treehouse
/
terraform
19
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: treehouse:chore/delete-test
Branches Tags
treehouse:main
treehouse:feature/glauca
treehouse:chore/delete-test
treehouse:chore/test
..
compare: treehouse:main
Branches Tags
treehouse:main
treehouse:feature/glauca
treehouse:chore/delete-test
treehouse:chore/test

6 Commits
chore/dele ... main

Author SHA1 Message Date
Ariadne Conill 9882b0a2da dns: decommission kn-linode-dallas ingress
ci/woodpecker/push/dns Pipeline was successful Details
2022-07-30 06:13:03 +00:00
Ariadne Conill 3fa93e7d00 dns: social: switch ingress to kn-sfo2
ci/woodpecker/push/dns Pipeline was successful Details
2022-07-30 05:49:05 +00:00
Ariadne Conill 438ec1367e main: add kn-sfo2 ingress
ci/woodpecker/push/dns Pipeline was successful Details
2022-07-30 04:20:01 +00:00
Ariadne Conill d63adb31b6 variables: add glauca TSIG secret
ci/woodpecker/push/dns Pipeline was successful Details
2022-07-17 20:06:52 +00:00
Ariadne Conill 94a034d9b1 dns: lower TTLs to 30 seconds
ci/woodpecker/push/dns Pipeline was successful Details
2022-07-17 18:57:58 +00:00
Ariadne Conill d42a9863a7 Merge pull request 'delete test record' (#2) from chore/delete-test into main
ci/woodpecker/push/dns Pipeline was successful Details 
Reviewed-on: #2
 2022-06-09 04:29:49 +00:00
3 changed files with 41 additions and 22 deletions
Show Stats Expand all files Collapse all files

8
.woodpecker/dns.yml
View File

@ -10,8 +10,8 @@ pipeline:
- cd dns
- terraform init
- terraform validate
- terraform plan -var "token=$LINODE_TOKEN"
secrets: [linode_token, aws_access_key_id, aws_secret_access_key]
- terraform plan -var "token=$LINODE_TOKEN" -var "secret=$GLAUCA_TSIG_SECRET"
secrets: [linode_token, aws_access_key_id, aws_secret_access_key, glauca_tsig_secret]
deploy:
image: alpine:3.16
@ -25,6 +25,6 @@ pipeline:
- cd dns
- terraform init
- terraform validate
- terraform plan -out deploy.plan -var "token=$LINODE_TOKEN"
- terraform plan -out deploy.plan -var "token=$LINODE_TOKEN" -var "secret=$GLAUCA_TSIG_SECRET"
- terraform apply deploy.plan
secrets: [linode_token, aws_access_key_id, aws_secret_access_key]
secrets: [linode_token, aws_access_key_id, aws_secret_access_key, glauca_tsig_secret]

51
dns/main.tf
View File

@ -26,23 +26,6 @@ resource "linode_domain" "treehouse_domain" {
type = "master"
}
// Treehouse cluster: kn-linode-dallas
// TODO(ariadne): Use linode data source to pull the kubernetes ingress
// IP addresses for this
resource "linode_domain_record" "kn_linode_dallas_ingress_v4" {
domain_id = "${linode_domain.treehouse_domain.id}"
name = "kn-linode-dallas.ingress"
record_type = "A"
target = "50.116.20.32"
}
resource "linode_domain_record" "kn_linode_dallas_ingress_v6" {
domain_id = "${linode_domain.treehouse_domain.id}"
name = "kn-linode-dallas.ingress"
record_type = "AAAA"
target = "2600:3c00::f03c:93ff:fee2:d097"
}
// Treehouse cluster: kn-oci-sanjose
// TODO(ariadne): decommission me
resource "linode_domain_record" "kn_oci_sanjose_ingress_v4" {
@ -50,6 +33,7 @@ resource "linode_domain_record" "kn_oci_sanjose_ingress_v4" {
name = "kn-oci-sanjose.ingress"
record_type = "A"
target = "152.67.234.163"
ttl_sec = 30
}
resource "linode_domain_record" "kn_oci_sanjose_ingress_v6" {
@ -57,6 +41,24 @@ resource "linode_domain_record" "kn_oci_sanjose_ingress_v6" {
name = "kn-oci-sanjose.ingress"
record_type = "AAAA"
target = "2603:c024:c000:100::80"
ttl_sec = 30
}
// Treehouse cluster: kn-sfo2
resource "linode_domain_record" "kn_sfo2_ingress_v4" {
domain_id = "${linode_domain.treehouse_domain.id}"
name = "kn-sfo2.ingress"
record_type = "A"
target = "104.250.236.4"
ttl_sec = 30
}
resource "linode_domain_record" "kn_sfo2_ingress_v6" {
domain_id = "${linode_domain.treehouse_domain.id}"
name = "kn-sfo2.ingress"
record_type = "AAAA"
target = "2602:fd37:1:0:104:250:236:4"
ttl_sec = 30
}
// Treehouse services: Gitea
@ -65,6 +67,7 @@ resource "linode_domain_record" "gitea_v4" {
name = "gitea"
record_type = "A"
target = "104.250.236.2"
ttl_sec = 30
}
resource "linode_domain_record" "gitea_v6" {
@ -72,6 +75,7 @@ resource "linode_domain_record" "gitea_v6" {
name = "gitea"
record_type = "AAAA"
target = "2602:fd37:1:0:104:250:236:2"
ttl_sec = 30
}
resource "linode_domain_record" "woodpecker_cname" {
@ -79,6 +83,7 @@ resource "linode_domain_record" "woodpecker_cname" {
name = "woodpecker"
record_type = "CNAME"
target = "gitea.treehouse.systems"
ttl_sec = 30
}
// Treehouse services: Mastodon (running on kn-linode-dallas)
@ -86,7 +91,8 @@ resource "linode_domain_record" "social_cname" {
domain_id = "${linode_domain.treehouse_domain.id}"
name = "social"
record_type = "CNAME"
target = "kn-linode-dallas.ingress.treehouse.systems"
target = "kn-sfo2.ingress.treehouse.systems"
ttl_sec = 30
}
resource "linode_domain_record" "cache_cname" {
@ -94,6 +100,7 @@ resource "linode_domain_record" "cache_cname" {
name = "cache"
record_type = "CNAME"
target = "treehousesystems.b-cdn.net"
ttl_sec = 30
}
// Treehouse services: Discord redirector.
@ -105,6 +112,7 @@ resource "linode_domain_record" "discord_cname" {
name = "discord"
record_type = "CNAME"
target = "kn-oci-sanjose.ingress.treehouse.systems"
ttl_sec = 30
}
// Treehouse services: Minecraft (OVH, managed by Kenneth)
@ -113,6 +121,7 @@ resource "linode_domain_record" "minecraft_cname" {
name = "survival.minecraft"
record_type = "CNAME"
target = "survival.treehouse.fork.run"
ttl_sec = 30
}
// Apex domain settings.
@ -121,6 +130,7 @@ resource "linode_domain_record" "apex_v4" {
name = ""
record_type = "A"
target = "152.67.234.163"
ttl_sec = 30
}
resource "linode_domain_record" "apex_v6" {
@ -128,6 +138,7 @@ resource "linode_domain_record" "apex_v6" {
name = ""
record_type = "AAAA"
target = "2603:c024:c000:100::80"
ttl_sec = 30
}
resource "linode_domain_record" "apex_mx" {
@ -136,6 +147,7 @@ resource "linode_domain_record" "apex_mx" {
record_type = "MX"
target = "mx1.mailbun.net"
priority = "5"
ttl_sec = 30
}
resource "linode_domain_record" "apex_spf" {
@ -143,6 +155,7 @@ resource "linode_domain_record" "apex_spf" {
name = ""
record_type = "TXT"
target = "v=spf1 a mx include:spf.mailbun.net ~all"
ttl_sec = 30
}
resource "linode_domain_record" "apex_dmarc" {
@ -150,6 +163,7 @@ resource "linode_domain_record" "apex_dmarc" {
name = "_dmarc"
record_type = "TXT"
target = "v=DMARC1; p=none; fo=1; rua=mailto:admin@treehouse.systems"
ttl_sec = 30
}
resource "linode_domain_record" "apex_domainkey" {
@ -157,4 +171,5 @@ resource "linode_domain_record" "apex_domainkey" {
name = "mailbun._domainkey"
record_type = "TXT"
target = "v=DKIM1; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJGZN1aCAUd8CqyQA7Akzkvns+Wq/w70ft2xr0B8jFp0DtW8BtyLLAsErpIp5ZTDgReYGgL7cNcSsNQRn+d6ZaOBGlC/gH1T3KYfbsvavOdnbGx9gofi6x8I5QOOLhp7epK5YkaP/Igg58Zm0ni3jdeMCuX+qkJVqn2WVv8IcRtIA3zJrTYOW3lGCj1ieezl5ref+43mFvcUqidToR9XyHNmi1RowmWAofbZASXkNqZiR1P2Jw3s7q6p0fAEz6bODNOmngIlRAaKjBfDVezsaTeQJwsMg9g58GigVTSb9gMHRZon61yxWcCJtcivPug7xAVlVU+MMkDr7MfvUke5KQIDAQAB"
ttl_sec = 30
}

4
dns/variables.tf
View File

@ -1,3 +1,7 @@
variable "token" {
description = "Linode API token"
}
variable "secret" {
description = "TSIG secret"
}