feat: terraform DNS for namecheap #29
167
dns.nix
167
dns.nix
|
@ -1,167 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
# https://registry.terraform.io/providers/namecheap/namecheap/latest/docs
|
||||
resource."namecheap_domain_records"."pub-solar" = {
|
||||
domain = "pub.solar";
|
||||
mode = "OVERWRITE";
|
||||
email_type = "MX";
|
||||
|
||||
record = [
|
||||
{
|
||||
hostname = "flora-6";
|
||||
type = "CNAME";
|
||||
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
|
||||
}
|
||||
{
|
||||
hostname = "auth";
|
||||
type = "CNAME";
|
||||
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
|
||||
}
|
||||
{
|
||||
hostname = "ci";
|
||||
type = "CNAME";
|
||||
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
|
||||
}
|
||||
{
|
||||
hostname = "git";
|
||||
type = "CNAME";
|
||||
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
|
||||
}
|
||||
{
|
||||
hostname = "stream";
|
||||
type = "CNAME";
|
||||
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
|
||||
}
|
||||
{
|
||||
hostname = "list";
|
||||
type = "A";
|
||||
address = "80.71.153.210";
|
||||
}
|
||||
{
|
||||
hostname = "obs-portal";
|
||||
type = "CNAME";
|
||||
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
|
||||
}
|
||||
{
|
||||
hostname = "vpn";
|
||||
type = "CNAME";
|
||||
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
|
||||
}
|
||||
{
|
||||
hostname = "cache";
|
||||
type = "A";
|
||||
address = "95.217.225.160";
|
||||
}
|
||||
{
|
||||
hostname = "factorio";
|
||||
type = "A";
|
||||
address = "80.244.242.2";
|
||||
}
|
||||
{
|
||||
hostname = "collabora";
|
||||
type = "A";
|
||||
address = "95.217.225.160";
|
||||
}
|
||||
{
|
||||
hostname = "@";
|
||||
type = "ALIAS";
|
||||
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
|
||||
ttl = 300;
|
||||
}
|
||||
{
|
||||
hostname = "chat";
|
||||
type = "CNAME";
|
||||
address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
|
||||
}
|
||||
{
|
||||
hostname = "cloud";
|
||||
type = "CNAME";
|
||||
address = "nc-web.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
|
||||
}
|
||||
{
|
||||
hostname = "coturn";
|
||||
type = "CNAME";
|
||||
address = "nc-hpb.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
|
||||
}
|
||||
{
|
||||
hostname = "hpb";
|
||||
type = "CNAME";
|
||||
address = "nc-hpb.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
|
||||
}
|
||||
{
|
||||
hostname = "dimension";
|
||||
type = "CNAME";
|
||||
address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
|
||||
}
|
||||
{
|
||||
hostname = "element";
|
||||
type = "CNAME";
|
||||
address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
|
||||
}
|
||||
{
|
||||
hostname = "files";
|
||||
type = "CNAME";
|
||||
address = "mastodon-proxy.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
|
||||
}
|
||||
{
|
||||
hostname = "mastodon";
|
||||
type = "CNAME";
|
||||
address = "mastodon-proxy.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
|
||||
}
|
||||
{
|
||||
hostname = "matrix";
|
||||
type = "CNAME";
|
||||
address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
|
||||
}
|
||||
{
|
||||
hostname = "www";
|
||||
type = "CNAME";
|
||||
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
|
||||
}
|
||||
{
|
||||
hostname = "@";
|
||||
type = "TXT";
|
||||
address = "v=spf1 include:spf.greenbaum.cloud a:list.pub.solar ~all";
|
||||
}
|
||||
{
|
||||
hostname = "list";
|
||||
type = "TXT";
|
||||
address = "v=spf1 a:list.pub.solar ?all";
|
||||
}
|
||||
{
|
||||
hostname = "_dmarc";
|
||||
type = "TXT";
|
||||
address = "v=DMARC1; p=reject;";
|
||||
}
|
||||
{
|
||||
hostname = "_dmarc.list";
|
||||
type = "TXT";
|
||||
address = "v=DMARC1; p=reject;";
|
||||
}
|
||||
{
|
||||
hostname = "@";
|
||||
type = "MX";
|
||||
address = "mx2.greenbaum.cloud.";
|
||||
mx_pref = "0";
|
||||
}
|
||||
{
|
||||
hostname = "list";
|
||||
type = "MX";
|
||||
address = "list.pub.solar";
|
||||
mx_pref = "0";
|
||||
}
|
||||
{
|
||||
hostname = "nachtigall";
|
||||
type = "A";
|
||||
address = "138.201.80.102";
|
||||
}
|
||||
{
|
||||
hostname = "nachtigall";
|
||||
type = "AAAA";
|
||||
address = "2a01:4f8:172:1c25::1";
|
||||
}
|
||||
# SRV records can only be changed via NameCheap Web UI
|
||||
# add comment
|
||||
];
|
||||
};
|
||||
}
|
87
flake.lock
87
flake.lock
|
@ -26,38 +26,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"bats-assert": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1636059754,
|
||||
"narHash": "sha256-ewME0l27ZqfmAwJO4h5biTALc9bDLv7Bl3ftBzBuZwk=",
|
||||
"owner": "bats-core",
|
||||
"repo": "bats-assert",
|
||||
"rev": "34551b1d7f8c7b677c1a66fc0ac140d6223409e5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "bats-core",
|
||||
"repo": "bats-assert",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"bats-support": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1548869839,
|
||||
"narHash": "sha256-Gr4ntadr42F2Ks8Pte2D4wNDbijhujuoJi4OPZnTAZU=",
|
||||
"owner": "bats-core",
|
||||
"repo": "bats-support",
|
||||
"rev": "d140a65044b2d6810381935ae7f0c94c7023c8c3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "bats-core",
|
||||
"repo": "bats-support",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"deploy-rs": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
|
@ -154,21 +122,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"locked": {
|
||||
"lastModified": 1634851050,
|
||||
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "c91f3de5adaf1de973b797ef7485e441a65b8935",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -310,7 +263,6 @@
|
|||
"nix-darwin": "nix-darwin",
|
||||
"nixos-flake": "nixos-flake",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"terranix": "terranix",
|
||||
"unstable": "unstable"
|
||||
}
|
||||
},
|
||||
|
@ -344,45 +296,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"terranix": {
|
||||
"inputs": {
|
||||
"bats-assert": "bats-assert",
|
||||
"bats-support": "bats-support",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"terranix-examples": "terranix-examples"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1695406838,
|
||||
"narHash": "sha256-xiUfVD6rtsVWFotVtUW3Q1nQh4obKzgvpN1wqZuGXvM=",
|
||||
"owner": "terranix",
|
||||
"repo": "terranix",
|
||||
"rev": "fc9077ca02ab5681935dbf0ecd725c4d889b9275",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "terranix",
|
||||
"repo": "terranix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"terranix-examples": {
|
||||
"locked": {
|
||||
"lastModified": 1636300201,
|
||||
"narHash": "sha256-0n1je1WpiR6XfCsvi8ZK7GrpEnMl+DpwhWaO1949Vbc=",
|
||||
"owner": "terranix",
|
||||
"repo": "terranix-examples",
|
||||
"rev": "a934aa1cf88f6bd6c6ddb4c77b77ec6e1660bd5e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "terranix",
|
||||
"repo": "terranix-examples",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1698318101,
|
||||
|
|
|
@ -14,9 +14,6 @@
|
|||
flake-parts.url = "github:hercules-ci/flake-parts";
|
||||
nixos-flake.url = "github:srid/nixos-flake";
|
||||
|
||||
terranix.url = "github:terranix/terranix";
|
||||
terranix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
deploy-rs.url = "github:serokell/deploy-rs";
|
||||
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
|
@ -29,13 +26,12 @@
|
|||
keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
outputs = inputs@{ self, terranix, ... }:
|
||||
outputs = inputs@{ self, ... }:
|
||||
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
|
||||
systems = [ "x86_64-linux" "aarch64-linux" ];
|
||||
|
||||
imports = [
|
||||
inputs.nixos-flake.flakeModule
|
||||
# ./terraform.nix
|
||||
./public-keys
|
||||
./lib
|
||||
./overlays
|
||||
|
|
|
@ -1,57 +0,0 @@
|
|||
{ inputs
|
||||
, self
|
||||
, ...
|
||||
}: {
|
||||
perSystem = { config, pkgs, system, ... }:
|
||||
let
|
||||
terraform = pkgs.terraform;
|
||||
|
||||
tf-infra-dns = inputs.terranix.lib.terranixConfiguration {
|
||||
inherit system;
|
||||
modules = [ ./dns.nix ];
|
||||
};
|
||||
|
||||
tf-infra-nodes = inputs.terranix.lib.terranixConfiguration {
|
||||
inherit system;
|
||||
modules = [
|
||||
./host.nix
|
||||
./vms.nix
|
||||
];
|
||||
};
|
||||
in {
|
||||
packages = {
|
||||
inherit tf-infra-dns tf-infra-nodes;
|
||||
};
|
||||
|
||||
apps = {
|
||||
apply-dns = {
|
||||
type = "app";
|
||||
program = toString (pkgs.writers.writeBash "apply" ''
|
||||
if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
|
||||
cp ${tf-infra-dns} config.tf.json \
|
||||
&& ${terraform}/bin/terraform init \
|
||||
&& ${terraform}/bin/terraform apply
|
||||
'');
|
||||
};
|
||||
apply-nodes = {
|
||||
type = "app";
|
||||
program = toString (pkgs.writers.writeBash "apply" ''
|
||||
if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
|
||||
cp ${tf-infra-nodes} config.tf.json \
|
||||
&& ${terraform}/bin/terraform init \
|
||||
&& ${terraform}/bin/terraform apply
|
||||
'');
|
||||
};
|
||||
# nix run ".#destroy"
|
||||
destroy-dns = {
|
||||
type = "app";
|
||||
program = toString (pkgs.writers.writeBash "destroy" ''
|
||||
if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
|
||||
cp ${tf-infra-dns} config.tf.json \
|
||||
&& ${terraform}/bin/terraform init \
|
||||
&& ${terraform}/bin/terraform destroy
|
||||
'');
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
190
terraform/dns.tf
Normal file
190
terraform/dns.tf
Normal file
|
@ -0,0 +1,190 @@
|
|||
# https://registry.terraform.io/providers/namecheap/namecheap/latest/docs
|
||||
resource "namecheap_domain_records" "pub-solar" {
|
||||
domain = "pub.solar"
|
||||
mode = "OVERWRITE"
|
||||
email_type = "MX"
|
||||
|
||||
record {
|
||||
hostname = "flora-6"
|
||||
type = "A"
|
||||
address = "80.71.153.210"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "auth"
|
||||
type = "CNAME"
|
||||
address = "nachtigall.pub.solar"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "ci"
|
||||
type = "A"
|
||||
address = "80.71.153.210"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "git"
|
||||
type = "CNAME"
|
||||
address = "nachtigall.pub.solar"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "stream"
|
||||
type = "A"
|
||||
address = "80.71.153.210"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "list"
|
||||
type = "A"
|
||||
address = "80.71.153.210"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "obs-portal"
|
||||
type = "A"
|
||||
address = "80.71.153.210"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "vpn"
|
||||
type = "A"
|
||||
address = "80.71.153.210"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "cache"
|
||||
type = "A"
|
||||
address = "95.217.225.160"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "factorio"
|
||||
type = "A"
|
||||
address = "80.244.242.2"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "collabora"
|
||||
type = "A"
|
||||
address = "80.71.153.210"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "@"
|
||||
type = "CNAME"
|
||||
address = "nachtigall.pub.solar"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "chat"
|
||||
type = "A"
|
||||
address = "85.88.23.162"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "cloud"
|
||||
type = "A"
|
||||
address = "80.71.153.133"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "coturn"
|
||||
type = "A"
|
||||
address = "80.71.153.239"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "hpb"
|
||||
type = "A"
|
||||
address = "80.71.153.239"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "dimension"
|
||||
type = "A"
|
||||
address = "85.88.23.162"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "element"
|
||||
type = "A"
|
||||
address = "85.88.23.162"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "files"
|
||||
type = "CNAME"
|
||||
address = "nachtigall.pub.solar"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "mastodon"
|
||||
type = "CNAME"
|
||||
address = "nachtigall.pub.solar"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "matrix"
|
||||
type = "A"
|
||||
address = "85.88.23.162"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "www"
|
||||
type = "CNAME"
|
||||
address = "nachtigall.pub.solar"
|
||||
ttl = 60
|
||||
}
|
||||
record {
|
||||
hostname = "@"
|
||||
type = "TXT"
|
||||
address = "v=spf1 include:spf.greenbaum.cloud a:list.pub.solar ~all"
|
||||
}
|
||||
record {
|
||||
hostname = "list"
|
||||
type = "TXT"
|
||||
address = "v=spf1 a:list.pub.solar ?all"
|
||||
}
|
||||
record {
|
||||
hostname = "_dmarc"
|
||||
type = "TXT"
|
||||
address = "v=DMARC1; p=reject;"
|
||||
}
|
||||
record {
|
||||
hostname = "_dmarc.list"
|
||||
type = "TXT"
|
||||
address = "v=DMARC1; p=reject;"
|
||||
}
|
||||
record {
|
||||
hostname = "@"
|
||||
type = "MX"
|
||||
address = "mx2.greenbaum.cloud."
|
||||
mx_pref = "0"
|
||||
}
|
||||
record {
|
||||
hostname = "list"
|
||||
type = "MX"
|
||||
address = "list.pub.solar"
|
||||
mx_pref = "0"
|
||||
}
|
||||
record {
|
||||
hostname = "nachtigall"
|
||||
type = "A"
|
||||
ttl = 60
|
||||
address = "138.201.80.102"
|
||||
}
|
||||
record {
|
||||
hostname = "nachtigall"
|
||||
type = "AAAA"
|
||||
ttl = 60
|
||||
address = "2a01:4f8:172:1c25::1"
|
||||
}
|
||||
record {
|
||||
hostname = "matrix.test"
|
||||
type = "CNAME"
|
||||
address = "nachtigall.pub.solar"
|
||||
}
|
||||
# SRV records can only be changed via NameCheap Web UI
|
||||
# add comment
|
||||
}
|
13
terraform/providers.tf
Normal file
13
terraform/providers.tf
Normal file
|
@ -0,0 +1,13 @@
|
|||
terraform {
|
||||
required_version = "~> 1.2.3"
|
||||
required_providers {
|
||||
namecheap = {
|
||||
source = "namecheap/namecheap"
|
||||
version = "2.1.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
provider "namecheap" {
|
||||
# Configuration options
|
||||
}
|
7
terraform/remote-backend.tf
Normal file
7
terraform/remote-backend.tf
Normal file
|
@ -0,0 +1,7 @@
|
|||
# https://www.terraform.io/language/v1.2.x/settings/backends/manta
|
||||
terraform {
|
||||
backend "manta" {
|
||||
path = "pub-solar/nachtigall"
|
||||
object_name = "terraform.tfstate"
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue