Manage tahoe-lafs.org zone and records with OpenTofu

[btlogy]

Closes of #56

This PR is completing the provisioning of the DNS zone for tahoe-lafs.org hosted by Hetzner with all its existing records.

Once deployed, nothing will actually change for the users on internet. But this new zone will allow for a smooth transition if/when the delegation will be changed from Gandi: see trac#4162 for more info.

Hopefully, this will help to make progress on a few open issues, starting with the ones related to MoveOffTrac:

• Deploy and configure Forgejo and its requirements on webforge #44
• Configure webforge to host the new landing page and allow its automatic deployment #45

NOTES:

• We still need a separate issue to deal properly with the credentials used to interact with Hetzner (user, password, 2FA and token).

[github-actions]

ToFu - core

Step	Outcome
✏️ Format	success
🔧 Init ️	success
🔍 Validate	success
📄 Plan	success
🛂 Verify	success
👉 Result	change(s): 17 to add, 0 to change, 0 to destroy.

show change(s)

OpenTofu will perform the following actions:

  # hetznerdns_record.tl-org_buildmaster will be created
  + resource "hetznerdns_record" "tl-org_buildmaster" {
      + id      = (known after apply)
      + name    = "buildmaster"
      + ttl     = 3600
      + type    = "CNAME"
      + value   = "tahoe-lafs.org."
      + zone_id = "nPYVgNdjKGT3UEYCmjZkGJ"
    }

  # hetznerdns_record.tl-org_ipv4 will be created
  + resource "hetznerdns_record" "tl-org_ipv4" {
      + id      = (known after apply)
      + name    = "@"
      + ttl     = 3600
      + type    = "A"
      + value   = "74.207.252.227"
      + zone_id = "nPYVgNdjKGT3UEYCmjZkGJ"
    }

  # hetznerdns_record.tl-org_lists["a-1"] will be created
  + resource "hetznerdns_record" "tl-org_lists" {
      + id      = (known after apply)
      + name    = "lists"
      + ttl     = 3600
      + type    = "A"
      + value   = "140.211.9.53"
      + zone_id = "nPYVgNdjKGT3UEYCmjZkGJ"
    }

  # hetznerdns_record.tl-org_lists["aaaa-1"] will be created
  + resource "hetznerdns_record" "tl-org_lists" {
      + id      = (known after apply)
      + name    = "lists"
      + ttl     = 3600
      + type    = "AAAA"
      + value   = "2605:bc80:3010:104::8cd3:935"
      + zone_id = "nPYVgNdjKGT3UEYCmjZkGJ"
    }

  # hetznerdns_record.tl-org_lists["mx-1"] will be created
  + resource "hetznerdns_record" "tl-org_lists" {
      + id      = (known after apply)
      + name    = "lists"
      + ttl     = 3600
      + type    = "MX"
      + value   = "5 smtp1.osuosl.org."
      + zone_id = "nPYVgNdjKGT3UEYCmjZkGJ"
    }

  # hetznerdns_record.tl-org_lists["mx-2"] will be created
  + resource "hetznerdns_record" "tl-org_lists" {
      + id      = (known after apply)
      + name    = "lists"
      + ttl     = 3600
      + type    = "MX"
      + value   = "5 smtp2.osuosl.org."
      + zone_id = "nPYVgNdjKGT3UEYCmjZkGJ"
    }

  # hetznerdns_record.tl-org_lists["mx-3"] will be created
  + resource "hetznerdns_record" "tl-org_lists" {
      + id      = (known after apply)
      + name    = "lists"
      + ttl     = 3600
      + type    = "MX"
      + value   = "5 smtp3.osuosl.org."
      + zone_id = "nPYVgNdjKGT3UEYCmjZkGJ"
    }

  # hetznerdns_record.tl-org_lists["mx-4"] will be created
  + resource "hetznerdns_record" "tl-org_lists" {
      + id      = (known after apply)
      + name    = "lists"
      + ttl     = 3600
      + type    = "MX"
      + value   = "5 smtp4.osuosl.org."
      + zone_id = "nPYVgNdjKGT3UEYCmjZkGJ"
    }

  # hetznerdns_record.tl-org_lists["txt-1"] will be created
  + resource "hetznerdns_record" "tl-org_lists" {
      + id      = (known after apply)
      + name    = "lists"
      + ttl     = 3600
      + type    = "TXT"
      + value   = "v=spf1 mx include:_spf.osuosl.org ~all"
      + zone_id = "nPYVgNdjKGT3UEYCmjZkGJ"
    }

  # hetznerdns_record.tl-org_mx["50 tahoe-lafs.org."] will be created
  + resource "hetznerdns_record" "tl-org_mx" {
      + id      = (known after apply)
      + name    = "@"
      + ttl     = 3600
      + type    = "MX"
      + value   = "50 tahoe-lafs.org."
      + zone_id = "nPYVgNdjKGT3UEYCmjZkGJ"
    }

  # hetznerdns_record.tl-org_perf["primary"] will be created
  + resource "hetznerdns_record" "tl-org_perf" {
      + id      = (known after apply)
      + name    = "tahoeperf"
      + ttl     = 3600
      + type    = "NS"
      + value   = "ns-cloud1.googledomains.com."
      + zone_id = "nPYVgNdjKGT3UEYCmjZkGJ"
    }

  # hetznerdns_record.tl-org_perf["secondary"] will be created
  + resource "hetznerdns_record" "tl-org_perf" {
      + id      = (known after apply)
      + name    = "tahoeperf"
      + ttl     = 3600
      + type    = "NS"
      + value   = "ns-cloud2.googledomains.com."
      + zone_id = "nPYVgNdjKGT3UEYCmjZkGJ"
    }

  # hetznerdns_record.tl-org_spf1 will be created
  + resource "hetznerdns_record" "tl-org_spf1" {
      + id      = (known after apply)
      + name    = "@"
      + ttl     = 3600
      + type    = "MX"
      + value   = "v=spf1 ip4:74.207.252.227/32"
      + zone_id = "nPYVgNdjKGT3UEYCmjZkGJ"
    }

  # hetznerdns_record.tl-org_testgrid_ipv4 will be created
  + resource "hetznerdns_record" "tl-org_testgrid_ipv4" {
      + id      = (known after apply)
      + name    = "testgrid"
      + ttl     = 3600
      + type    = "A"
      + value   = "37.27.215.216"
      + zone_id = "nPYVgNdjKGT3UEYCmjZkGJ"
    }

  # hetznerdns_record.tl-org_testgrid_ipv6 will be created
  + resource "hetznerdns_record" "tl-org_testgrid_ipv6" {
      + id      = (known after apply)
      + name    = "testgrid"
      + ttl     = 3600
      + type    = "AAAA"
      + value   = "2a01:4f9:c010:d906::1"
      + zone_id = "nPYVgNdjKGT3UEYCmjZkGJ"
    }

  # hetznerdns_record.tl-org_wormhole will be created
  + resource "hetznerdns_record" "tl-org_wormhole" {
      + id      = (known after apply)
      + name    = "wormhole"
      + ttl     = 3600
      + type    = "CNAME"
      + value   = "relay.magic-wormhole.io."
      + zone_id = "nPYVgNdjKGT3UEYCmjZkGJ"
    }

  # hetznerdns_record.tl-org_www will be created
  + resource "hetznerdns_record" "tl-org_www" {
      + id      = (known after apply)
      + name    = "www"
      + ttl     = 3600
      + type    = "CNAME"
      + value   = "tahoe-lafs.org."
      + zone_id = "nPYVgNdjKGT3UEYCmjZkGJ"
    }

Plan: 17 to add, 0 to change, 0 to destroy.

show error(s)

Pusher: @btlogy, Action: pull_request
Workflow: tahoe-lafs/infrastructure/.github/workflows/tf-core.yml@refs/pull/49/merge

[btlogy]

I'm pretty sure we are missing some records. But that the whole point here: we should have them all here for community to see.

Thus, we need to compare the records in this PR with a fresh export/dump from Gandi, which today can only be provided by @warner or @meejah.

[btlogy]

Heads-up following the initial ask from trac#4162, we are still unsure if we get an export of the DNS records as they stands today.

More info on #56...

[btlogy]

@meejah has provided the export from Gandi and I've added some missing records (e.g. builmaster and wormhole).