feat(ingress.tjo.cloud): start managing DNS via terraform
Some checks failed
/ lint (push) Failing after 46s

This commit is contained in:
Tine 2025-01-07 22:17:00 +01:00
parent 4dd62ed09e
commit ef9b1bdfc6
Signed by: mentos1386
SSH key fingerprint: SHA256:MNtTsLbihYaWF8j1fkOHfkKNlnN1JQfxEU/rBU8nCGw
21 changed files with 14368 additions and 13474 deletions

View file

@ -1,15 +1,15 @@
TF_VAR_tailscale_apikey=ENC[AES256_GCM,data:zuGzLIwidsaGJAuzpe9oVMQediipHorOiMZR+mtsBj4MVUSkJt0+Hv/9KanQ/x93WPggL9dHr4EqfEvyOv0=,iv:nJbN1N5IrU60KTWkKpeDaeuaw6f1hoj85Md5kYWO2dc=,tag:KfdepFTJFAT01Jfw5UIfUA==,type:str] TF_VAR_tailscale_apikey=ENC[AES256_GCM,data:1FPbS45U0O0Fk2ZJQHrb0ehA+CkVbd4uMKb0pciwjl7Y546EudzldBw8EKeGxJlT6lanTuBGbLMzEGl0R1k=,iv:6obSHmqp+FATkBImgOaC7kfX2IZaFdl4UFupjm+M3gU=,tag:2RtEagakNzOx9uTkCHkaRQ==,type:str]
TF_VAR_oidc_username=ENC[AES256_GCM,data:tiVs6bJz2Wlp5rFOpP55rboTjBxmuWSE1N2GeyI/9dKMZo9F,iv:PQvmRppeUGYwkCQcGWZ/X4680KVQ4LpcUaFoTnR5PyI=,tag:UddxOy+3dqKsKsl8dM+Mvg==,type:str] TF_VAR_oidc_username=ENC[AES256_GCM,data:xNuFAIZeyQlY3wVssitjS4LI/WTMlz28UOlmfGOlAGQmKyt9,iv:n3MzeCTpSdAguf43QUuXY3g77bq2rWia/9erI+2PuzY=,tag:tcebsq3Z+yL8CV8rmWCQkA==,type:str]
TF_VAR_oidc_password=ENC[AES256_GCM,data:IKIOk/NDwxU6okebzwm2DprXWEblCQai3gu3RndfkQ034Mpl8a3yVzcplrYP/JNbnDdHKaDg7hF85UAhZoQ=,iv:1CsxrduE9SMqyTROZpkxewRKQJDO+dACEj5OcyB8hj0=,tag:idqIWO8Io1IJIVSAt++OlQ==,type:str] TF_VAR_oidc_password=ENC[AES256_GCM,data:4DkGdECrwl/ra6Vy/YojmjgQSxhePt8rma6r0nWfJdBPklMTTPjZfejZniLaDVhaz9NrL67kPzkIViUB34g=,iv:3O9040qOZNM6FZkEnQq7aqeMSOUckZDdLw6ChGSIwRk=,tag:yIgupiznJewz/HEpFaA6CQ==,type:str]
TF_VAR_oidc_issuer_url=ENC[AES256_GCM,data:2UJOnU1Ktf7Q1GsQG160K0fZp6/e7Sc4jrY3erQocqgpSWVyNGU2sJMsKG6aoJmxXw==,iv:4QzQlJ0B2i5w4RqIzvIObgmi1szMhvm8VZs5dzYh78w=,tag:O2RaNzb0w7RMLzEjjjzlCQ==,type:str] TF_VAR_oidc_issuer_url=ENC[AES256_GCM,data:MzHVhGUlFGtG7dc+A5aQK3NTVdRBNdx3FR0WSNYedqSiJ6iemodkqU8p3cboYWdgLA==,iv:liVx65R2SsMMNdyHrG/oQ0d9t3jUjy3WyfrEaKJGvx4=,tag:KXupAYk/DEBgYSIFYQ918g==,type:str]
TF_VAR_oidc_client_id=ENC[AES256_GCM,data:N1KSDiuUl6KF5/H3iU1Mw8pVj12LHaU0lbMZdTqiCTc2asSUtkgCCm0Q,iv:FKkJXcWlEyre4YGGQ5/gLzD7pgJwD5T6i99lweyWl5I=,tag:b2cHmuznzRznNWfFvZXnMg==,type:str] TF_VAR_oidc_client_id=ENC[AES256_GCM,data:EpINeKHccyTb2fpwRM8sNdiqoXbd7Orc7njEpZTrN8XyusCGmoZQwLoX,iv:tervIz9OO+cGss9niMI7pUyIDtdN/sMx0LG2FB1p/u4=,tag:gWVcqMxSt8IHc5aaigHcDg==,type:str]
TF_VAR_dnsimple_account_id=ENC[AES256_GCM,data:x0Gd82UWEFg=,iv:vmTdc8afg+fDne7GqKKeYmnmFxUdfcTI2DyZ+p1no9k=,tag:EDd6fzhcqGTxe928fSu2qQ==,type:str] TF_VAR_dnsimple_account_id=ENC[AES256_GCM,data:SbDto21DCRk=,iv:Pbp1I/37710VTCXYKYydh262iGlsTMBEnkgQ+0a6eRs=,tag:RtS5YjA4eNGGD1UOtKuokQ==,type:str]
TF_VAR_dnsimple_token=ENC[AES256_GCM,data:Xfm0qRFAgo9J2EyXD5+FiylMgit9rUQ3mCzLxAVkEPbHR+UGl4DfS+khG1uW,iv:ynzntkCgWFs62w79p4OGxpQbVaifoiIdKrQohPnis7g=,tag:wHWmoAdf61ufY6LiDgfZww==,type:str] TF_VAR_dnsimple_token=ENC[AES256_GCM,data:lZiU+dYtcWlJCRLqPAUBl1zq0JwL24xnj34jt/lKqRlITPfHP2muzRMahSqY,iv:AYv/CniswOLlNMOekfehi5lp/snl2C1dg88gzafFBic=,tag:Rorc6yzGxrSBQoUe6zGg/g==,type:str]
TF_VAR_proxmox_token=ENC[AES256_GCM,data:69/4ySLnO7/XsK0Dv1K5P7QCfA0YlXbwyECPIAKiGuYuGpa1T9HUbHiXpyZGOQ4z5zZOQ0NFTp1QDc+9gQ==,iv:4CFB2CV/NlM+NHWAmwtDlb2oURm2PPwXeNQRHrwr8e8=,tag:rA7tB5zRo2IGYSHTGgdnfQ==,type:str] TF_VAR_proxmox_token=ENC[AES256_GCM,data:zJ+4Dru4EYOyB6XYAcasCZe0FmFDM6+RThFlPop0roarks7DPJap447bniYlzLophRuX7xbqMCRRwIrYRA==,iv:iaXFSRTf+YCh+FIBLUY+Pm20ZpbPf/HDRPIa686nHUY=,tag:7fdI8dBj39L4A0dgdzE/8w==,type:str]
TF_VAR_authentik_token=ENC[AES256_GCM,data:MW2aabg6tW0IWiFoXil7P38YmDrjy8mTL1mZ3U9QGQIcoA+GAoflElmU8B0t4ecz0C4vsBJSa2a/aCzjwz0=,iv:SMstbHG1JS/j+32uP6cxmQBM7ZpcSw6gUYLrsAUVu80=,tag:KOiGCSeklHr2QPo3wB+r2A==,type:str] TF_VAR_authentik_token=ENC[AES256_GCM,data:m5mk4qh0FcUPIOtxJUASQfIUwvXUB48QiBj4icauauyj1kYeS20//G5uFwzgWtE4rDU1/9QHhwNkywi8r+4=,iv:RICKnmVa43C3OwUt6+VTYEcxrliey2Hhwx0nGFztb7s=,tag:tJRfFL03datpq8VycI+d0g==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySHl2bUV1L3pzdjFiR3NY\nbUVhZTlVMXBNZXoyT1JwSUNoeE1LdDlhYzBFCkNFY3ExRjNLMGhQS2FEQWdvK2ww\nNWRnZW85ZjZqQXh0NnhTZDV5RzJFWncKLS0tIDcyYm9SaDFvYVZuMFdSWDVXcEJI\nS0wxeUxFc1gxRXdVUVRzcDJnVllTc00KgbSAvu1d/MhiTTLFNBZeVrxIqiGwQLSV\nY5wj0JO+Hbnc4GGNgP/l//2NdisoW5KDSuBtb4jYaST4fnc+AAGAGA==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEbGlVNS9NK3VhdFJEbWZi\nRWYxSlNodHBRWU5VNktSK1FCZyszeWc2ODJZCnI0d0cxdWNOeTJBV2FLRksxdnJU\nSDU4am85N1JNSzRjT3FUYS9FOU9VTEkKLS0tIDUycFZCTGszdi8yblEyb2VYYXhz\nZEIxMXZLVThDRXZycUZkanB1SmJZRkkKoWTAvpvwzvNF1x5FUSrVXBSMcjpnplBJ\noHl7ubDoAUcbdUTw2vYny+wL2V3qyfQBvzWul3hneOAewt+npc7+1w==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1cl3d4wtrrqrgldmrzpu53q2mk60r7hrhrymsrwss8s57z4mdv9fst4a55h sops_age__list_0__map_recipient=age1cl3d4wtrrqrgldmrzpu53q2mk60r7hrhrymsrwss8s57z4mdv9fst4a55h
sops_lastmodified=2025-01-04T10:03:21Z sops_lastmodified=2025-01-07T21:16:43Z
sops_mac=ENC[AES256_GCM,data:VxHkYhQWUA7q7LbHIpXUnC+841VX5BqtmBjAotv4eUWGlFM7ewwWA/vwDKE9e0+CGpCc9JCobutUHVy9XMGnZLXg2hZmdxjs3igEEWdEXg/lCmyh+Rdo1uYF1YLT4XzqWvxKXAy3NoQQ7WiIL0ihR28FBaqqygme0YnStK6RMBY=,iv:/7D7tn0RDHfqdG7JBd69bAjfkz9rcu5QpAB1oEXGaP0=,tag:thd2ao6KVOTzDYcIROU9Fg==,type:str] sops_mac=ENC[AES256_GCM,data:M5Q+LXH0oszXJxtG7Y2AJO0bqwbwz9IsufSdLp4pT6gQ7NI5ojVRElswH3U/HxgSjbVulssDXlnWydDJPII+8Fq1jaVcCTgZFYV9Kh4cPtR4AWSPdlvntap5clbIr7pNGRbYYUuYf5ZNXdtqLL0190uHtS1+nOXOzR+xBWflIpc=,iv:QP1T/ECATtPby2h8gir9ueH3Ulv3CLaGvP+C2TF1Yqo=,tag:6RlSE6xLO77Cy2NyT9iUHQ==,type:str]
sops_unencrypted_suffix=_unencrypted sops_unencrypted_suffix=_unencrypted
sops_version=3.9.2 sops_version=3.9.2

View file

@ -25,6 +25,29 @@ provider "registry.opentofu.org/bpg/proxmox" {
] ]
} }
provider "registry.opentofu.org/dnsimple/dnsimple" {
version = "1.8.0"
constraints = "1.8.0"
hashes = [
"h1:Nwu+3tVJnNmSJQoctRSWAamUX3AiTCZ5mOMtAUPtg7Q=",
"zh:0852fd9523268b30fb637a03a0cb6d6a5878cbbf7e0e4219615c9ba073fbdf17",
"zh:0ac43193082dd467abad4937b0abb97ea349205726fc450cb3a94dc0db6e9a49",
"zh:10e4aad54c2d6cbd9328a1661d72a978357743eda7099a3f120a497119be4ff1",
"zh:211d481935dec36903928c51f5f4f15d98313f6d50649ea064bc20a4d6541678",
"zh:2705b5ebac4219449f9126cc19fa982cf0644e5df60d3d5254131d2e2d676afd",
"zh:27f0df80af6652e96f85a0856daa571af495d2119ab126199d6d5ab53f6eb887",
"zh:27fbb2fb69291a660d8e99ba960f01051b7fc28658f7932772ce7e80a42bd6e9",
"zh:3ecf20ead1f044f08ae9e411c9341d47319eb6af5d6543b58f2f6932c6b288b0",
"zh:635055f0af3eb27d30801aeead51d8b960c386f369a378fad7146350ec6b4d68",
"zh:7ca26f64221a9c6634a02296e30a87e3fffed1144ac57e0ae9a86a448f42d4ca",
"zh:895e0732da00942b2eb13c78673a9c9268e87e92a225999cddf2d13b823f3295",
"zh:b3806e5b687faf97ad8cb2a23e105729059693ae07a229fecef52da5279d7bd1",
"zh:c3c284a54aab3ddea2dba140af4a707ce077c9c2d9d34556902afdb25fe6ca8e",
"zh:d2539f2cc5960a55a53eaaa90248abfb3167275e34af7e93735ec4571eb879eb",
"zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32",
]
}
provider "registry.opentofu.org/goauthentik/authentik" { provider "registry.opentofu.org/goauthentik/authentik" {
version = "2024.8.3" version = "2024.8.3"
constraints = "2024.8.3" constraints = "2024.8.3"

View file

@ -0,0 +1,21 @@
resource "dnsimple_zone" "all" {
for_each = var.zones
name = each.key
}
locals {
records_with_zones = { for key, value in var.records : key => merge(
value,
{ zone = one([for zone in var.zones : zone if endswith(key, zone)]) }
) }
}
resource "dnsimple_zone_record" "all" {
for_each = local.records_with_zones
zone_name = dnsimple_zone.all[each.value.zone].name
name = trimsuffix(each.key, ".${each.value.zone}")
value = each.value.to
type = each.value.type
ttl = each.value.ttl
}

View file

@ -15,7 +15,7 @@ locals {
auth_key = tailscale_tailnet_key.key.key auth_key = tailscale_tailnet_key.key.key
} }
dnsimple = { dnsimple = {
token = var.dnsimple_token token = var.dnsimple_token
} }
} }
}) })

View file

@ -12,11 +12,20 @@ terraform {
source = "tailscale/tailscale" source = "tailscale/tailscale"
version = "0.17.2" version = "0.17.2"
} }
dnsimple = {
source = "dnsimple/dnsimple"
version = "1.8.0"
}
} }
required_version = "~> 1.7.3" required_version = "~> 1.7.3"
} }
provider "dnsimple" {
token = var.dnsimple_token
account = var.dnsimple_account_id
}
provider "authentik" { provider "authentik" {
url = "https://id.tjo.space" url = "https://id.tjo.space"
token = var.authentik_token token = var.authentik_token

File diff suppressed because it is too large Load diff

View file

@ -48,3 +48,48 @@ nodes = {
ssh_keys = [ ssh_keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICXAlzwziqfUUb2qmFwNF/nrBYc5MNT1MMOx81ohBmB+ tine@little.sys.tjo.space" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICXAlzwziqfUUb2qmFwNF/nrBYc5MNT1MMOx81ohBmB+ tine@little.sys.tjo.space"
] ]
zones = [
"tjo.space",
"tjo.cloud",
]
records = {
# TJO.SPACE
"tjo.space" = { to = "any.ingress.tjo.cloud" }
"id.tjo.space" = { to = "any.ingress.tjo.cloud" }
"code.tjo.space" = { to = "any.ingress.tjo.cloud" }
# mail.tjo.space requires specific ports to be accessible,
# which is often not the case for home internet providers.
# so we should only ever use "cloud" ingresses.
"mail.tjo.space" = { to = "nevaroo.ingress.tjo.cloud" }
"paperless.tjo.space" = { to = "any.ingress.tjo.cloud" }
"penpot.tjo.space" = { to = "any.ingress.tjo.cloud" }
"rss.tjo.space" = { to = "any.ingress.tjo.cloud" }
"search.tjo.space" = { to = "any.ingress.tjo.cloud" }
"send.tjo.space" = { to = "any.ingress.tjo.cloud" }
"status.tjo.space" = { to = "tjo-space.github.io", type = "CNAME" }
"stuff.tjo.space" = { to = "any.ingress.tjo.cloud" }
"vault.tjo.space" = { to = "any.ingress.tjo.cloud" }
"yt.tjo.space" = { to = "any.ingress.tjo.cloud" }
# CLOUD.TJO.SPACE
"cloud.tjo.space" = { to = "any.ingress.tjo.cloud" }
"collabora.tjo.space" = { to = "any.ingress.tjo.cloud" }
# CHAT.TJO.SPACE
"chat.tjo.space" = { to = "any.ingress.tjo.cloud" }
"matrix.chat.tjo.space" = { to = "any.ingress.tjo.cloud" }
"webhook.chat.tjo.space" = { to = "any.ingress.tjo.cloud" }
"turn.chat.tjo.space" = { to = "any.ingress.tjo.cloud" }
# MEDIA.TJO.SPACE
"media.tjo.space" = { to = "any.ingress.tjo.cloud" }
"*.media.tjo.space" = { to = "any.ingress.tjo.cloud" }
# TJO.CLOUD
"grpc.otel.monitor.tjo.cloud" = { to = "any.ingress.tjo.cloud" }
"http.otel.monitor.tjo.cloud" = { to = "any.ingress.tjo.cloud" }
"loki.monitor.tjo.cloud" = { to = "any.ingress.tjo.cloud" }
"prometheus.monitor.tjo.cloud" = { to = "any.ingress.tjo.cloud" }
"monitor.tjo.cloud" = { to = "any.ingress.tjo.cloud" }
"postgresql.tjo.cloud" = { to = "any.ingress.tjo.cloud" }
"proxmox.tjo.cloud" = { to = "any.ingress.tjo.cloud" }
"vault.tjo.cloud" = { to = "any.ingress.tjo.cloud" }
}

View file

@ -19,6 +19,20 @@ variable "nodes" {
})) }))
} }
variable "zones" {
type = set(string)
}
variable "records" {
type = map(object({
to = string
ttl = optional(number, 600)
type = optional(string, "ALIAS")
}))
}
variable "ssh_keys" { variable "ssh_keys" {
type = list(string) type = list(string)
} }
@ -42,3 +56,8 @@ variable "dnsimple_token" {
type = string type = string
sensitive = true sensitive = true
} }
variable "dnsimple_account_id" {
type = string
}

View file

@ -1,8 +1,8 @@
{ {
"version": "ENC[AES256_GCM,data:lQ==,iv:SYNcW46e7HEOh7iczdWJFH9I8y8sox0nzrcYcrPiKKM=,tag:HinDAl4Q6896UllEruRV8Q==,type:float]", "version": "ENC[AES256_GCM,data:rw==,iv:dwK8SyF/1wanH+zrZ/ZJ2Gpf9lmx8yh/zga8yVWGDAk=,tag:WyqCUlFdTCBEKxGGiLoqMw==,type:float]",
"terraform_version": "ENC[AES256_GCM,data:1mbixhY=,iv:mCUnLWsm1lmfmpmRcFMo5sT+zrZcuh9toCieKZGCq1E=,tag:BvkRHRvrainaz8meSNIm7A==,type:str]", "terraform_version": "ENC[AES256_GCM,data:jGfiZv8=,iv:Z4kLokk55GLLbd93KwAKCszR4nLVQDycJZ1r4g7aB6I=,tag:xvDTMgvAYeUARB111zPD0Q==,type:str]",
"serial": "ENC[AES256_GCM,data:mw==,iv:Pl0GbMeWh+0vIcWzgDyS97QZ6bpUA3JOMVnTKB8Xels=,tag:/UWZxEzlgIkRYCPMCQbBKA==,type:float]", "serial": "ENC[AES256_GCM,data:YA==,iv:YWcTW1PN6OdYlaV3Eq2X03m9bbWtXdOjZQl/EKHN9xc=,tag:6hJ1Unzc03xKP407IHwszQ==,type:float]",
"lineage": "ENC[AES256_GCM,data:TDGlpj0jUKKGYiJnQdqzn4uCF9TFTJYqfGwpPeeOEeWzQOri,iv:uI9OXyJYHI84IisQ3xND+xLl+tA5nOaScHtW+o19OLI=,tag:EcezSEDO0XTzATY/vCylZw==,type:str]", "lineage": "ENC[AES256_GCM,data:gXyW0OIJEnMQopZaqpHmMPK03c7ANMHQdx1wHME9ajinCPSQ,iv:N7PS1r8emaycLdMeu125gg1fbVihOZ7WO8gkRVfbFYM=,tag:i8ks4+Aba3626M5zflIzuw==,type:str]",
"outputs": {}, "outputs": {},
"resources": [], "resources": [],
"check_results": null, "check_results": null,
@ -14,11 +14,11 @@
"age": [ "age": [
{ {
"recipient": "age1cl3d4wtrrqrgldmrzpu53q2mk60r7hrhrymsrwss8s57z4mdv9fst4a55h", "recipient": "age1cl3d4wtrrqrgldmrzpu53q2mk60r7hrhrymsrwss8s57z4mdv9fst4a55h",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2WU0xYlQ5K2IyUTNBQjdp\ncGd5czRrNGJtazNHeTkySFJFbXpIbkRMZUZ3CldDVVR2YVBjdHo3V09OSi9sS2ps\nWHVxdUw4dnpZWUpwVENuVCt6YzNGR0EKLS0tIHQ5UnpBTG1STFpkVW5OTExpRXN0\nSXFXajlzenJHWm10a3hyZ1B2V2djZW8KCyre83uxYFWHuJFfZrxVTinFHFod42aF\nOqVk7nWcQmFaoVBbywYKX1XNQEzUz/3LUQh5N9pgBsCCEfd3oVURVQ==\n-----END AGE ENCRYPTED FILE-----\n" "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCMTNhOGp2clVEdzQzV3FE\nL3JWY2phemlsZ3d1Ty9MVDNWejhlQnpMdGw4CnRydUtBZmxWQjlaaTh2WDAydTZI\nd0NCb0lYTVI3QTJEalBqaHZYVHRaUUkKLS0tIDN6ZEtaM2JMYVFNb0NDY1ZUNEdX\nN3RaUUp4QWYxL1V6a0lTS3BwSXpndGMKWMKkqCwljZvBh3r/XSueF+whS1qKBGRE\n5R9/93+0fPARx7QWnmUUjh3G9gCSdSUbp0Hx63spR9l0A0pruZMyxA==\n-----END AGE ENCRYPTED FILE-----\n"
} }
], ],
"lastmodified": "2025-01-04T10:03:25Z", "lastmodified": "2025-01-07T21:16:46Z",
"mac": "ENC[AES256_GCM,data:8GxpvXkg5hBhWOvqgulIZ9SHYiw/2SH8a7VHZ0npF4sRkRDp8l+0CqfNZREHJSKU5UnKfZql+v3cJpM9wzKZSfQf0FATxMpwp8SUi8g4ebeOjHcaYl16ti+63hhvJ9P0SKAdlc7kPZr+FigJSR1Sme9UcjKZXEpaFexvmt/NOBw=,iv:P3CBWgdU4/UCZGBUCBx2wkzvgx4au2imdhNA+mQ0DHM=,tag:QQ5RJXEqDs9YTVBpbnYFdA==,type:str]", "mac": "ENC[AES256_GCM,data:OVURip8SAtZ6LkFIgR9JP+JJW6XhxT1RGqBFIyYOKuARV/wXKfhvzZPvZiCkpcSDjQhEQu/wBefjXVqVoD6G7Ml/fNFQEWtmwG+qVsOLDtCzhlz2128Yw2QAysIPSCOPFWAHULaykHUDrr7EKt+KyhRCzCfWsNiaKOJqBuGgdfE=,iv:62ib4WUtBxWBPdRG9XjVfKSeQAcDzwXBd1tomDcE/hE=,tag:GjVWsyUlOpvyA8VE25/RHw==,type:str]",
"pgp": null, "pgp": null,
"unencrypted_suffix": "_unencrypted", "unencrypted_suffix": "_unencrypted",
"version": "3.9.2" "version": "3.9.2"

View file

@ -108,7 +108,7 @@ module "cluster-components" {
oidc_issuer_url = var.oidc_issuer_url oidc_issuer_url = var.oidc_issuer_url
oidc_client_id = var.oidc_client_id oidc_client_id = var.oidc_client_id
dnsimple_token = var.dnsimple_token dnsimple_token = var.dnsimple_token
dnsimple_account_id = var.dnsimple_account_id dnsimple_account_id = var.dnsimple_account_id
cluster_name = module.cluster.name cluster_name = module.cluster.name

View file

@ -18,7 +18,7 @@ resource "kubernetes_manifest" "tjo-cloud-issuer" {
dns01 = { dns01 = {
webhook = { webhook = {
solverName = "dnsimple" solverName = "dnsimple"
groupName = "acme.dnsimple.com" groupName = "acme.dnsimple.com"
config = { config = {
tokenSecretRef = { tokenSecretRef = {
name = kubernetes_secret.dnsimple.metadata[0].name name = kubernetes_secret.dnsimple.metadata[0].name

View file

@ -10,7 +10,7 @@ resource "kubernetes_secret" "dnsimple" {
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
} }
data = { data = {
token = var.dnsimple_token token = var.dnsimple_token
account_id = var.dnsimple_account_id account_id = var.dnsimple_account_id
} }
} }

View file

@ -1,8 +1,3 @@
variable "cluster_name" {
description = "Name of the cluster."
type = string
}
variable "cluster_domain" { variable "cluster_domain" {
description = "Domain of the cluster." description = "Domain of the cluster."
type = string type = string
@ -21,5 +16,5 @@ variable "dnsimple_token" {
} }
variable "dnsimple_account_id" { variable "dnsimple_account_id" {
type = string type = string
} }

View file

@ -6,5 +6,9 @@ terraform {
source = "hashicorp/helm" source = "hashicorp/helm"
version = "2.14.0" version = "2.14.0"
} }
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.35.1"
}
} }
} }

View file

@ -343,18 +343,18 @@ resource "dnsimple_zone_record" "api-internal-ipv4" {
for_each = { for k, v in local.nodes_with_address : k => v if v.type == "controlplane" } for_each = { for k, v in local.nodes_with_address : k => v if v.type == "controlplane" }
zone_name = var.cluster.api.internal.domain zone_name = var.cluster.api.internal.domain
type = "A" type = "A"
name = var.cluster.api.internal.subdomain name = var.cluster.api.internal.subdomain
value = each.value.ipv4 value = each.value.ipv4
ttl = 30 ttl = 30
} }
resource "dnsimple_zone_record" "api-internal-ipv6" { resource "dnsimple_zone_record" "api-internal-ipv6" {
for_each = { for k, v in local.nodes_with_address : k => v if v.type == "controlplane" } for_each = { for k, v in local.nodes_with_address : k => v if v.type == "controlplane" }
zone_name = var.cluster.api.internal.domain zone_name = var.cluster.api.internal.domain
type = "AAAA" type = "AAAA"
name = var.cluster.api.internal.subdomain name = var.cluster.api.internal.subdomain
value = each.value.ipv6 value = each.value.ipv6
ttl = 30 ttl = 30
} }

View file

@ -15,7 +15,7 @@ terraform {
version = "1.4.0" version = "1.4.0"
} }
dnsimple = { dnsimple = {
source = "dnsimple/dnsimple" source = "dnsimple/dnsimple"
version = "1.8.0" version = "1.8.0"
} }
random = { random = {

View file

@ -13,7 +13,7 @@ terraform {
version = "1.4.0" version = "1.4.0"
} }
dnsimple = { dnsimple = {
source = "dnsimple/dnsimple" source = "dnsimple/dnsimple"
version = "1.8.0" version = "1.8.0"
} }
random = { random = {
@ -69,7 +69,7 @@ provider "proxmox" {
} }
provider "dnsimple" { provider "dnsimple" {
token = var.dnsimple_token token = var.dnsimple_token
account = var.dnsimple_account_id account = var.dnsimple_account_id
} }

File diff suppressed because one or more lines are too long

File diff suppressed because it is too large Load diff

View file

@ -1,53 +1,53 @@
nodes = { nodes = {
batuu = { batuu = {
id = 700 id = 700
host = "batuu" host = "batuu"
boot_storage = "local-nvme" boot_storage = "local-nvme"
iso_storage = "local" iso_storage = "local"
bridge_ports = ["enp1s0", "enp2s0"] bridge_ports = ["enp1s0", "enp2s0"]
gateway = "192.168.1.1" gateway = "192.168.1.1"
address = "192.168.1.161/24" address = "192.168.1.161/24"
} }
jakku = { jakku = {
id = 701 id = 701
host = "jakku" host = "jakku"
boot_storage = "local-nvme" boot_storage = "local-nvme"
iso_storage = "local" iso_storage = "local"
bridge_ports = ["enp1s0", "enp2s0"] bridge_ports = ["enp1s0", "enp2s0"]
gateway = "192.168.1.1" gateway = "192.168.1.1"
address = "192.168.1.187/24" address = "192.168.1.187/24"
} }
nevaroo = { nevaroo = {
id = 702 id = 702
host = "nevaroo" host = "nevaroo"
boot_storage = "local" boot_storage = "local"
iso_storage = "local" iso_storage = "local"
mac_address = "00:50:56:00:97:FD" mac_address = "00:50:56:00:97:FD"
bridge_ports = ["eno1"] bridge_ports = ["eno1"]
gateway = "178.63.49.193" gateway = "178.63.49.193"
address = "178.63.49.225/26" address = "178.63.49.225/26"
} }
mustafar = { mustafar = {
id = 703 id = 703
host = "mustafar" host = "mustafar"
boot_storage = "local" boot_storage = "local"
iso_storage = "local" iso_storage = "local"
bridge_ports = ["enp3s0", "enp5s0"] bridge_ports = ["enp3s0", "enp5s0"]
gateway = "192.168.64.1" gateway = "192.168.64.1"
address = "192.168.64.107/24" address = "192.168.64.107/24"
} }
endor = { endor = {
id = 704 id = 704
host = "endor" host = "endor"
boot_storage = "local-nvme" boot_storage = "local-nvme"
iso_storage = "local" iso_storage = "local"
bridge_ports = ["enp1s0", "enp2s0"] bridge_ports = ["enp1s0", "enp2s0"]
gateway = "192.168.1.1" gateway = "192.168.1.1"
address = "192.168.1.103/24" address = "192.168.1.103/24"
} }
} }