feat: terraform DNS for namecheap #29

Merged
b12f merged 8 commits from feat/terraform-dns into main 2023-10-29 19:39:35 +00:00
7 changed files with 211 additions and 316 deletions
Showing only changes of commit 73f9d84b31 - Show all commits

167
dns.nix
View file

@ -1,167 +0,0 @@
{ ... }:
{
# https://registry.terraform.io/providers/namecheap/namecheap/latest/docs
resource."namecheap_domain_records"."pub-solar" = {
domain = "pub.solar";
mode = "OVERWRITE";
email_type = "MX";
record = [
{
hostname = "flora-6";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "auth";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "ci";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "git";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "stream";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "list";
type = "A";
address = "80.71.153.210";
}
{
hostname = "obs-portal";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "vpn";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "cache";
type = "A";
address = "95.217.225.160";
}
{
hostname = "factorio";
type = "A";
address = "80.244.242.2";
}
{
hostname = "collabora";
type = "A";
address = "95.217.225.160";
}
{
hostname = "@";
type = "ALIAS";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
ttl = 300;
}
{
hostname = "chat";
type = "CNAME";
address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "cloud";
type = "CNAME";
address = "nc-web.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "coturn";
type = "CNAME";
address = "nc-hpb.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "hpb";
type = "CNAME";
address = "nc-hpb.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "dimension";
type = "CNAME";
address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "element";
type = "CNAME";
address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "files";
type = "CNAME";
address = "mastodon-proxy.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "mastodon";
type = "CNAME";
address = "mastodon-proxy.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "matrix";
type = "CNAME";
address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "www";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "@";
type = "TXT";
address = "v=spf1 include:spf.greenbaum.cloud a:list.pub.solar ~all";
}
{
hostname = "list";
type = "TXT";
address = "v=spf1 a:list.pub.solar ?all";
}
{
hostname = "_dmarc";
type = "TXT";
address = "v=DMARC1; p=reject;";
}
{
hostname = "_dmarc.list";
type = "TXT";
address = "v=DMARC1; p=reject;";
}
{
hostname = "@";
type = "MX";
address = "mx2.greenbaum.cloud.";
mx_pref = "0";
}
{
hostname = "list";
type = "MX";
address = "list.pub.solar";
mx_pref = "0";
}
{
hostname = "nachtigall";
type = "A";
address = "138.201.80.102";
}
{
hostname = "nachtigall";
type = "AAAA";
address = "2a01:4f8:172:1c25::1";
}
# SRV records can only be changed via NameCheap Web UI
# add comment
];
};
}

View file

@ -26,38 +26,6 @@
"type": "github" "type": "github"
} }
}, },
"bats-assert": {
"flake": false,
"locked": {
"lastModified": 1636059754,
"narHash": "sha256-ewME0l27ZqfmAwJO4h5biTALc9bDLv7Bl3ftBzBuZwk=",
"owner": "bats-core",
"repo": "bats-assert",
"rev": "34551b1d7f8c7b677c1a66fc0ac140d6223409e5",
"type": "github"
},
"original": {
"owner": "bats-core",
"repo": "bats-assert",
"type": "github"
}
},
"bats-support": {
"flake": false,
"locked": {
"lastModified": 1548869839,
"narHash": "sha256-Gr4ntadr42F2Ks8Pte2D4wNDbijhujuoJi4OPZnTAZU=",
"owner": "bats-core",
"repo": "bats-support",
"rev": "d140a65044b2d6810381935ae7f0c94c7023c8c3",
"type": "github"
},
"original": {
"owner": "bats-core",
"repo": "bats-support",
"type": "github"
}
},
"deploy-rs": { "deploy-rs": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
@ -154,21 +122,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"locked": {
"lastModified": 1634851050,
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c91f3de5adaf1de973b797ef7485e441a65b8935",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -310,7 +263,6 @@
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nixos-flake": "nixos-flake", "nixos-flake": "nixos-flake",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"terranix": "terranix",
"unstable": "unstable" "unstable": "unstable"
} }
}, },
@ -344,45 +296,6 @@
"type": "github" "type": "github"
} }
}, },
"terranix": {
"inputs": {
"bats-assert": "bats-assert",
"bats-support": "bats-support",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
"terranix-examples": "terranix-examples"
},
"locked": {
"lastModified": 1695406838,
"narHash": "sha256-xiUfVD6rtsVWFotVtUW3Q1nQh4obKzgvpN1wqZuGXvM=",
"owner": "terranix",
"repo": "terranix",
"rev": "fc9077ca02ab5681935dbf0ecd725c4d889b9275",
"type": "github"
},
"original": {
"owner": "terranix",
"repo": "terranix",
"type": "github"
}
},
"terranix-examples": {
"locked": {
"lastModified": 1636300201,
"narHash": "sha256-0n1je1WpiR6XfCsvi8ZK7GrpEnMl+DpwhWaO1949Vbc=",
"owner": "terranix",
"repo": "terranix-examples",
"rev": "a934aa1cf88f6bd6c6ddb4c77b77ec6e1660bd5e",
"type": "github"
},
"original": {
"owner": "terranix",
"repo": "terranix-examples",
"type": "github"
}
},
"unstable": { "unstable": {
"locked": { "locked": {
"lastModified": 1698318101, "lastModified": 1698318101,

View file

@ -14,9 +14,6 @@
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
nixos-flake.url = "github:srid/nixos-flake"; nixos-flake.url = "github:srid/nixos-flake";
terranix.url = "github:terranix/terranix";
terranix.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
@ -29,13 +26,12 @@
keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixpkgs"; keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = inputs@{ self, terranix, ... }: outputs = inputs@{ self, ... }:
inputs.flake-parts.lib.mkFlake { inherit inputs; } { inputs.flake-parts.lib.mkFlake { inherit inputs; } {
systems = [ "x86_64-linux" "aarch64-linux" ]; systems = [ "x86_64-linux" "aarch64-linux" ];
imports = [ imports = [
inputs.nixos-flake.flakeModule inputs.nixos-flake.flakeModule
# ./terraform.nix
./public-keys ./public-keys
./lib ./lib
./overlays ./overlays

View file

@ -1,57 +0,0 @@
{ inputs
, self
, ...
}: {
perSystem = { config, pkgs, system, ... }:
let
terraform = pkgs.terraform;
tf-infra-dns = inputs.terranix.lib.terranixConfiguration {
inherit system;
modules = [ ./dns.nix ];
};
tf-infra-nodes = inputs.terranix.lib.terranixConfiguration {
inherit system;
modules = [
./host.nix
./vms.nix
];
};
in {
packages = {
inherit tf-infra-dns tf-infra-nodes;
};
apps = {
apply-dns = {
type = "app";
program = toString (pkgs.writers.writeBash "apply" ''
if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
cp ${tf-infra-dns} config.tf.json \
&& ${terraform}/bin/terraform init \
&& ${terraform}/bin/terraform apply
'');
};
apply-nodes = {
type = "app";
program = toString (pkgs.writers.writeBash "apply" ''
if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
cp ${tf-infra-nodes} config.tf.json \
&& ${terraform}/bin/terraform init \
&& ${terraform}/bin/terraform apply
'');
};
# nix run ".#destroy"
destroy-dns = {
type = "app";
program = toString (pkgs.writers.writeBash "destroy" ''
if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
cp ${tf-infra-dns} config.tf.json \
&& ${terraform}/bin/terraform init \
&& ${terraform}/bin/terraform destroy
'');
};
};
};
}

190
terraform/dns.tf Normal file
View file

@ -0,0 +1,190 @@
# https://registry.terraform.io/providers/namecheap/namecheap/latest/docs
resource "namecheap_domain_records" "pub-solar" {
domain = "pub.solar"
mode = "OVERWRITE"
email_type = "MX"
record {
hostname = "flora-6"
type = "A"
address = "80.71.153.210"
ttl = 60
}
record {
hostname = "auth"
type = "CNAME"
address = "nachtigall.pub.solar"
ttl = 60
}
record {
hostname = "ci"
type = "A"
address = "80.71.153.210"
ttl = 60
}
record {
hostname = "git"
type = "CNAME"
address = "nachtigall.pub.solar"
ttl = 60
}
record {
hostname = "stream"
type = "A"
address = "80.71.153.210"
ttl = 60
}
record {
hostname = "list"
type = "A"
address = "80.71.153.210"
ttl = 60
}
record {
hostname = "obs-portal"
type = "A"
address = "80.71.153.210"
ttl = 60
}
record {
hostname = "vpn"
type = "A"
address = "80.71.153.210"
ttl = 60
}
record {
hostname = "cache"
type = "A"
address = "95.217.225.160"
ttl = 60
}
record {
hostname = "factorio"
type = "A"
address = "80.244.242.2"
ttl = 60
}
record {
hostname = "collabora"
type = "A"
address = "80.71.153.210"
ttl = 60
}
record {
hostname = "@"
type = "CNAME"
address = "nachtigall.pub.solar"
ttl = 60
}
record {
hostname = "chat"
type = "A"
address = "85.88.23.162"
ttl = 60
}
record {
hostname = "cloud"
type = "A"
address = "80.71.153.133"
ttl = 60
}
record {
hostname = "coturn"
type = "A"
address = "80.71.153.239"
ttl = 60
}
record {
hostname = "hpb"
type = "A"
address = "80.71.153.239"
ttl = 60
}
record {
hostname = "dimension"
type = "A"
address = "85.88.23.162"
ttl = 60
}
record {
hostname = "element"
type = "A"
address = "85.88.23.162"
ttl = 60
}
record {
hostname = "files"
type = "CNAME"
address = "nachtigall.pub.solar"
ttl = 60
}
record {
hostname = "mastodon"
type = "CNAME"
address = "nachtigall.pub.solar"
ttl = 60
}
record {
hostname = "matrix"
type = "A"
address = "85.88.23.162"
ttl = 60
}
record {
hostname = "www"
type = "CNAME"
address = "nachtigall.pub.solar"
ttl = 60
}
record {
hostname = "@"
type = "TXT"
address = "v=spf1 include:spf.greenbaum.cloud a:list.pub.solar ~all"
}
record {
hostname = "list"
type = "TXT"
address = "v=spf1 a:list.pub.solar ?all"
}
record {
hostname = "_dmarc"
type = "TXT"
address = "v=DMARC1; p=reject;"
}
record {
hostname = "_dmarc.list"
type = "TXT"
address = "v=DMARC1; p=reject;"
}
record {
hostname = "@"
type = "MX"
address = "mx2.greenbaum.cloud."
mx_pref = "0"
}
record {
hostname = "list"
type = "MX"
address = "list.pub.solar"
mx_pref = "0"
}
record {
hostname = "nachtigall"
type = "A"
ttl = 60
address = "138.201.80.102"
}
record {
hostname = "nachtigall"
type = "AAAA"
ttl = 60
address = "2a01:4f8:172:1c25::1"
}
record {
hostname = "matrix.test"
type = "CNAME"
address = "nachtigall.pub.solar"
}
# SRV records can only be changed via NameCheap Web UI
# add comment
}

13
terraform/providers.tf Normal file
View file

@ -0,0 +1,13 @@
terraform {
required_version = "~> 1.2.3"
required_providers {
namecheap = {
source = "namecheap/namecheap"
version = "2.1.0"
}
}
}
provider "namecheap" {
# Configuration options
}

View file

@ -0,0 +1,7 @@
# https://www.terraform.io/language/v1.2.x/settings/backends/manta
terraform {
backend "manta" {
path = "pub-solar/nachtigall"
object_name = "terraform.tfstate"
}
}