terraform/gandi: more sniproxying for bagel-box,meta-01 #67

Merged
raito merged 1 commit from ckie/moarr-v4 into main 2024-07-14 18:44:25 +00:00

View file

@ -29,6 +29,18 @@ in
inherit name ttl type values;
};
proxyRecords = name: ttl: type: values: [
# kurisu.lahfa.xyz running a sniproxy:
(record name ttl "A" ["163.172.69.160"])
(record name ttl type values)
];
# Creates a extra *.p record pointing to the sniproxy
dualProxyRecords = name: ttl: type: values: lib.flatten [
(record name ttl type values)
(proxyRecords "${name}.p" ttl type values)
];
# TODO: make less fragile and have actual unique and stable names
canonicalName = record: let
name = builtins.replaceStrings ["." "@"] ["_" "_root_"] record.name;
@ -41,32 +53,26 @@ in
value = record // {
zone = tf.ref "resource.gandi_livedns_domain.forkos_org.id";
};
}) records);
}) (lib.flatten records));
in forkosRecords ([
# (record "@" 3600 "A" ["163.172.69.160"])
(record "@" 3600 "AAAA" ["2001:bc8:38ee:100:1000::20"])
(record "cl" 3600 "A" ["163.172.69.160"])
(record "cl" 3600 "AAAA" ["2001:bc8:38ee:100:1000::10"])
(dualProxyRecords "bagel-box.infra" 3600 "AAAA" ["2001:bc8:38ee:100:100::1"])
(dualProxyRecords "gerrit01.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::10"])
ckie marked this conversation as resolved Outdated
Outdated
Review

nope those records should not be proxy, they are used for ssh, so they should not have an IPv4 to avoid weird issues SSHing to the proxy endpoint.

nope those records should not be proxy, they are used for ssh, so they should not have an IPv4 to avoid weird issues SSHing to the proxy endpoint.
Outdated
Review

(all the *.infra ones I mean)

(all the `*.infra` ones I mean)
(dualProxyRecords "fodwatch.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::30"])
(dualProxyRecords "meta01.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::20"])
(record "fodwatch" 3600 "A" ["163.172.69.160"])
(record "fodwatch" 3600 "AAAA" ["2001:bc8:38ee:100:1000::30"])
(record "netbox" 3600 "A" ["163.172.69.160"])
(record "netbox" 3600 "AAAA" ["2001:bc8:38ee:100:1000::20"])
(record "bagel-box.infra" 3600 "AAAA" ["2001:bc8:38ee:100:100::1"])
(record "gerrit01.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::10"])
(record "fodwatch.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::30"])
(record "meta01.infra" 3600 "AAAA" ["2001:bc8:38ee:100:1000::20"])
(record "amqp" 3600 "CNAME" ["bagel-box.infra"])
(record "grafana" 3600 "CNAME" ["meta01.infra"])
(record "hydra" 3600 "CNAME" ["bagel-box.infra"])
(record "loki" 3600 "CNAME" ["meta01.infra"])
(record "mimir" 3600 "CNAME" ["meta01.infra"])
(record "matrix" 3600 "CNAME" ["meta01.infra"])
(record "cl" 3600 "CNAME" ["gerrit01.infra.p"])
Outdated
Review

I don't think you can do a CNAME and an A, that's a DNS spec violation I imagine

I don't think you can do a CNAME and an A, that's a DNS spec violation I imagine
(record "fodwatch" 3600 "CNAME" ["fodwatch.infra.p"])
(record "netbox" 3600 "CNAME" ["meta01.infra.p"])
(record "amqp" 3600 "CNAME" ["bagel-box.infra.p"])
(record "grafana" 3600 "CNAME" ["meta01.infra.p"])
(record "hydra" 3600 "CNAME" ["bagel-box.infra.p"])
(record "loki" 3600 "CNAME" ["meta01.infra.p"])
(record "mimir" 3600 "CNAME" ["meta01.infra.p"])
(record "matrix" 3600 "CNAME" ["meta01.infra.p"])
(record "vpn-gw.wob01.infra" 3600 "AAAA" [ "2a01:584:11::2" ])
# TODO: do not hardcode, just reuse the Colmena hive module outputs to generate all the required details.