix | 3 +++ 2 files changed, 20 insertions(+) diff --git a/flake.lock b/flake.lock index e3292e8..d5552e1 100644 --- a/flake.lock +++ b/flake.lock @@ -234,6 +234,22 @@ "type": "github" } }, + "nixpkgs-2205": { + "locked": { + "lastModified": 1685573264, + "narHash": "sha256-Zffu01pONhs/pqH07cjlF10NnMDLok8ix5Uk4rhOnZQ=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "380be19fbd2d9079f677978361792cb25e8a3635", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-22.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-lib": { "locked": { "dir": "lib", @@ -263,6 +279,7 @@ "nix-darwin": "nix-darwin", "nixos-flake": "nixos-flake", "nixpkgs": "nixpkgs", + "nixpkgs-2205": "nixpkgs-2205", "unstable": "unstable" } }, diff --git a/flake.nix b/flake.nix index ee389cb..76ab217 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,8 @@ unstable.url = "github:nixos/nixpkgs/nixos-unstable"; mastodon-fork.url = "github:teutat3s/nixpkgs/mastodon-4.2.1"; + nixpkgs-2205.url = "github:nixos/nixpkgs/nixos-22.05"; + nix-darwin.url = "github:lnl7/nix-darwin/master"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; @@ -63,6 +65,7 @@ shfmt treefmt nixos-generators + inputs.nixpkgs-2205.legacyPackages.${system}.terraform ]; }; }; From 20277f23fff02df06f9226249796311effedeba6 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 29 Oct 2023 16:11:29 +0100 Subject: [PATCH 5/8] feat: add terraform DNS docs --- .gitignore | 1 + docs/dns.md | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/.gitignore b/.gitignore index 44f0c69..4c7daf8 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ /tags.* .direnv .terraform +*.plan diff --git a/docs/dns.md b/docs/dns.md index 0360774..8c1a573 100644 --- a/docs/dns.md +++ b/docs/dns.md @@ -1 +1,23 @@ # Changing DNS entries + +### Initial setup + +Change into the terraform directory and initialize the terraform providers. + +``` +cd terraform +cat ~/.config/triton/profiles.d/lev-1-pub_solar.json | grep keyId +export TRITON_KEY_ID= + +terraform init +``` + +Plan your changes using: +``` +terraform plan -out pub-solar-infra.plan +``` + +After verification, apply your changes with: +``` +terraform apply "pub-solar-infra.plan" +``` From bafa56ea570a7c91f397c0c7bbbda8a4be60d237 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 29 Oct 2023 16:14:43 +0100 Subject: [PATCH 6/8] fix: DNS terraform @ ALIAS, CNAME does not work for the root domain And final dot to nachtigall hostnames to make NameCheap API happy --- terraform/dns.tf | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/terraform/dns.tf b/terraform/dns.tf index 5cc98f8..5fc786e 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -13,7 +13,7 @@ resource "namecheap_domain_records" "pub-solar" { record { hostname = "auth" type = "CNAME" - address = "nachtigall.pub.solar" + address = "nachtigall.pub.solar." } record { hostname = "ci" @@ -24,17 +24,17 @@ resource "namecheap_domain_records" "pub-solar" { record { hostname = "git" type = "CNAME" - address = "nachtigall.pub.solar" + address = "nachtigall.pub.solar." } record { hostname = "stream" type = "CNAME" - address = "nachtigall.pub.solar" + address = "nachtigall.pub.solar." } record { hostname = "list" type = "CNAME" - address = "nachtigall.pub.solar" + address = "nachtigall.pub.solar." } record { hostname = "obs-portal" @@ -68,9 +68,9 @@ resource "namecheap_domain_records" "pub-solar" { } record { hostname = "@" - type = "CNAME" - address = "nachtigall.pub.solar" - ttl = 60 + type = "ALIAS" + address = "nachtigall.pub.solar." + ttl = 300 } record { hostname = "chat" @@ -111,12 +111,12 @@ resource "namecheap_domain_records" "pub-solar" { record { hostname = "files" type = "CNAME" - address = "nachtigall.pub.solar" + address = "nachtigall.pub.solar." } record { hostname = "mastodon" type = "CNAME" - address = "nachtigall.pub.solar" + address = "nachtigall.pub.solar." } record { hostname = "matrix" @@ -127,7 +127,7 @@ resource "namecheap_domain_records" "pub-solar" { record { hostname = "www" type = "CNAME" - address = "nachtigall.pub.solar" + address = "nachtigall.pub.solar." } record { hostname = "@" @@ -158,7 +158,7 @@ resource "namecheap_domain_records" "pub-solar" { record { hostname = "list" type = "MX" - address = "list.pub.solar" + address = "list.pub.solar." mx_pref = "0" } record { @@ -174,17 +174,17 @@ resource "namecheap_domain_records" "pub-solar" { record { hostname = "matrix.test" type = "CNAME" - address = "nachtigall.pub.solar" + address = "nachtigall.pub.solar." } record { hostname = "chat.test" type = "CNAME" - address = "nachtigall.pub.solar" + address = "nachtigall.pub.solar." } record { hostname = "test" type = "CNAME" - address = "nachtigall.pub.solar" + address = "nachtigall.pub.solar." } # SRV records can only be changed via NameCheap Web UI # add comment From c718eff9d665e01b33af69e5b0c9c534fbda3f7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 29 Oct 2023 17:21:57 +0100 Subject: [PATCH 7/8] feat: move cloud dns to nachtigall --- terraform/dns.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/dns.tf b/terraform/dns.tf index 5fc786e..cc9ea8e 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -80,8 +80,8 @@ resource "namecheap_domain_records" "pub-solar" { } record { hostname = "cloud" - type = "A" - address = "80.71.153.133" + type = "CNAME" + address = "nachtigall.pub.solar." ttl = 60 } record { From 7a3b9a8cef8385ef32ee2f3f1a446f73d317323e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 29 Oct 2023 18:29:34 +0100 Subject: [PATCH 8/8] fix: update collabora dns to nachtigall --- terraform/dns.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/dns.tf b/terraform/dns.tf index cc9ea8e..c97b39e 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -62,8 +62,8 @@ resource "namecheap_domain_records" "pub-solar" { } record { hostname = "collabora" - type = "A" - address = "80.71.153.210" + type = "CNAME" + address = "nachtigall.pub.solar." ttl = 60 } record {