From 29c1b366c626bf8f0f6bff6ecf8aa0b1d21bb433 Mon Sep 17 00:00:00 2001 From: Maxine Aubrey Date: Tue, 24 Sep 2024 21:10:39 +0200 Subject: [PATCH] feat(dns): migrate forkos.org zone to dnsimple --- terraform/dnsimple.nix | 56 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/terraform/dnsimple.nix b/terraform/dnsimple.nix index 79e6a5c..8236554 100644 --- a/terraform/dnsimple.nix +++ b/terraform/dnsimple.nix @@ -81,6 +81,62 @@ in ) (lib.flatten records)); zones = domains: lib.zipAttrs (lib.mapAttrsToList (zoneName: records: domain zoneName records) domains); in zones { + "forkos.org" = ([ + # (record "@" 300 "A" "163.172.69.160") + (record "@" 300 "AAAA" "2001:bc8:38ee:100:1000::20") + + (dualProxyRecords "bagel-box.infra" 300 "AAAA" "2001:bc8:38ee:100:100::1") + (dualProxyRecords "gerrit01.infra" 300 "AAAA" "2001:bc8:38ee:100:1000::10") + (dualProxyRecords "meta01.infra" 300 "AAAA" "2001:bc8:38ee:100:1000::20") + (dualProxyRecords "fodwatch.infra" 300 "AAAA" "2001:bc8:38ee:100:1000::30") + # git.infra.forkos.org exposes opensshd + (dualProxyRecords "git.infra" 300 "AAAA" "2001:bc8:38ee:100:1000::41") + # git.p.forkos.org exposes forgejo ssh server. + (proxyRecords "git.p" 300 "AAAA" "2001:bc8:38ee:100:1000::40") + (dualProxyRecords "buildbot.infra" 300 "AAAA" "2001:bc8:38ee:100:1000::50") + (dualProxyRecords "public01.infra" 300 "AAAA" "2001:bc8:38ee:100:1000::60") + + (record "cl" 300 "CNAME" "gerrit01.infra.p") + (record "fodwatch" 300 "CNAME" "fodwatch.infra.p") + # git.p.forkos.org is the proxy variant of the Forgejo server. + (record "git" 300 "CNAME" "git.p") + (record "netbox" 300 "CNAME" "meta01.infra.p") + (record "amqp" 300 "CNAME" "bagel-box.infra.p") + (record "grafana" 300 "CNAME" "meta01.infra.p") + (record "hydra" 300 "CNAME" "build-coord.wob01.infra.p") + (record "loki" 300 "CNAME" "meta01.infra.p") + (record "mimir" 300 "CNAME" "meta01.infra.p") + (record "pyroscope" 300 "CNAME" "meta01.infra.p") + (record "tempo" 300 "CNAME" "meta01.infra.p") + (record "matrix" 300 "CNAME" "meta01.infra.p") + (record "alerts" 300 "CNAME" "meta01.infra.p") + (record "buildbot" 300 "CNAME" "buildbot.infra.p") + (record "b" 300 "CNAME" "public01.infra.p") + (record "postgres" 300 "CNAME" "bagel-box.infra.p") + (record "news" 3600 "CNAME" "public01.infra.p") + + # S3 in delroth's basement + (record "cache" 300 "AAAA" "2a02:168:6426::12") # smol.delroth.net + (record "cache" 300 "A" "195.39.247.161") # sni proxy + + (record "vpn-gw.wob01.infra" 300 "AAAA" "2a01:584:11::2") + + (dualProxyRecords "build-coord.wob01.infra" 300 "AAAA" "2a01:584:11::1:11") + # TODO: do not hardcode, just reuse the Colmena hive module outputs to generate all the required details. + ] + ++ (map (index: record "builder-${toString index}.wob01.infra" 300 "AAAA" "2a01:584:11::1:${toString index}") (genList lib.id 11)) + ++ ( + let + # FIXME: figure out a way to poke `config.services.s3-revproxy` and + # automate the DNS part away? + buckets = [ + "channels" + "releases" + "channel-scripts-test" + ]; + in + map (bucket: record "${bucket}" 300 "CNAME" "public01.infra.p") buckets + )); "flowery.systems" = [ (record "" 300 "ALIAS" "news.forkos.org") ]; -- 2.44.1