move to heztner DNS
Some checks failed
continuous-integration/drone/push Build is failing

This commit is contained in:
vincent 2023-09-17 18:28:12 +02:00
parent b4e76f9325
commit 7fb16ee116
8 changed files with 252 additions and 26 deletions

View File

@ -2,22 +2,37 @@
# Manual edits may be lost in future updates. # Manual edits may be lost in future updates.
provider "registry.terraform.io/hetznercloud/hcloud" { provider "registry.terraform.io/hetznercloud/hcloud" {
version = "1.35.2" version = "1.42.1"
hashes = [ hashes = [
"h1:a/DH+2jHvgikSDajup5feRZRUwNw8OT9NBPKezjgM5g=", "h1:1AGk4CAeqdyF1D4vNyjarKSBoN2z+Y6ubUxzqiyc7qI=",
"zh:1a7cb8f9cbd51b62bdbb4f36cdb070dd99059d86115c4777193e0f8536798d4d", "zh:002e2e57c1425bb4cf620c6a80732ee071726d0d82d0523c5258dde3222113df",
"zh:29c104aae7f7a4e1a4aea32febc9caa2d7d86589cd9d01d5b93dbe2cb0a73220", "zh:03213d79fc2bcd94ac812ca22c1d1d6678132ab957d26a65c84ee52853059c02",
"zh:29f082195d8f4e4cfb4050fae2ed62ed5616659c6dfaa7b5f1eb42d94d130864", "zh:0785429efdb084cb4e5a0d899112764c21d2260391e82897d7e67c9e5deccc31",
"zh:3cfe3876763659e27696adcb945e6da2dc2ec014ff8a2e8f0f3e610e3bfd9b73", "zh:12a5653b7a00f458b65b89b15d4517f785322ebb65b5a689fa8766042a09184c",
"zh:3d967f4b1aef78ffce389dd32cdea4b558ef826cec96ceb4bdafde4bb4a9b655", "zh:2dc7464290a623eb599cfbf731d13554448a7a824c2b1db16275f482d9059670",
"zh:3e160f581f7912c2053f86d6d8a3e3470fcf1fe8228b59ac216a7e40a1dd444c", "zh:35a7e19868a304d77ab192871ccaa45418c13a3aac301df8d9f57c1259913051",
"zh:5138022c8b4c8a572e8097749241d929a96d3522e67ce25f86bb9fd51c4b343c", "zh:368202d94a1104895c1d566e3f16edd55e05a09881fd4a20cd4854ca3593fee9",
"zh:5783febc4d8ac4b7fdb49607cab92ad13509d87ad4ca1999067ac3d20e815d12", "zh:431503e5055979aabf520675bb465496d934979c7a687e1cd3c8d2ae27bfa649",
"zh:7f8ce9268d48beb5fa0103a8510d4fe644aaac6cd328fc4441dd37e8bdbfadab", "zh:45cede3c2147cfdc76d53853e07395c05b1feff8dca16a2f8f7f1fd151e2449f",
"zh:8ab6aea82657fd6f97d79b41e6cd129a33a47ce727a7d0b52205590fa3785ce1", "zh:8b57869af18982af21f6f816e65e6057ec5055481b220147fdbe0959917ae112",
"zh:9e4bebe3bbee7875dc2e3ceca3cf0fec3254a8b481c7b96ba9a5d65647ea9092", "zh:be9ba4813dcf640c0df04543a3c74b0db117fbd3dcc26140e252cf5157734945",
"zh:af2a912db9a6fce844ac8c0e695a5d92a5625f2df126129940051a6b1021443d", "zh:d3fb9ca398a153dc894caa94f95ef2e989350cf2bbfa29bc93ff2608cab44c1f",
"zh:bfe86d80e55f44a99dbbdca9d1caf0c837fe21d91e78674ee36263b7de71fd38", "zh:fc690be8cbada1e99063ed1c6148f9a70ab341100a97ad2886f4826a951780d3",
"zh:d9538a361bd8979c4a87273a82fc5dec7110f3aa7ec69fffb8c70fe8937bc1f4", "zh:ffa9470e41fa04ac667d4d830987aeed2070767d57f2414692c2dd395a405fba",
]
}
provider "registry.terraform.io/timohirt/hetznerdns" {
version = "2.2.0"
hashes = [
"h1:HyskQAglrOueur79gSCBgx9MNDOs0tz39aNYQiFgxz8=",
"zh:5bb0ab9f62be3ed92070235e507f3c290491d51391ef4edcc70df53b65a83019",
"zh:5ccdfac7284f5515ac3cff748336b77f21c64760e429e811a1eeefa8ebb86e12",
"zh:687c35665139ae37c291e99085be2e38071f6b355c4e1e8957c5a6a3bcdf9caf",
"zh:6de27f0d0d1513b3a4b7e81923b4a8506c52759bd466e2b4f8156997b0478931",
"zh:85770a9199a4c2d16ca41538d7a0f7a7bfc060678104a1faac19213e6f0a800c",
"zh:a5ff723774a9ccfb27d5766c5e6713537f74dd94496048c89c5d64dba597e59e",
"zh:bf9ab76fd37cb8aebb6868d73cbe8c08cee36fc25224cc1ef5949efa3c34b06c",
"zh:db998fe3bdcd4902e99fa470bb3f355883170cf4c711c8da0b5f1f4510f1be41",
] ]
} }

197
infra/dns.tf Normal file
View File

@ -0,0 +1,197 @@
locals {
defaultCname=hcloud_server.HomeLab2[0].name
}
resource "hetznerdns_zone" "externalZone" {
name = "ducamps.win"
ttl = 1700
}
resource "hetznerdns_record" "rootalias" {
zone_id = hetznerdns_zone.externalZone.id
name = "@"
value = hcloud_server.HomeLab2[0].ipv4_address
type = "A"
}
resource "hetznerdns_record" "MX1" {
zone_id = hetznerdns_zone.externalZone.id
name = "@"
value = "20 spool.mail.gandi.net."
type = "MX"
}
resource "hetznerdns_record" "MX2" {
zone_id = hetznerdns_zone.externalZone.id
name = "@"
value = "50 fb.mail.gandi.net"
type = "MX"
}
resource "hetznerdns_record" "spf" {
zone_id = hetznerdns_zone.externalZone.id
name = "@"
value = "\"v=spf1 include:_mailcust.gandi.net ~all\""
type = "TXT"
}
resource "hetznerdns_record" "caldav" {
zone_id = hetznerdns_zone.externalZone.id
name = "_caldavs_tcp"
value = "10 20 443 www.${hetznerdns_zone.externalZone.name}"
type = "SRV"
}
resource "hetznerdns_record" "carddavs" {
zone_id = hetznerdns_zone.externalZone.id
name = "_carddavs_tcp"
value = "10 20 443 www.${hetznerdns_zone.externalZone.name}"
type = "SRV"
}
resource "hetznerdns_record" "server" {
zone_id = hetznerdns_zone.externalZone.id
name = local.defaultCname
value = hcloud_server.HomeLab2[0].ipv4_address
type = "A"
}
resource "hetznerdns_record" "dendrite" {
zone_id = hetznerdns_zone.externalZone.id
name = "dendrite"
value = local.defaultCname
type = "CNAME"
}
resource "hetznerdns_record" "diskstation" {
zone_id = hetznerdns_zone.externalZone.id
name = "diskstation"
value = local.defaultCname
type = "CNAME"
}
resource "hetznerdns_record" "drone" {
zone_id = hetznerdns_zone.externalZone.id
name = "drone"
value = local.defaultCname
type = "CNAME"
}
resource "hetznerdns_record" "file" {
zone_id = hetznerdns_zone.externalZone.id
name = "file"
value = local.defaultCname
type = "CNAME"
}
resource "hetznerdns_record" "ghostfolio" {
zone_id = hetznerdns_zone.externalZone.id
name = "ghostfolio"
value = local.defaultCname
type = "CNAME"
}
resource "hetznerdns_record" "git" {
zone_id = hetznerdns_zone.externalZone.id
name = "git"
value = local.defaultCname
type = "CNAME"
}
resource "hetznerdns_record" "grafana" {
zone_id = hetznerdns_zone.externalZone.id
name = "grafana"
value = local.defaultCname
type = "CNAME"
}
resource "hetznerdns_record" "hass" {
zone_id = hetznerdns_zone.externalZone.id
name = "hass"
value = local.defaultCname
type = "CNAME"
}
resource "hetznerdns_record" "jellyfin" {
zone_id = hetznerdns_zone.externalZone.id
name = "jellyfin"
value = local.defaultCname
type = "CNAME"
}
resource "hetznerdns_record" "supysonic" {
zone_id = hetznerdns_zone.externalZone.id
name = "supysonic"
value = local.defaultCname
type = "CNAME"
}
resource "hetznerdns_record" "syno" {
zone_id = hetznerdns_zone.externalZone.id
name = "syno"
value = local.defaultCname
type = "CNAME"
}
resource "hetznerdns_record" "vault" {
zone_id = hetznerdns_zone.externalZone.id
name = "vault"
value = local.defaultCname
type = "CNAME"
}
resource "hetznerdns_record" "vikunja" {
zone_id = hetznerdns_zone.externalZone.id
name = "vikunja"
value = local.defaultCname
type = "CNAME"
}
resource "hetznerdns_record" "www" {
zone_id = hetznerdns_zone.externalZone.id
name = "www"
value = local.defaultCname
type = "CNAME"
}
resource "hetznerdns_record" "ww" {
zone_id = hetznerdns_zone.externalZone.id
name = "ww"
value = local.defaultCname
type = "CNAME"
}
resource "hetznerdns_record" "gm1" {
zone_id = hetznerdns_zone.externalZone.id
name = "gm1._domainkey"
value = "gm1.gandimail.net"
type = "CNAME"
}
resource "hetznerdns_record" "gm2" {
zone_id = hetznerdns_zone.externalZone.id
name = "gm2._domainkey"
value = "gm2.gandimail.net"
type = "CNAME"
}
resource "hetznerdns_record" "gm3" {
zone_id = hetznerdns_zone.externalZone.id
name = "gm3._domainkey"
value = "gm3.gandimail.net"
type = "CNAME"
}
resource "hetznerdns_record" "imap" {
zone_id = hetznerdns_zone.externalZone.id
name = "imap"
value = "mail.gandi.net."
type = "CNAME"
}
resource "hetznerdns_record" "smtp" {
zone_id = hetznerdns_zone.externalZone.id
name = "smtp"
value = "mail.gandi.net"
type = "CNAME"
}

View File

@ -1,8 +1,12 @@
terraform { terraform {
required_providers { required_providers {
hcloud = { hcloud = {
source = "hetznercloud/hcloud" source = "hetznercloud/hcloud"
} }
hetznerdns = {
source="timohirt/hetznerdns"
}
} }
backend "consul" { backend "consul" {
path = "terraform/infra" path = "terraform/infra"
@ -13,3 +17,6 @@ terraform {
provider "hcloud" { provider "hcloud" {
token = var.hcloud_token token = var.hcloud_token
} }
provider "hetznerdns" {
apitoken = var.hdns_token
}

View File

@ -1,7 +1,7 @@
resource "hcloud_server" "HomeLab2" { resource "hcloud_server" "HomeLab2" {
count = var.instances count = var.instances
name = "corwin" name = "corwin"
image = "rocky-9" image = var.os_type
server_type = var.server_type server_type = var.server_type
location = var.location location = var.location
ssh_keys = [hcloud_ssh_key.default.id] ssh_keys = [hcloud_ssh_key.default.id]

View File

@ -1,19 +1,26 @@
variable "hcloud_token" { variable "hcloud_token" {
type = string
# default = <your-api-token> # default = <your-api-token>
} }
variable "hdns_token" {
type=string
}
variable "location" { variable "location" {
type=string
default = "hel1" default = "hel1"
} }
variable "instances" { variable "instances" {
type=number
default = "1" default = "1"
} }
variable "server_type" { variable "server_type" {
type=string
default = "cpx11" default = "cpx11"
} }
variable "os_type" { variable "os_type" {
default = "rocky-8" type=string
default = "rocky-9"
} }

View File

@ -27,7 +27,7 @@ job "traefik-ingress" {
} }
} }
vault { vault {
policies = ["gandi"] policies = ["traefik"]
} }
task "traefik" { task "traefik" {
driver = "docker" driver = "docker"
@ -74,7 +74,7 @@ job "traefik-ingress" {
} }
template { template {
data = <<EOH data = <<EOH
GANDIV5_API_KEY = "{{with secret "secrets/data/nomad/gandi"}}{{.Data.data.API_KEY}}{{end}}" HETZNER_API_KEY = "{{with secret "secrets/data/nomad/traefik"}}{{.Data.data.hetznerdnstoken}}{{end}}"
EOH EOH
destination = "secrets/gandi.env" destination = "secrets/gandi.env"
env = true env = true

View File

@ -20,7 +20,7 @@ job "traefik-local" {
} }
} }
vault { vault {
policies = ["gandi"] policies = ["traefik"]
} }
task "traefik" { task "traefik" {
@ -68,7 +68,7 @@ job "traefik-local" {
} }
template { template {
data = <<EOH data = <<EOH
GANDIV5_API_KEY = "{{with secret "secrets/data/nomad/gandi"}}{{.Data.data.API_KEY}}{{end}}" HETZNER_API_KEY = "{{with secret "secrets/data/nomad/traefik"}}{{.Data.data.hetznerdnstoken}}{{end}}"
EOH EOH
destination = "secrets/gandi.env" destination = "secrets/gandi.env"
env = true env = true
@ -108,9 +108,9 @@ job "traefik-local" {
email = "vincent@ducamps.win" email = "vincent@ducamps.win"
storage = "acme.json" storage = "acme.json"
[certificatesResolvers.myresolver.acme.dnsChallenge] [certificatesResolvers.myresolver.acme.dnsChallenge]
provider = "gandiv5" provider = "hetzner"
delayBeforeCheck = 0 delayBeforeCheck = 0
resolvers = ["173.246.100.133:53"] resolvers = ["hydrogen.ns.hetzner.com"]
[metrics] [metrics]
[metrics.prometheus] [metrics.prometheus]

View File

@ -7,7 +7,7 @@ locals {
"dump", "dump",
"dentrite", "dentrite",
"droneci", "droneci",
"gandi", "traefik",
"gitea", "gitea",
"nextcloud", "nextcloud",
"paperless", "paperless",