From 7fb16ee116c14a0d12edee32872cc582ef4e5b1a Mon Sep 17 00:00:00 2001 From: vincent Date: Sun, 17 Sep 2023 18:28:12 +0200 Subject: [PATCH] move to heztner DNS --- infra/.terraform.lock.hcl | 47 +++++--- infra/dns.tf | 197 ++++++++++++++++++++++++++++++++ infra/providers.tf | 7 ++ infra/server.tf | 2 +- infra/variable.tf | 11 +- nomad-job/traefik-ingress.nomad | 4 +- nomad-job/traefik-local.nomad | 8 +- vault/nomad.tf | 2 +- 8 files changed, 252 insertions(+), 26 deletions(-) create mode 100644 infra/dns.tf diff --git a/infra/.terraform.lock.hcl b/infra/.terraform.lock.hcl index 4306fc7..c866312 100644 --- a/infra/.terraform.lock.hcl +++ b/infra/.terraform.lock.hcl @@ -2,22 +2,37 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hetznercloud/hcloud" { - version = "1.35.2" + version = "1.42.1" hashes = [ - "h1:a/DH+2jHvgikSDajup5feRZRUwNw8OT9NBPKezjgM5g=", - "zh:1a7cb8f9cbd51b62bdbb4f36cdb070dd99059d86115c4777193e0f8536798d4d", - "zh:29c104aae7f7a4e1a4aea32febc9caa2d7d86589cd9d01d5b93dbe2cb0a73220", - "zh:29f082195d8f4e4cfb4050fae2ed62ed5616659c6dfaa7b5f1eb42d94d130864", - "zh:3cfe3876763659e27696adcb945e6da2dc2ec014ff8a2e8f0f3e610e3bfd9b73", - "zh:3d967f4b1aef78ffce389dd32cdea4b558ef826cec96ceb4bdafde4bb4a9b655", - "zh:3e160f581f7912c2053f86d6d8a3e3470fcf1fe8228b59ac216a7e40a1dd444c", - "zh:5138022c8b4c8a572e8097749241d929a96d3522e67ce25f86bb9fd51c4b343c", - "zh:5783febc4d8ac4b7fdb49607cab92ad13509d87ad4ca1999067ac3d20e815d12", - "zh:7f8ce9268d48beb5fa0103a8510d4fe644aaac6cd328fc4441dd37e8bdbfadab", - "zh:8ab6aea82657fd6f97d79b41e6cd129a33a47ce727a7d0b52205590fa3785ce1", - "zh:9e4bebe3bbee7875dc2e3ceca3cf0fec3254a8b481c7b96ba9a5d65647ea9092", - "zh:af2a912db9a6fce844ac8c0e695a5d92a5625f2df126129940051a6b1021443d", - "zh:bfe86d80e55f44a99dbbdca9d1caf0c837fe21d91e78674ee36263b7de71fd38", - "zh:d9538a361bd8979c4a87273a82fc5dec7110f3aa7ec69fffb8c70fe8937bc1f4", + "h1:1AGk4CAeqdyF1D4vNyjarKSBoN2z+Y6ubUxzqiyc7qI=", + "zh:002e2e57c1425bb4cf620c6a80732ee071726d0d82d0523c5258dde3222113df", + "zh:03213d79fc2bcd94ac812ca22c1d1d6678132ab957d26a65c84ee52853059c02", + "zh:0785429efdb084cb4e5a0d899112764c21d2260391e82897d7e67c9e5deccc31", + "zh:12a5653b7a00f458b65b89b15d4517f785322ebb65b5a689fa8766042a09184c", + "zh:2dc7464290a623eb599cfbf731d13554448a7a824c2b1db16275f482d9059670", + "zh:35a7e19868a304d77ab192871ccaa45418c13a3aac301df8d9f57c1259913051", + "zh:368202d94a1104895c1d566e3f16edd55e05a09881fd4a20cd4854ca3593fee9", + "zh:431503e5055979aabf520675bb465496d934979c7a687e1cd3c8d2ae27bfa649", + "zh:45cede3c2147cfdc76d53853e07395c05b1feff8dca16a2f8f7f1fd151e2449f", + "zh:8b57869af18982af21f6f816e65e6057ec5055481b220147fdbe0959917ae112", + "zh:be9ba4813dcf640c0df04543a3c74b0db117fbd3dcc26140e252cf5157734945", + "zh:d3fb9ca398a153dc894caa94f95ef2e989350cf2bbfa29bc93ff2608cab44c1f", + "zh:fc690be8cbada1e99063ed1c6148f9a70ab341100a97ad2886f4826a951780d3", + "zh:ffa9470e41fa04ac667d4d830987aeed2070767d57f2414692c2dd395a405fba", + ] +} + +provider "registry.terraform.io/timohirt/hetznerdns" { + version = "2.2.0" + hashes = [ + "h1:HyskQAglrOueur79gSCBgx9MNDOs0tz39aNYQiFgxz8=", + "zh:5bb0ab9f62be3ed92070235e507f3c290491d51391ef4edcc70df53b65a83019", + "zh:5ccdfac7284f5515ac3cff748336b77f21c64760e429e811a1eeefa8ebb86e12", + "zh:687c35665139ae37c291e99085be2e38071f6b355c4e1e8957c5a6a3bcdf9caf", + "zh:6de27f0d0d1513b3a4b7e81923b4a8506c52759bd466e2b4f8156997b0478931", + "zh:85770a9199a4c2d16ca41538d7a0f7a7bfc060678104a1faac19213e6f0a800c", + "zh:a5ff723774a9ccfb27d5766c5e6713537f74dd94496048c89c5d64dba597e59e", + "zh:bf9ab76fd37cb8aebb6868d73cbe8c08cee36fc25224cc1ef5949efa3c34b06c", + "zh:db998fe3bdcd4902e99fa470bb3f355883170cf4c711c8da0b5f1f4510f1be41", ] } diff --git a/infra/dns.tf b/infra/dns.tf new file mode 100644 index 0000000..413b4af --- /dev/null +++ b/infra/dns.tf @@ -0,0 +1,197 @@ +locals { + defaultCname=hcloud_server.HomeLab2[0].name +} + +resource "hetznerdns_zone" "externalZone" { + name = "ducamps.win" + ttl = 1700 +} + + +resource "hetznerdns_record" "rootalias" { + zone_id = hetznerdns_zone.externalZone.id + name = "@" + value = hcloud_server.HomeLab2[0].ipv4_address + type = "A" +} +resource "hetznerdns_record" "MX1" { + zone_id = hetznerdns_zone.externalZone.id + name = "@" + value = "20 spool.mail.gandi.net." + type = "MX" +} +resource "hetznerdns_record" "MX2" { + zone_id = hetznerdns_zone.externalZone.id + name = "@" + value = "50 fb.mail.gandi.net" + type = "MX" +} + +resource "hetznerdns_record" "spf" { + zone_id = hetznerdns_zone.externalZone.id + name = "@" + value = "\"v=spf1 include:_mailcust.gandi.net ~all\"" + type = "TXT" +} +resource "hetznerdns_record" "caldav" { + zone_id = hetznerdns_zone.externalZone.id + name = "_caldavs_tcp" + value = "10 20 443 www.${hetznerdns_zone.externalZone.name}" + type = "SRV" +} +resource "hetznerdns_record" "carddavs" { + zone_id = hetznerdns_zone.externalZone.id + name = "_carddavs_tcp" + value = "10 20 443 www.${hetznerdns_zone.externalZone.name}" + type = "SRV" +} +resource "hetznerdns_record" "server" { + zone_id = hetznerdns_zone.externalZone.id + name = local.defaultCname + value = hcloud_server.HomeLab2[0].ipv4_address + type = "A" +} + +resource "hetznerdns_record" "dendrite" { + zone_id = hetznerdns_zone.externalZone.id + name = "dendrite" + value = local.defaultCname + type = "CNAME" +} + +resource "hetznerdns_record" "diskstation" { + zone_id = hetznerdns_zone.externalZone.id + name = "diskstation" + value = local.defaultCname + type = "CNAME" +} + +resource "hetznerdns_record" "drone" { + zone_id = hetznerdns_zone.externalZone.id + name = "drone" + value = local.defaultCname + type = "CNAME" +} + +resource "hetznerdns_record" "file" { + zone_id = hetznerdns_zone.externalZone.id + name = "file" + value = local.defaultCname + type = "CNAME" +} + +resource "hetznerdns_record" "ghostfolio" { + zone_id = hetznerdns_zone.externalZone.id + name = "ghostfolio" + value = local.defaultCname + type = "CNAME" +} + +resource "hetznerdns_record" "git" { + zone_id = hetznerdns_zone.externalZone.id + name = "git" + value = local.defaultCname + type = "CNAME" +} + +resource "hetznerdns_record" "grafana" { + zone_id = hetznerdns_zone.externalZone.id + name = "grafana" + value = local.defaultCname + type = "CNAME" +} + +resource "hetznerdns_record" "hass" { + zone_id = hetznerdns_zone.externalZone.id + name = "hass" + value = local.defaultCname + type = "CNAME" +} + +resource "hetznerdns_record" "jellyfin" { + zone_id = hetznerdns_zone.externalZone.id + name = "jellyfin" + value = local.defaultCname + type = "CNAME" +} + +resource "hetznerdns_record" "supysonic" { + zone_id = hetznerdns_zone.externalZone.id + name = "supysonic" + value = local.defaultCname + type = "CNAME" +} + +resource "hetznerdns_record" "syno" { + zone_id = hetznerdns_zone.externalZone.id + name = "syno" + value = local.defaultCname + type = "CNAME" +} + +resource "hetznerdns_record" "vault" { + zone_id = hetznerdns_zone.externalZone.id + name = "vault" + value = local.defaultCname + type = "CNAME" +} + +resource "hetznerdns_record" "vikunja" { + zone_id = hetznerdns_zone.externalZone.id + name = "vikunja" + value = local.defaultCname + type = "CNAME" +} + +resource "hetznerdns_record" "www" { + zone_id = hetznerdns_zone.externalZone.id + name = "www" + value = local.defaultCname + type = "CNAME" +} + +resource "hetznerdns_record" "ww" { + zone_id = hetznerdns_zone.externalZone.id + name = "ww" + value = local.defaultCname + type = "CNAME" +} + +resource "hetznerdns_record" "gm1" { + zone_id = hetznerdns_zone.externalZone.id + name = "gm1._domainkey" + value = "gm1.gandimail.net" + type = "CNAME" +} + +resource "hetznerdns_record" "gm2" { + zone_id = hetznerdns_zone.externalZone.id + name = "gm2._domainkey" + value = "gm2.gandimail.net" + type = "CNAME" +} + +resource "hetznerdns_record" "gm3" { + zone_id = hetznerdns_zone.externalZone.id + name = "gm3._domainkey" + value = "gm3.gandimail.net" + type = "CNAME" +} + + +resource "hetznerdns_record" "imap" { + zone_id = hetznerdns_zone.externalZone.id + name = "imap" + value = "mail.gandi.net." + type = "CNAME" +} + +resource "hetznerdns_record" "smtp" { + zone_id = hetznerdns_zone.externalZone.id + name = "smtp" + value = "mail.gandi.net" + type = "CNAME" +} + + + diff --git a/infra/providers.tf b/infra/providers.tf index fe10d82..44de7b8 100644 --- a/infra/providers.tf +++ b/infra/providers.tf @@ -1,8 +1,12 @@ terraform { + required_providers { hcloud = { source = "hetznercloud/hcloud" } + hetznerdns = { + source="timohirt/hetznerdns" + } } backend "consul" { path = "terraform/infra" @@ -13,3 +17,6 @@ terraform { provider "hcloud" { token = var.hcloud_token } +provider "hetznerdns" { + apitoken = var.hdns_token +} diff --git a/infra/server.tf b/infra/server.tf index 6847c54..ce0b8c6 100644 --- a/infra/server.tf +++ b/infra/server.tf @@ -1,7 +1,7 @@ resource "hcloud_server" "HomeLab2" { count = var.instances name = "corwin" - image = "rocky-9" + image = var.os_type server_type = var.server_type location = var.location ssh_keys = [hcloud_ssh_key.default.id] diff --git a/infra/variable.tf b/infra/variable.tf index 0221671..75cab18 100644 --- a/infra/variable.tf +++ b/infra/variable.tf @@ -1,19 +1,26 @@ variable "hcloud_token" { + type = string # default = } - +variable "hdns_token" { + type=string +} variable "location" { + type=string default = "hel1" } variable "instances" { + type=number default = "1" } variable "server_type" { + type=string default = "cpx11" } variable "os_type" { - default = "rocky-8" + type=string + default = "rocky-9" } diff --git a/nomad-job/traefik-ingress.nomad b/nomad-job/traefik-ingress.nomad index 9e3c7b7..41dd504 100644 --- a/nomad-job/traefik-ingress.nomad +++ b/nomad-job/traefik-ingress.nomad @@ -27,7 +27,7 @@ job "traefik-ingress" { } } vault { - policies = ["gandi"] + policies = ["traefik"] } task "traefik" { driver = "docker" @@ -74,7 +74,7 @@ job "traefik-ingress" { } template { data = <