treehouse
/
terraform
19
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: treehouse:main
Branches Tags
treehouse:main
treehouse:feature/glauca
treehouse:chore/delete-test
treehouse:chore/test
..
compare: treehouse:chore/delete-test
Branches Tags
treehouse:main
treehouse:feature/glauca
treehouse:chore/delete-test
treehouse:chore/test

No commits in common. "main" and "chore/delete-test" have entirely different histories.
main ... chore/dele

3 changed files with 22 additions and 41 deletions
Show Stats Expand all files Collapse all files

8
.woodpecker/dns.yml
View File

@ -10,8 +10,8 @@ pipeline:
- cd dns
- terraform init
- terraform validate
- terraform plan -var "token=$LINODE_TOKEN" -var "secret=$GLAUCA_TSIG_SECRET"
secrets: [linode_token, aws_access_key_id, aws_secret_access_key, glauca_tsig_secret]
- terraform plan -var "token=$LINODE_TOKEN"
secrets: [linode_token, aws_access_key_id, aws_secret_access_key]
deploy:
image: alpine:3.16
@ -25,6 +25,6 @@ pipeline:
- cd dns
- terraform init
- terraform validate
- terraform plan -out deploy.plan -var "token=$LINODE_TOKEN" -var "secret=$GLAUCA_TSIG_SECRET"
- terraform plan -out deploy.plan -var "token=$LINODE_TOKEN"
- terraform apply deploy.plan
secrets: [linode_token, aws_access_key_id, aws_secret_access_key, glauca_tsig_secret]
secrets: [linode_token, aws_access_key_id, aws_secret_access_key]

51
dns/main.tf
View File

@ -26,6 +26,23 @@ resource "linode_domain" "treehouse_domain" {
type = "master"
}
// Treehouse cluster: kn-linode-dallas
// TODO(ariadne): Use linode data source to pull the kubernetes ingress
// IP addresses for this
resource "linode_domain_record" "kn_linode_dallas_ingress_v4" {
domain_id = "${linode_domain.treehouse_domain.id}"
name = "kn-linode-dallas.ingress"
record_type = "A"
target = "50.116.20.32"
}
resource "linode_domain_record" "kn_linode_dallas_ingress_v6" {
domain_id = "${linode_domain.treehouse_domain.id}"
name = "kn-linode-dallas.ingress"
record_type = "AAAA"
target = "2600:3c00::f03c:93ff:fee2:d097"
}
// Treehouse cluster: kn-oci-sanjose
// TODO(ariadne): decommission me
resource "linode_domain_record" "kn_oci_sanjose_ingress_v4" {
@ -33,7 +50,6 @@ resource "linode_domain_record" "kn_oci_sanjose_ingress_v4" {
name = "kn-oci-sanjose.ingress"
record_type = "A"
target = "152.67.234.163"
ttl_sec = 30
}
resource "linode_domain_record" "kn_oci_sanjose_ingress_v6" {
@ -41,24 +57,6 @@ resource "linode_domain_record" "kn_oci_sanjose_ingress_v6" {
name = "kn-oci-sanjose.ingress"
record_type = "AAAA"
target = "2603:c024:c000:100::80"
ttl_sec = 30
}
// Treehouse cluster: kn-sfo2
resource "linode_domain_record" "kn_sfo2_ingress_v4" {
domain_id = "${linode_domain.treehouse_domain.id}"
name = "kn-sfo2.ingress"
record_type = "A"
target = "104.250.236.4"
ttl_sec = 30
}
resource "linode_domain_record" "kn_sfo2_ingress_v6" {
domain_id = "${linode_domain.treehouse_domain.id}"
name = "kn-sfo2.ingress"
record_type = "AAAA"
target = "2602:fd37:1:0:104:250:236:4"
ttl_sec = 30
}
// Treehouse services: Gitea
@ -67,7 +65,6 @@ resource "linode_domain_record" "gitea_v4" {
name = "gitea"
record_type = "A"
target = "104.250.236.2"
ttl_sec = 30
}
resource "linode_domain_record" "gitea_v6" {
@ -75,7 +72,6 @@ resource "linode_domain_record" "gitea_v6" {
name = "gitea"
record_type = "AAAA"
target = "2602:fd37:1:0:104:250:236:2"
ttl_sec = 30
}
resource "linode_domain_record" "woodpecker_cname" {
@ -83,7 +79,6 @@ resource "linode_domain_record" "woodpecker_cname" {
name = "woodpecker"
record_type = "CNAME"
target = "gitea.treehouse.systems"
ttl_sec = 30
}
// Treehouse services: Mastodon (running on kn-linode-dallas)
@ -91,8 +86,7 @@ resource "linode_domain_record" "social_cname" {
domain_id = "${linode_domain.treehouse_domain.id}"
name = "social"
record_type = "CNAME"
target = "kn-sfo2.ingress.treehouse.systems"
ttl_sec = 30
target = "kn-linode-dallas.ingress.treehouse.systems"
}
resource "linode_domain_record" "cache_cname" {
@ -100,7 +94,6 @@ resource "linode_domain_record" "cache_cname" {
name = "cache"
record_type = "CNAME"
target = "treehousesystems.b-cdn.net"
ttl_sec = 30
}
// Treehouse services: Discord redirector.
@ -112,7 +105,6 @@ resource "linode_domain_record" "discord_cname" {
name = "discord"
record_type = "CNAME"
target = "kn-oci-sanjose.ingress.treehouse.systems"
ttl_sec = 30
}
// Treehouse services: Minecraft (OVH, managed by Kenneth)
@ -121,7 +113,6 @@ resource "linode_domain_record" "minecraft_cname" {
name = "survival.minecraft"
record_type = "CNAME"
target = "survival.treehouse.fork.run"
ttl_sec = 30
}
// Apex domain settings.
@ -130,7 +121,6 @@ resource "linode_domain_record" "apex_v4" {
name = ""
record_type = "A"
target = "152.67.234.163"
ttl_sec = 30
}
resource "linode_domain_record" "apex_v6" {
@ -138,7 +128,6 @@ resource "linode_domain_record" "apex_v6" {
name = ""
record_type = "AAAA"
target = "2603:c024:c000:100::80"
ttl_sec = 30
}
resource "linode_domain_record" "apex_mx" {
@ -147,7 +136,6 @@ resource "linode_domain_record" "apex_mx" {
record_type = "MX"
target = "mx1.mailbun.net"
priority = "5"
ttl_sec = 30
}
resource "linode_domain_record" "apex_spf" {
@ -155,7 +143,6 @@ resource "linode_domain_record" "apex_spf" {
name = ""
record_type = "TXT"
target = "v=spf1 a mx include:spf.mailbun.net ~all"
ttl_sec = 30
}
resource "linode_domain_record" "apex_dmarc" {
@ -163,7 +150,6 @@ resource "linode_domain_record" "apex_dmarc" {
name = "_dmarc"
record_type = "TXT"
target = "v=DMARC1; p=none; fo=1; rua=mailto:admin@treehouse.systems"
ttl_sec = 30
}
resource "linode_domain_record" "apex_domainkey" {
@ -171,5 +157,4 @@ resource "linode_domain_record" "apex_domainkey" {
name = "mailbun._domainkey"
record_type = "TXT"
target = "v=DKIM1; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJGZN1aCAUd8CqyQA7Akzkvns+Wq/w70ft2xr0B8jFp0DtW8BtyLLAsErpIp5ZTDgReYGgL7cNcSsNQRn+d6ZaOBGlC/gH1T3KYfbsvavOdnbGx9gofi6x8I5QOOLhp7epK5YkaP/Igg58Zm0ni3jdeMCuX+qkJVqn2WVv8IcRtIA3zJrTYOW3lGCj1ieezl5ref+43mFvcUqidToR9XyHNmi1RowmWAofbZASXkNqZiR1P2Jw3s7q6p0fAEz6bODNOmngIlRAaKjBfDVezsaTeQJwsMg9g58GigVTSb9gMHRZon61yxWcCJtcivPug7xAVlVU+MMkDr7MfvUke5KQIDAQAB"
ttl_sec = 30
}

4
dns/variables.tf
View File

@ -1,7 +1,3 @@
variable "token" {
description = "Linode API token"
}
variable "secret" {
description = "TSIG secret"
}