tf: add DNS management via Gandi

This commit is contained in:
Pierre Bourdon 2024-07-07 20:43:05 +02:00
parent dcd5f68545
commit 4b0a2cd7e5
Signed by: delroth
GPG key ID: 6FB80DCD84DA0F1C
3 changed files with 68 additions and 1 deletions

View file

@ -34,6 +34,7 @@
modules = [
./terraform
{
bagel.gandi.enable = true;
bagel.hydra.enable = true;
}
];

View file

@ -1,6 +1,7 @@
{
imports = [
./common.nix
./gandi.nix
./hydra.nix
./state.nix
];

65
terraform/gandi.nix Normal file
View file

@ -0,0 +1,65 @@
{ lib, config, ... }:
let
inherit (lib) mkEnableOption mkIf tf;
cfg = config.bagel.gandi;
in
{
options.bagel.gandi = {
enable = mkEnableOption "the Gandi DNS configuration";
};
config = mkIf cfg.enable {
terraform.required_providers.gandi = {
version = "~> 2.3.0";
source = "go-gandi/gandi";
};
resource.secret_resource.gandi_pat.lifecycle.prevent_destroy = true;
provider.gandi = {
personal_access_token = tf.ref "resource.secret_resource.gandi_pat.value";
};
resource.gandi_livedns_domain.forkos_org = {
name = "forkos.org";
};
resource.gandi_livedns_record = let
record = name: ttl: type: values: {
inherit name ttl type values;
};
# TODO: make less fragile and have actual unique and stable names
canonicalName = record: let
name = builtins.replaceStrings ["."] ["_"] record.name;
in
"forkos_org_${record.type}_${name}";
forkosRecords = records:
builtins.listToAttrs (map (record: {
name = canonicalName record;
value = record // {
zone = tf.ref "resource.gandi_livedns_domain.forkos_org.id";
};
}) records);
in forkosRecords [
(record "cl" 3600 "A" ["163.172.69.160"])
(record "cl" 3600 "AAAA" ["2001:bc8:38ee:100:1000::10"])
(record "fodwatch" 3600 "A" ["163.172.69.160"])
(record "fodwatch" 3600 "AAAA" ["2001:bc8:38ee:100:1000::30"])
(record "netbox" 3600 "A" ["163.172.69.160"])
(record "netbox" 3600 "AAAA" ["2001:bc8:38ee:100:1000::20"])
(record "gerrit01.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::10"])
(record "fodwatch.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::30"])
(record "meta01.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::20"])
(record "grafana" 3600 "CNAME" ["netbox"])
(record "loki" 3600 "CNAME" ["meta01.infra"])
(record "mimir" 3600 "CNAME" ["grafana"])
];
};
}