feat: terraform DNS for namecheap #29

Merged
b12f merged 8 commits from feat/terraform-dns into main 2023-10-29 19:39:35 +00:00
10 changed files with 282 additions and 317 deletions

4
.gitignore vendored
View file

@ -1,3 +1,5 @@
*.tf.json
/tags.*
.direnv
.direnv
.terraform
*.plan

167
dns.nix
View file

@ -1,167 +0,0 @@
{ ... }:
{
# https://registry.terraform.io/providers/namecheap/namecheap/latest/docs
resource."namecheap_domain_records"."pub-solar" = {
domain = "pub.solar";
mode = "OVERWRITE";
email_type = "MX";
record = [
{
hostname = "flora-6";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "auth";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "ci";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "git";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "stream";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "list";
type = "A";
address = "80.71.153.210";
}
{
hostname = "obs-portal";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "vpn";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "cache";
type = "A";
address = "95.217.225.160";
}
{
hostname = "factorio";
type = "A";
address = "80.244.242.2";
}
{
hostname = "collabora";
type = "A";
address = "95.217.225.160";
}
{
hostname = "@";
type = "ALIAS";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
ttl = 300;
}
{
hostname = "chat";
type = "CNAME";
address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "cloud";
type = "CNAME";
address = "nc-web.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "coturn";
type = "CNAME";
address = "nc-hpb.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "hpb";
type = "CNAME";
address = "nc-hpb.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "dimension";
type = "CNAME";
address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "element";
type = "CNAME";
address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "files";
type = "CNAME";
address = "mastodon-proxy.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "mastodon";
type = "CNAME";
address = "mastodon-proxy.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "matrix";
type = "CNAME";
address = "matrix.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.cgn-1.greenbaum.zone.";
}
{
hostname = "www";
type = "CNAME";
address = "flora-6.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.greenbaum.zone.";
}
{
hostname = "@";
type = "TXT";
address = "v=spf1 include:spf.greenbaum.cloud a:list.pub.solar ~all";
}
{
hostname = "list";
type = "TXT";
address = "v=spf1 a:list.pub.solar ?all";
}
{
hostname = "_dmarc";
type = "TXT";
address = "v=DMARC1; p=reject;";
}
{
hostname = "_dmarc.list";
type = "TXT";
address = "v=DMARC1; p=reject;";
}
{
hostname = "@";
type = "MX";
address = "mx2.greenbaum.cloud.";
mx_pref = "0";
}
{
hostname = "list";
type = "MX";
address = "list.pub.solar";
mx_pref = "0";
}
{
hostname = "nachtigall";
type = "A";
address = "138.201.80.102";
}
{
hostname = "nachtigall";
type = "AAAA";
address = "2a01:4f8:172:1c25::1";
}
# SRV records can only be changed via NameCheap Web UI
# add comment
];
};
}

View file

@ -1 +1,23 @@
# Changing DNS entries
### Initial setup
Change into the terraform directory and initialize the terraform providers.
```
cd terraform
cat ~/.config/triton/profiles.d/lev-1-pub_solar.json | grep keyId
export TRITON_KEY_ID=
terraform init
```
Plan your changes using:
```
terraform plan -out pub-solar-infra.plan
```
After verification, apply your changes with:
```
terraform apply "pub-solar-infra.plan"
```

View file

@ -26,38 +26,6 @@
"type": "github"
}
},
"bats-assert": {
"flake": false,
"locked": {
"lastModified": 1636059754,
"narHash": "sha256-ewME0l27ZqfmAwJO4h5biTALc9bDLv7Bl3ftBzBuZwk=",
"owner": "bats-core",
"repo": "bats-assert",
"rev": "34551b1d7f8c7b677c1a66fc0ac140d6223409e5",
"type": "github"
},
"original": {
"owner": "bats-core",
"repo": "bats-assert",
"type": "github"
}
},
"bats-support": {
"flake": false,
"locked": {
"lastModified": 1548869839,
"narHash": "sha256-Gr4ntadr42F2Ks8Pte2D4wNDbijhujuoJi4OPZnTAZU=",
"owner": "bats-core",
"repo": "bats-support",
"rev": "d140a65044b2d6810381935ae7f0c94c7023c8c3",
"type": "github"
},
"original": {
"owner": "bats-core",
"repo": "bats-support",
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
@ -154,21 +122,6 @@
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1634851050,
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c91f3de5adaf1de973b797ef7485e441a65b8935",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -281,6 +234,22 @@
"type": "github"
}
},
"nixpkgs-2205": {
"locked": {
"lastModified": 1685573264,
"narHash": "sha256-Zffu01pONhs/pqH07cjlF10NnMDLok8ix5Uk4rhOnZQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "380be19fbd2d9079f677978361792cb25e8a3635",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
@ -310,7 +279,7 @@
"nix-darwin": "nix-darwin",
"nixos-flake": "nixos-flake",
"nixpkgs": "nixpkgs",
"terranix": "terranix",
"nixpkgs-2205": "nixpkgs-2205",
"unstable": "unstable"
}
},
@ -344,45 +313,6 @@
"type": "github"
}
},
"terranix": {
"inputs": {
"bats-assert": "bats-assert",
"bats-support": "bats-support",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
"terranix-examples": "terranix-examples"
},
"locked": {
"lastModified": 1695406838,
"narHash": "sha256-xiUfVD6rtsVWFotVtUW3Q1nQh4obKzgvpN1wqZuGXvM=",
"owner": "terranix",
"repo": "terranix",
"rev": "fc9077ca02ab5681935dbf0ecd725c4d889b9275",
"type": "github"
},
"original": {
"owner": "terranix",
"repo": "terranix",
"type": "github"
}
},
"terranix-examples": {
"locked": {
"lastModified": 1636300201,
"narHash": "sha256-0n1je1WpiR6XfCsvi8ZK7GrpEnMl+DpwhWaO1949Vbc=",
"owner": "terranix",
"repo": "terranix-examples",
"rev": "a934aa1cf88f6bd6c6ddb4c77b77ec6e1660bd5e",
"type": "github"
},
"original": {
"owner": "terranix",
"repo": "terranix-examples",
"type": "github"
}
},
"unstable": {
"locked": {
"lastModified": 1698318101,

View file

@ -5,6 +5,8 @@
unstable.url = "github:nixos/nixpkgs/nixos-unstable";
mastodon-fork.url = "github:teutat3s/nixpkgs/mastodon-4.2.1";
nixpkgs-2205.url = "github:nixos/nixpkgs/nixos-22.05";
nix-darwin.url = "github:lnl7/nix-darwin/master";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
@ -14,9 +16,6 @@
flake-parts.url = "github:hercules-ci/flake-parts";
nixos-flake.url = "github:srid/nixos-flake";
terranix.url = "github:terranix/terranix";
terranix.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.url = "github:serokell/deploy-rs";
deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
@ -29,13 +28,12 @@
keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = inputs@{ self, terranix, ... }:
outputs = inputs@{ self, ... }:
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
systems = [ "x86_64-linux" "aarch64-linux" ];
imports = [
inputs.nixos-flake.flakeModule
# ./terraform.nix
./public-keys
./lib
./overlays
@ -67,6 +65,7 @@
shfmt
treefmt
nixos-generators
inputs.nixpkgs-2205.legacyPackages.${system}.terraform
];
};
};

View file

@ -1,57 +0,0 @@
{ inputs
, self
, ...
}: {
perSystem = { config, pkgs, system, ... }:
let
terraform = pkgs.terraform;
tf-infra-dns = inputs.terranix.lib.terranixConfiguration {
inherit system;
modules = [ ./dns.nix ];
};
tf-infra-nodes = inputs.terranix.lib.terranixConfiguration {
inherit system;
modules = [
./host.nix
./vms.nix
];
};
in {
packages = {
inherit tf-infra-dns tf-infra-nodes;
};
apps = {
apply-dns = {
type = "app";
program = toString (pkgs.writers.writeBash "apply" ''
if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
cp ${tf-infra-dns} config.tf.json \
&& ${terraform}/bin/terraform init \
&& ${terraform}/bin/terraform apply
'');
};
apply-nodes = {
type = "app";
program = toString (pkgs.writers.writeBash "apply" ''
if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
cp ${tf-infra-nodes} config.tf.json \
&& ${terraform}/bin/terraform init \
&& ${terraform}/bin/terraform apply
'');
};
# nix run ".#destroy"
destroy-dns = {
type = "app";
program = toString (pkgs.writers.writeBash "destroy" ''
if [[ -e config.tf.json ]]; then rm -f config.tf.json; fi
cp ${tf-infra-dns} config.tf.json \
&& ${terraform}/bin/terraform init \
&& ${terraform}/bin/terraform destroy
'');
};
};
};
}

View file

@ -0,0 +1,23 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/namecheap/namecheap" {
version = "2.1.0"
constraints = "2.1.0"
hashes = [
"h1:p8LqzJtI4Mkxhcam2s73eFJzctlAZXZJ0Wwgd51Kyto=",
"zh:3731f5f14a0958cd27a589ef7daa9be786b6490f2309c429eb2e9862aa4ac5f7",
"zh:3cbceb12ec3521d9dfbd890eee731a40f4e1f42de30d28fc1d1e524091148caa",
"zh:44095af1b1d1ee6d4b930e21e3c5bf0f81d9df65fe04f6f1e55d46713c240b21",
"zh:693e169228fe0c5fb1989425b1ad42c1206f8187c9932b4daee5a5c5e851a28e",
"zh:6b04c3c2666db3050f49bc85151496fe33cf852db9ad8fc6f455d1daf0a2bba6",
"zh:85fd126a573cc468f8d5d1b90f4a94f5977ea40623b1c5cd7c799bb95ef233bd",
"zh:99014437ef4e96161b0029efa12f05fa1ab63ff9bc0a255b0a249e17b4f8587a",
"zh:a4d8288ef01d4002a5aa07d1e64e4504757f07d6ada24fbf7d3670ceb24d2871",
"zh:d27f7798cbe1957294bb08459b1fbabe68721cc9cc50afee80bda87ce674dab8",
"zh:d85483f90380829d05b8a2725ce50bf2ee766d6c1cbef223b388d19c5a92dce2",
"zh:ddfecfbefd32e40386b482a2610e4173a52591afea3861f041041439d51d34da",
"zh:f9a10edfe11dbc4947cbb2f0db8935050693d5fff3b6559096288c689c2dd847",
"zh:fae14a74781a94bcaac07b6d533dd9eb1e40c1d152eb6ee49b2a44cdf5740cfe",
]
}

191
terraform/dns.tf Normal file
View file

@ -0,0 +1,191 @@
# https://registry.terraform.io/providers/namecheap/namecheap/latest/docs
resource "namecheap_domain_records" "pub-solar" {
domain = "pub.solar"
mode = "OVERWRITE"
email_type = "MX"
record {
hostname = "flora-6"
type = "A"
address = "80.71.153.210"
ttl = 60
}
record {
hostname = "auth"
type = "CNAME"
address = "nachtigall.pub.solar."
}
record {
hostname = "ci"
type = "A"
address = "80.71.153.210"
ttl = 60
}
record {
hostname = "git"
type = "CNAME"
address = "nachtigall.pub.solar."
}
record {
hostname = "stream"
type = "CNAME"
address = "nachtigall.pub.solar."
}
record {
hostname = "list"
type = "CNAME"
address = "nachtigall.pub.solar."
}
record {
hostname = "obs-portal"
type = "A"
address = "80.71.153.210"
ttl = 60
}
record {
hostname = "vpn"
type = "A"
address = "80.71.153.210"
ttl = 60
}
record {
hostname = "cache"
type = "A"
address = "95.217.225.160"
ttl = 60
}
record {
hostname = "factorio"
type = "A"
address = "80.244.242.2"
ttl = 60
}
record {
hostname = "collabora"
type = "CNAME"
address = "nachtigall.pub.solar."
ttl = 60
}
record {
hostname = "@"
type = "ALIAS"
address = "nachtigall.pub.solar."
ttl = 300
}
record {
hostname = "chat"
type = "A"
address = "85.88.23.162"
ttl = 60
}
record {
hostname = "cloud"
type = "CNAME"
address = "nachtigall.pub.solar."
ttl = 60
}
record {
hostname = "coturn"
type = "A"
address = "80.71.153.239"
ttl = 60
}
record {
hostname = "hpb"
type = "A"
address = "80.71.153.239"
ttl = 60
}
record {
hostname = "dimension"
type = "A"
address = "85.88.23.162"
ttl = 60
}
record {
hostname = "element"
type = "A"
address = "85.88.23.162"
ttl = 60
}
record {
hostname = "files"
type = "CNAME"
address = "nachtigall.pub.solar."
}
record {
hostname = "mastodon"
type = "CNAME"
address = "nachtigall.pub.solar."
}
record {
hostname = "matrix"
type = "A"
address = "85.88.23.162"
ttl = 60
}
record {
hostname = "www"
type = "CNAME"
address = "nachtigall.pub.solar."
}
record {
hostname = "@"
type = "TXT"
address = "v=spf1 include:spf.greenbaum.cloud a:list.pub.solar ~all"
}
record {
hostname = "list"
type = "TXT"
address = "v=spf1 a:list.pub.solar ?all"
}
record {
hostname = "_dmarc"
type = "TXT"
address = "v=DMARC1; p=reject;"
}
record {
hostname = "_dmarc.list"
type = "TXT"
address = "v=DMARC1; p=reject;"
}
record {
hostname = "@"
type = "MX"
address = "mx2.greenbaum.cloud."
mx_pref = "0"
}
record {
hostname = "list"
type = "MX"
address = "list.pub.solar."
mx_pref = "0"
}
record {
hostname = "nachtigall"
type = "A"
address = "138.201.80.102"
}
record {
hostname = "nachtigall"
type = "AAAA"
address = "2a01:4f8:172:1c25::1"
}
record {
hostname = "matrix.test"
type = "CNAME"
address = "nachtigall.pub.solar."
}
record {
hostname = "chat.test"
type = "CNAME"
address = "nachtigall.pub.solar."
}
record {
hostname = "test"
type = "CNAME"
address = "nachtigall.pub.solar."
}
# SRV records can only be changed via NameCheap Web UI
# add comment
}

13
terraform/providers.tf Normal file
View file

@ -0,0 +1,13 @@
terraform {
required_version = "~> 1.2.3"
required_providers {
namecheap = {
source = "namecheap/namecheap"
version = "2.1.0"
}
}
}
provider "namecheap" {
# Configuration options
}

View file

@ -0,0 +1,9 @@
# https://www.terraform.io/language/v1.2.x/settings/backends/manta
terraform {
backend "manta" {
path = "pub-solar/nachtigall"
object_name = "terraform.tfstate"
account = "pub_solar"
url = "https://eu-central.manta.greenbaum.cloud"
}
}