Skip to content

[DO NOT MERGE] Manage all records in tahoe-lafs.org zone on Hetzner with Tofu #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

[DO NOT MERGE] Manage all records in tahoe-lafs.org zone on Hetzner with Tofu #49

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
575ffe5
Manage tahoe-lafs.org zone and records with OpenTofu
btlogy May 1, 2025
da07f14
Add missing records for the mailing lists
btlogy May 4, 2025
841239a
Reconciliate parent and sub domain from workaround
btlogy May 15, 2025
f3eac84
Add missing records found in the export
btlogy May 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 0 additions & 27 deletions tf/core/dns_of-tl-org.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,30 +1,3 @@
# Hetzner does not support zone for sub-domain like
# `of.tahoe-lafs.org`, so we need to start from the parent
# even if we want to manage only the sub one here

# DNS zone for tahoe-lafs.org
# with 1-hour TTL to support migration
resource "hetznerdns_zone" "tl-org" {
name = "tahoe-lafs.org"
ttl = 3600
}

# NS records of the zone
resource "hetznerdns_record" "tl-org_ns" {
for_each = {
primary = "hydrogen.ns.hetzner.com."
secondary = "oxygen.ns.hetzner.com."
tertiary = "helium.ns.hetzner.de."
}

name = "@"
type = "NS"
value = each.value
zone_id = hetznerdns_zone.tl-org.id
}
# TODO: Move the above in a separate `dns_tl-org.tf` file
# when/if we end up managing the full zone

# Here under should come records in `of.tahoe-lafs.org` only
resource "hetznerdns_record" "tl-org-of_webforge_ipv4" {
name = "webforge.of"
Expand Down
128 changes: 128 additions & 0 deletions tf/core/dns_tl-org.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
# DNS zone for tahoe-lafs.org
# with 1-hour TTL to support migration
resource "hetznerdns_zone" "tl-org" {
name = "tahoe-lafs.org"
ttl = 3600
}

# NS records of the zone
resource "hetznerdns_record" "tl-org_ns" {
for_each = {
primary = "hydrogen.ns.hetzner.com."
secondary = "oxygen.ns.hetzner.com."
tertiary = "helium.ns.hetzner.de."
}

name = "@"
type = "NS"
value = each.value
ttl = hetznerdns_zone.tl-org.ttl
zone_id = hetznerdns_zone.tl-org.id
}

# Other root records of this zone
resource "hetznerdns_record" "tl-org_mx" {
for_each = toset([
"50 tahoe-lafs.org.",
])

name = "@"
type = "MX"
value = each.value
ttl = hetznerdns_zone.tl-org.ttl
zone_id = hetznerdns_zone.tl-org.id
}

resource "hetznerdns_record" "tl-org_spf1" {
name = "@"
type = "MX"
value = "v=spf1 ip4:74.207.252.227/32"
ttl = hetznerdns_zone.tl-org.ttl
zone_id = hetznerdns_zone.tl-org.id
}

resource "hetznerdns_record" "tl-org_ipv4" {
name = "@"
type = "A"
value = "74.207.252.227"
ttl = hetznerdns_zone.tl-org.ttl
zone_id = hetznerdns_zone.tl-org.id
}

# Delegation for tahoeperf sub-domain
resource "hetznerdns_record" "tl-org_perf" {
for_each = {
primary = "ns-cloud1.googledomains.com."
secondary = "ns-cloud2.googledomains.com."
}

name = "tahoeperf"
type = "NS"
value = each.value
ttl = hetznerdns_zone.tl-org.ttl
zone_id = hetznerdns_zone.tl-org.id
}

# Web landing page
resource "hetznerdns_record" "tl-org_www" {
name = "www"
type = "CNAME"
value = "tahoe-lafs.org."
ttl = hetznerdns_zone.tl-org.ttl
zone_id = hetznerdns_zone.tl-org.id
}

# Mailing lists
resource "hetznerdns_record" "tl-org_lists" {
for_each = {
# <type>-<index> = <value>
mx-1 = "5 smtp1.osuosl.org.",
mx-2 = "5 smtp2.osuosl.org.",
mx-3 = "5 smtp3.osuosl.org.",
mx-4 = "5 smtp4.osuosl.org.",
txt-1 = "v=spf1 mx include:_spf.osuosl.org ~all",
a-1 = "140.211.9.53"
aaaa-1 = "2605:bc80:3010:104::8cd3:935"
}

name = "lists"
type = upper(split("-", each.key)[0])
value = each.value
ttl = hetznerdns_zone.tl-org.ttl
zone_id = hetznerdns_zone.tl-org.id
}

# Buildmaster
resource "hetznerdns_record" "tl-org_buildmaster" {
name = "buildmaster"
type = "CNAME"
value = "tahoe-lafs.org."
ttl = hetznerdns_zone.tl-org.ttl
zone_id = hetznerdns_zone.tl-org.id
}

# Wormwhole
resource "hetznerdns_record" "tl-org_wormhole" {
name = "wormhole"
type = "CNAME"
value = "relay.magic-wormhole.io."
ttl = hetznerdns_zone.tl-org.ttl
zone_id = hetznerdns_zone.tl-org.id
}

# Testgrid - trac#4160
resource "hetznerdns_record" "tl-org_testgrid_ipv4" {
name = "testgrid"
type = "A"
value = hcloud_server.testgrid.ipv4_address
ttl = hetznerdns_zone.tl-org.ttl
zone_id = hetznerdns_zone.tl-org.id
}

resource "hetznerdns_record" "tl-org_testgrid_ipv6" {
name = "testgrid"
type = "AAAA"
value = hcloud_server.testgrid.ipv6_address
ttl = hetznerdns_zone.tl-org.ttl
zone_id = hetznerdns_zone.tl-org.id
}
Loading