@ -45,5 +45,103 @@ in
resource . dnsimple_zone . vzfdfp_de = {
name = " v z f d f p . d e " ;
} ;
resource . dnsimple_zone_record = let
# https://registry.terraform.io/providers/dnsimple/dnsimple/latest/docs/resources/zone_record
canonicalName = zoneName : record : let
# TODO: make less fragile and have actual unique and stable names
normalize = builtins . replaceStrings [ " . " " @ " ] [ " _ " " _ r o o t _ " ] ;
zone = normalize zoneName ;
name = normalize record . name ;
in " ${ zone } _ ${ record . type } _ ${ name } " ;
record = name : ttl : type : value : {
inherit name ttl type value ;
} ;
proxyRecords = name : ttl : type : value : [
# kurisu.lahfa.xyz running a sniproxy:
( record name ttl " A " " 1 6 3 . 1 7 2 . 6 9 . 1 6 0 " )
( record name ttl type value )
] ;
# Creates a extra *.p record pointing to the sniproxy
dualProxyRecords = name : ttl : type : value : lib . flatten [
( record name ttl type value )
( proxyRecords " ${ name } . p " ttl type value )
] ;
domain = zoneName : records :
builtins . listToAttrs ( map ( record : {
name = canonicalName zoneName record ;
value = record // {
zone_name = zoneName ;
} ;
}
) ( lib . flatten records ) ) ;
zones = domains : lib . zipAttrs ( lib . mapAttrsToList ( zoneName : records : domain zoneName records ) domains ) ;
in zones {
" f o r k o s . o r g " = ( [
# (record "@" 300 "A" "163.172.69.160")
( record " @ " 300 " A A A A " " 2 0 0 1 : b c 8 : 3 8 e e : 1 0 0 : 1 0 0 0 : : 2 0 " )
( dualProxyRecords " b a g e l - b o x . i n f r a " 300 " A A A A " " 2 0 0 1 : b c 8 : 3 8 e e : 1 0 0 : 1 0 0 : : 1 " )
( dualProxyRecords " g e r r i t 0 1 . i n f r a " 300 " A A A A " " 2 0 0 1 : b c 8 : 3 8 e e : 1 0 0 : 1 0 0 0 : : 1 0 " )
( dualProxyRecords " m e t a 0 1 . i n f r a " 300 " A A A A " " 2 0 0 1 : b c 8 : 3 8 e e : 1 0 0 : 1 0 0 0 : : 2 0 " )
( dualProxyRecords " f o d w a t c h . i n f r a " 300 " A A A A " " 2 0 0 1 : b c 8 : 3 8 e e : 1 0 0 : 1 0 0 0 : : 3 0 " )
# git.infra.forkos.org exposes opensshd
( dualProxyRecords " g i t . i n f r a " 300 " A A A A " " 2 0 0 1 : b c 8 : 3 8 e e : 1 0 0 : 1 0 0 0 : : 4 1 " )
# git.p.forkos.org exposes forgejo ssh server.
( proxyRecords " g i t . p " 300 " A A A A " " 2 0 0 1 : b c 8 : 3 8 e e : 1 0 0 : 1 0 0 0 : : 4 0 " )
( dualProxyRecords " b u i l d b o t . i n f r a " 300 " A A A A " " 2 0 0 1 : b c 8 : 3 8 e e : 1 0 0 : 1 0 0 0 : : 5 0 " )
( dualProxyRecords " p u b l i c 0 1 . i n f r a " 300 " A A A A " " 2 0 0 1 : b c 8 : 3 8 e e : 1 0 0 : 1 0 0 0 : : 6 0 " )
( record " c l " 300 " C N A M E " " g e r r i t 0 1 . i n f r a . p . f o r k o s . o r g " )
( record " f o d w a t c h " 300 " C N A M E " " f o d w a t c h . i n f r a . p . f o r k o s . o r g " )
# git.p.forkos.org is the proxy variant of the Forgejo server.
( record " g i t " 300 " C N A M E " " g i t . p . f o r k o s . o r g " )
( record " n e t b o x " 300 " C N A M E " " m e t a 0 1 . i n f r a . p . f o r k o s . o r g " )
( record " a m q p " 300 " C N A M E " " b a g e l - b o x . i n f r a . p . f o r k o s . o r g " )
( record " g r a f a n a " 300 " C N A M E " " m e t a 0 1 . i n f r a . p . f o r k o s . o r g " )
( record " h y d r a " 300 " C N A M E " " b u i l d - c o o r d . w o b 0 1 . i n f r a . p . f o r k o s . o r g " )
( record " l o k i " 300 " C N A M E " " m e t a 0 1 . i n f r a . p . f o r k o s . o r g " )
( record " m i m i r " 300 " C N A M E " " m e t a 0 1 . i n f r a . p . f o r k o s . o r g " )
( record " p y r o s c o p e " 300 " C N A M E " " m e t a 0 1 . i n f r a . p . f o r k o s . o r g " )
( record " t e m p o " 300 " C N A M E " " m e t a 0 1 . i n f r a . p . f o r k o s . o r g " )
( record " m a t r i x " 300 " C N A M E " " m e t a 0 1 . i n f r a . p . f o r k o s . o r g " )
( record " a l e r t s " 300 " C N A M E " " m e t a 0 1 . i n f r a . p . f o r k o s . o r g " )
( record " b u i l d b o t " 300 " C N A M E " " b u i l d b o t . i n f r a . p . f o r k o s . o r g " )
( record " b " 300 " C N A M E " " p u b l i c 0 1 . i n f r a . p . f o r k o s . o r g " )
( record " p o s t g r e s " 300 " C N A M E " " b a g e l - b o x . i n f r a . p . f o r k o s . o r g " )
( record " n e w s " 3600 " C N A M E " " p u b l i c 0 1 . i n f r a . p . f o r k o s . o r g " )
# S3 in delroth's basement
( record " c a c h e " 300 " A A A A " " 2 a 0 2 : 1 6 8 : 6 4 2 6 : : 1 2 " ) # smol.delroth.net
( record " c a c h e " 300 " A " " 1 9 5 . 3 9 . 2 4 7 . 1 6 1 " ) # sni proxy
( record " v p n - g w . w o b 0 1 . i n f r a " 300 " A A A A " " 2 a 0 1 : 5 8 4 : 1 1 : : 2 " )
( dualProxyRecords " b u i l d - c o o r d . w o b 0 1 . i n f r a " 300 " A A A A " " 2 a 0 1 : 5 8 4 : 1 1 : : 1 : 1 1 " )
# TODO: do not hardcode, just reuse the Colmena hive module outputs to generate all the required details.
]
++ ( map ( index : record " b u i l d e r - ${ toString index } . w o b 0 1 . i n f r a " 300 " A A A A " " 2 a 0 1 : 5 8 4 : 1 1 : : 1 : ${ toString index } " ) ( genList lib . id 11 ) )
++ (
let
# FIXME: figure out a way to poke `config.services.s3-revproxy` and
# automate the DNS part away?
buckets = [
" c h a n n e l s "
" r e l e a s e s "
" c h a n n e l - s c r i p t s - t e s t "
] ;
in
map ( bucket : record " ${ bucket } " 300 " C N A M E " " p u b l i c 0 1 . i n f r a . p . f o r k o s . o r g " ) buckets
) ) ;
" f l o w e r y . s y s t e m s " = [
( record " " 300 " A L I A S " " n e w s . f o r k o s . o r g " )
] ;
" v z f d f p . d e " = [
] ;
} ;
} ;
}