terraform/gandi: more sniproxying for bagel-box,meta-01 #67
|
@ -29,6 +29,18 @@ in
|
||||||
inherit name ttl type values;
|
inherit name ttl type values;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
proxyRecords = name: ttl: type: values: [
|
||||||
|
# kurisu.lahfa.xyz running a sniproxy:
|
||||||
|
(record name ttl "A" ["163.172.69.160"])
|
||||||
|
(record name ttl type values)
|
||||||
|
];
|
||||||
|
|
||||||
|
# Creates a extra *.p record pointing to the sniproxy
|
||||||
|
dualProxyRecords = name: ttl: type: values: lib.flatten [
|
||||||
|
(record name ttl type values)
|
||||||
|
(proxyRecords "${name}.p" ttl type values)
|
||||||
|
];
|
||||||
|
|
||||||
# TODO: make less fragile and have actual unique and stable names
|
# TODO: make less fragile and have actual unique and stable names
|
||||||
canonicalName = record: let
|
canonicalName = record: let
|
||||||
name = builtins.replaceStrings ["." "@"] ["_" "_root_"] record.name;
|
name = builtins.replaceStrings ["." "@"] ["_" "_root_"] record.name;
|
||||||
|
@ -41,32 +53,26 @@ in
|
||||||
value = record // {
|
value = record // {
|
||||||
zone = tf.ref "resource.gandi_livedns_domain.forkos_org.id";
|
zone = tf.ref "resource.gandi_livedns_domain.forkos_org.id";
|
||||||
};
|
};
|
||||||
}) records);
|
}) (lib.flatten records));
|
||||||
|
|
||||||
in forkosRecords ([
|
in forkosRecords ([
|
||||||
# (record "@" 3600 "A" ["163.172.69.160"])
|
# (record "@" 3600 "A" ["163.172.69.160"])
|
||||||
(record "@" 3600 "AAAA" ["2001:bc8:38ee:100:1000::20"])
|
(record "@" 3600 "AAAA" ["2001:bc8:38ee:100:1000::20"])
|
||||||
|
|
||||||
(record "cl" 3600 "A" ["163.172.69.160"])
|
(dualProxyRecords "bagel-box.infra" 3600 "AAAA" ["2001:bc8:38ee:100:100::1"])
|
||||||
(record "cl" 3600 "AAAA" ["2001:bc8:38ee:100:1000::10"])
|
(dualProxyRecords "gerrit01.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::10"])
|
||||||
ckie marked this conversation as resolved
Outdated
|
|||||||
|
(dualProxyRecords "fodwatch.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::30"])
|
||||||
|
(dualProxyRecords "meta01.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::20"])
|
||||||
|
|
||||||
(record "fodwatch" 3600 "A" ["163.172.69.160"])
|
(record "cl" 3600 "CNAME" ["gerrit01.infra.p"])
|
||||||
raito
commented
I don't think you can do a CNAME and an A, that's a DNS spec violation I imagine I don't think you can do a CNAME and an A, that's a DNS spec violation I imagine
|
|||||||
(record "fodwatch" 3600 "AAAA" ["2001:bc8:38ee:100:1000::30"])
|
(record "fodwatch" 3600 "CNAME" ["fodwatch.infra.p"])
|
||||||
|
(record "netbox" 3600 "CNAME" ["meta01.infra.p"])
|
||||||
(record "netbox" 3600 "A" ["163.172.69.160"])
|
(record "amqp" 3600 "CNAME" ["bagel-box.infra.p"])
|
||||||
(record "netbox" 3600 "AAAA" ["2001:bc8:38ee:100:1000::20"])
|
(record "grafana" 3600 "CNAME" ["meta01.infra.p"])
|
||||||
|
(record "hydra" 3600 "CNAME" ["bagel-box.infra.p"])
|
||||||
(record "bagel-box.infra" 3600 "AAAA" ["2001:bc8:38ee:100:100::1"])
|
(record "loki" 3600 "CNAME" ["meta01.infra.p"])
|
||||||
(record "gerrit01.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::10"])
|
(record "mimir" 3600 "CNAME" ["meta01.infra.p"])
|
||||||
(record "fodwatch.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::30"])
|
(record "matrix" 3600 "CNAME" ["meta01.infra.p"])
|
||||||
(record "meta01.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::20"])
|
|
||||||
|
|
||||||
(record "amqp" 3600 "CNAME" ["bagel-box.infra"])
|
|
||||||
(record "grafana" 3600 "CNAME" ["meta01.infra"])
|
|
||||||
(record "hydra" 3600 "CNAME" ["bagel-box.infra"])
|
|
||||||
(record "loki" 3600 "CNAME" ["meta01.infra"])
|
|
||||||
(record "mimir" 3600 "CNAME" ["meta01.infra"])
|
|
||||||
(record "matrix" 3600 "CNAME" ["meta01.infra"])
|
|
||||||
|
|
||||||
(record "vpn-gw.wob01.infra" 3600 "AAAA" [ "2a01:584:11::2" ])
|
(record "vpn-gw.wob01.infra" 3600 "AAAA" [ "2a01:584:11::2" ])
|
||||||
# TODO: do not hardcode, just reuse the Colmena hive module outputs to generate all the required details.
|
# TODO: do not hardcode, just reuse the Colmena hive module outputs to generate all the required details.
|
||||||
|
|
Loading…
Reference in a new issue
nope those records should not be proxy, they are used for ssh, so they should not have an IPv4 to avoid weird issues SSHing to the proxy endpoint.
(all the
*.infra
ones I mean)