feat(ingress.tjo.cloud): start managing DNS via terraform

.env.encrypted

@@ -1,15 +1,15 @@
-TF_VAR_tailscale_apikey=ENC[AES256_GCM,data:zuGzLIwidsaGJAuzpe9oVMQediipHorOiMZR+mtsBj4MVUSkJt0+Hv/9KanQ/x93WPggL9dHr4EqfEvyOv0=,iv:nJbN1N5IrU60KTWkKpeDaeuaw6f1hoj85Md5kYWO2dc=,tag:KfdepFTJFAT01Jfw5UIfUA==,type:str]
-TF_VAR_oidc_username=ENC[AES256_GCM,data:tiVs6bJz2Wlp5rFOpP55rboTjBxmuWSE1N2GeyI/9dKMZo9F,iv:PQvmRppeUGYwkCQcGWZ/X4680KVQ4LpcUaFoTnR5PyI=,tag:UddxOy+3dqKsKsl8dM+Mvg==,type:str]
-TF_VAR_oidc_password=ENC[AES256_GCM,data:IKIOk/NDwxU6okebzwm2DprXWEblCQai3gu3RndfkQ034Mpl8a3yVzcplrYP/JNbnDdHKaDg7hF85UAhZoQ=,iv:1CsxrduE9SMqyTROZpkxewRKQJDO+dACEj5OcyB8hj0=,tag:idqIWO8Io1IJIVSAt++OlQ==,type:str]
-TF_VAR_oidc_issuer_url=ENC[AES256_GCM,data:2UJOnU1Ktf7Q1GsQG160K0fZp6/e7Sc4jrY3erQocqgpSWVyNGU2sJMsKG6aoJmxXw==,iv:4QzQlJ0B2i5w4RqIzvIObgmi1szMhvm8VZs5dzYh78w=,tag:O2RaNzb0w7RMLzEjjjzlCQ==,type:str]
-TF_VAR_oidc_client_id=ENC[AES256_GCM,data:N1KSDiuUl6KF5/H3iU1Mw8pVj12LHaU0lbMZdTqiCTc2asSUtkgCCm0Q,iv:FKkJXcWlEyre4YGGQ5/gLzD7pgJwD5T6i99lweyWl5I=,tag:b2cHmuznzRznNWfFvZXnMg==,type:str]
-TF_VAR_dnsimple_account_id=ENC[AES256_GCM,data:x0Gd82UWEFg=,iv:vmTdc8afg+fDne7GqKKeYmnmFxUdfcTI2DyZ+p1no9k=,tag:EDd6fzhcqGTxe928fSu2qQ==,type:str]
-TF_VAR_dnsimple_token=ENC[AES256_GCM,data:Xfm0qRFAgo9J2EyXD5+FiylMgit9rUQ3mCzLxAVkEPbHR+UGl4DfS+khG1uW,iv:ynzntkCgWFs62w79p4OGxpQbVaifoiIdKrQohPnis7g=,tag:wHWmoAdf61ufY6LiDgfZww==,type:str]
-TF_VAR_proxmox_token=ENC[AES256_GCM,data:69/4ySLnO7/XsK0Dv1K5P7QCfA0YlXbwyECPIAKiGuYuGpa1T9HUbHiXpyZGOQ4z5zZOQ0NFTp1QDc+9gQ==,iv:4CFB2CV/NlM+NHWAmwtDlb2oURm2PPwXeNQRHrwr8e8=,tag:rA7tB5zRo2IGYSHTGgdnfQ==,type:str]
-TF_VAR_authentik_token=ENC[AES256_GCM,data:MW2aabg6tW0IWiFoXil7P38YmDrjy8mTL1mZ3U9QGQIcoA+GAoflElmU8B0t4ecz0C4vsBJSa2a/aCzjwz0=,iv:SMstbHG1JS/j+32uP6cxmQBM7ZpcSw6gUYLrsAUVu80=,tag:KOiGCSeklHr2QPo3wB+r2A==,type:str]
-sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySHl2bUV1L3pzdjFiR3NY\nbUVhZTlVMXBNZXoyT1JwSUNoeE1LdDlhYzBFCkNFY3ExRjNLMGhQS2FEQWdvK2ww\nNWRnZW85ZjZqQXh0NnhTZDV5RzJFWncKLS0tIDcyYm9SaDFvYVZuMFdSWDVXcEJI\nS0wxeUxFc1gxRXdVUVRzcDJnVllTc00KgbSAvu1d/MhiTTLFNBZeVrxIqiGwQLSV\nY5wj0JO+Hbnc4GGNgP/l//2NdisoW5KDSuBtb4jYaST4fnc+AAGAGA==\n-----END AGE ENCRYPTED FILE-----\n
+TF_VAR_tailscale_apikey=ENC[AES256_GCM,data:1FPbS45U0O0Fk2ZJQHrb0ehA+CkVbd4uMKb0pciwjl7Y546EudzldBw8EKeGxJlT6lanTuBGbLMzEGl0R1k=,iv:6obSHmqp+FATkBImgOaC7kfX2IZaFdl4UFupjm+M3gU=,tag:2RtEagakNzOx9uTkCHkaRQ==,type:str]
+TF_VAR_oidc_username=ENC[AES256_GCM,data:xNuFAIZeyQlY3wVssitjS4LI/WTMlz28UOlmfGOlAGQmKyt9,iv:n3MzeCTpSdAguf43QUuXY3g77bq2rWia/9erI+2PuzY=,tag:tcebsq3Z+yL8CV8rmWCQkA==,type:str]
+TF_VAR_oidc_password=ENC[AES256_GCM,data:4DkGdECrwl/ra6Vy/YojmjgQSxhePt8rma6r0nWfJdBPklMTTPjZfejZniLaDVhaz9NrL67kPzkIViUB34g=,iv:3O9040qOZNM6FZkEnQq7aqeMSOUckZDdLw6ChGSIwRk=,tag:yIgupiznJewz/HEpFaA6CQ==,type:str]
+TF_VAR_oidc_issuer_url=ENC[AES256_GCM,data:MzHVhGUlFGtG7dc+A5aQK3NTVdRBNdx3FR0WSNYedqSiJ6iemodkqU8p3cboYWdgLA==,iv:liVx65R2SsMMNdyHrG/oQ0d9t3jUjy3WyfrEaKJGvx4=,tag:KXupAYk/DEBgYSIFYQ918g==,type:str]
+TF_VAR_oidc_client_id=ENC[AES256_GCM,data:EpINeKHccyTb2fpwRM8sNdiqoXbd7Orc7njEpZTrN8XyusCGmoZQwLoX,iv:tervIz9OO+cGss9niMI7pUyIDtdN/sMx0LG2FB1p/u4=,tag:gWVcqMxSt8IHc5aaigHcDg==,type:str]
+TF_VAR_dnsimple_account_id=ENC[AES256_GCM,data:SbDto21DCRk=,iv:Pbp1I/37710VTCXYKYydh262iGlsTMBEnkgQ+0a6eRs=,tag:RtS5YjA4eNGGD1UOtKuokQ==,type:str]
+TF_VAR_dnsimple_token=ENC[AES256_GCM,data:lZiU+dYtcWlJCRLqPAUBl1zq0JwL24xnj34jt/lKqRlITPfHP2muzRMahSqY,iv:AYv/CniswOLlNMOekfehi5lp/snl2C1dg88gzafFBic=,tag:Rorc6yzGxrSBQoUe6zGg/g==,type:str]
+TF_VAR_proxmox_token=ENC[AES256_GCM,data:zJ+4Dru4EYOyB6XYAcasCZe0FmFDM6+RThFlPop0roarks7DPJap447bniYlzLophRuX7xbqMCRRwIrYRA==,iv:iaXFSRTf+YCh+FIBLUY+Pm20ZpbPf/HDRPIa686nHUY=,tag:7fdI8dBj39L4A0dgdzE/8w==,type:str]
+TF_VAR_authentik_token=ENC[AES256_GCM,data:m5mk4qh0FcUPIOtxJUASQfIUwvXUB48QiBj4icauauyj1kYeS20//G5uFwzgWtE4rDU1/9QHhwNkywi8r+4=,iv:RICKnmVa43C3OwUt6+VTYEcxrliey2Hhwx0nGFztb7s=,tag:tJRfFL03datpq8VycI+d0g==,type:str]
+sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEbGlVNS9NK3VhdFJEbWZi\nRWYxSlNodHBRWU5VNktSK1FCZyszeWc2ODJZCnI0d0cxdWNOeTJBV2FLRksxdnJU\nSDU4am85N1JNSzRjT3FUYS9FOU9VTEkKLS0tIDUycFZCTGszdi8yblEyb2VYYXhz\nZEIxMXZLVThDRXZycUZkanB1SmJZRkkKoWTAvpvwzvNF1x5FUSrVXBSMcjpnplBJ\noHl7ubDoAUcbdUTw2vYny+wL2V3qyfQBvzWul3hneOAewt+npc7+1w==\n-----END AGE ENCRYPTED FILE-----\n
 sops_age__list_0__map_recipient=age1cl3d4wtrrqrgldmrzpu53q2mk60r7hrhrymsrwss8s57z4mdv9fst4a55h
-sops_lastmodified=2025-01-04T10:03:21Z
-sops_mac=ENC[AES256_GCM,data:VxHkYhQWUA7q7LbHIpXUnC+841VX5BqtmBjAotv4eUWGlFM7ewwWA/vwDKE9e0+CGpCc9JCobutUHVy9XMGnZLXg2hZmdxjs3igEEWdEXg/lCmyh+Rdo1uYF1YLT4XzqWvxKXAy3NoQQ7WiIL0ihR28FBaqqygme0YnStK6RMBY=,iv:/7D7tn0RDHfqdG7JBd69bAjfkz9rcu5QpAB1oEXGaP0=,tag:thd2ao6KVOTzDYcIROU9Fg==,type:str]
+sops_lastmodified=2025-01-07T21:16:43Z
+sops_mac=ENC[AES256_GCM,data:M5Q+LXH0oszXJxtG7Y2AJO0bqwbwz9IsufSdLp4pT6gQ7NI5ojVRElswH3U/HxgSjbVulssDXlnWydDJPII+8Fq1jaVcCTgZFYV9Kh4cPtR4AWSPdlvntap5clbIr7pNGRbYYUuYf5ZNXdtqLL0190uHtS1+nOXOzR+xBWflIpc=,iv:QP1T/ECATtPby2h8gir9ueH3Ulv3CLaGvP+C2TF1Yqo=,tag:6RlSE6xLO77Cy2NyT9iUHQ==,type:str]
 sops_unencrypted_suffix=_unencrypted
 sops_version=3.9.2

ingress.tjo.cloud/terraform/.terraform.lock.hcl

@@ -25,6 +25,29 @@ provider "registry.opentofu.org/bpg/proxmox" {
   ]
 }
 
+provider "registry.opentofu.org/dnsimple/dnsimple" {
+  version     = "1.8.0"
+  constraints = "1.8.0"
+  hashes = [
+    "h1:Nwu+3tVJnNmSJQoctRSWAamUX3AiTCZ5mOMtAUPtg7Q=",
+    "zh:0852fd9523268b30fb637a03a0cb6d6a5878cbbf7e0e4219615c9ba073fbdf17",
+    "zh:0ac43193082dd467abad4937b0abb97ea349205726fc450cb3a94dc0db6e9a49",
+    "zh:10e4aad54c2d6cbd9328a1661d72a978357743eda7099a3f120a497119be4ff1",
+    "zh:211d481935dec36903928c51f5f4f15d98313f6d50649ea064bc20a4d6541678",
+    "zh:2705b5ebac4219449f9126cc19fa982cf0644e5df60d3d5254131d2e2d676afd",
+    "zh:27f0df80af6652e96f85a0856daa571af495d2119ab126199d6d5ab53f6eb887",
+    "zh:27fbb2fb69291a660d8e99ba960f01051b7fc28658f7932772ce7e80a42bd6e9",
+    "zh:3ecf20ead1f044f08ae9e411c9341d47319eb6af5d6543b58f2f6932c6b288b0",
+    "zh:635055f0af3eb27d30801aeead51d8b960c386f369a378fad7146350ec6b4d68",
+    "zh:7ca26f64221a9c6634a02296e30a87e3fffed1144ac57e0ae9a86a448f42d4ca",
+    "zh:895e0732da00942b2eb13c78673a9c9268e87e92a225999cddf2d13b823f3295",
+    "zh:b3806e5b687faf97ad8cb2a23e105729059693ae07a229fecef52da5279d7bd1",
+    "zh:c3c284a54aab3ddea2dba140af4a707ce077c9c2d9d34556902afdb25fe6ca8e",
+    "zh:d2539f2cc5960a55a53eaaa90248abfb3167275e34af7e93735ec4571eb879eb",
+    "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32",
+  ]
+}
+
 provider "registry.opentofu.org/goauthentik/authentik" {
   version     = "2024.8.3"
   constraints = "2024.8.3"

ingress.tjo.cloud/terraform/dns.tf

@@ -0,0 +1,21 @@
+resource "dnsimple_zone" "all" {
+  for_each = var.zones
+  name     = each.key
+}
+
+locals {
+  records_with_zones = { for key, value in var.records : key => merge(
+    value,
+    { zone = one([for zone in var.zones : zone if endswith(key, zone)]) }
+  ) }
+}
+
+resource "dnsimple_zone_record" "all" {
+  for_each = local.records_with_zones
+
+  zone_name = dnsimple_zone.all[each.value.zone].name
+  name      = trimsuffix(each.key, ".${each.value.zone}")
+  value     = each.value.to
+  type      = each.value.type
+  ttl       = each.value.ttl
+}

ingress.tjo.cloud/terraform/node.tf

@@ -15,7 +15,7 @@ locals {
           auth_key = tailscale_tailnet_key.key.key
         }
         dnsimple = {
-          token    = var.dnsimple_token
+          token = var.dnsimple_token
         }
       }
     })

ingress.tjo.cloud/terraform/terraform.tf

@@ -12,11 +12,20 @@ terraform {
       source  = "tailscale/tailscale"
       version = "0.17.2"
     }
+    dnsimple = {
+      source  = "dnsimple/dnsimple"
+      version = "1.8.0"
+    }
   }
 
   required_version = "~> 1.7.3"
 }
 
+provider "dnsimple" {
+  token   = var.dnsimple_token
+  account = var.dnsimple_account_id
+}
+
 provider "authentik" {
   url   = "https://id.tjo.space"
   token = var.authentik_token

ingress.tjo.cloud/terraform/terraform.tfvars

@@ -47,4 +47,49 @@ nodes = {
 
 ssh_keys = [
   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICXAlzwziqfUUb2qmFwNF/nrBYc5MNT1MMOx81ohBmB+ tine@little.sys.tjo.space"
-]
+]
+
+zones = [
+  "tjo.space",
+  "tjo.cloud",
+]
+
+records = {
+  # TJO.SPACE
+  "tjo.space"      = { to = "any.ingress.tjo.cloud" }
+  "id.tjo.space"   = { to = "any.ingress.tjo.cloud" }
+  "code.tjo.space" = { to = "any.ingress.tjo.cloud" }
+  # mail.tjo.space requires specific ports to be accessible,
+  # which is often not the case for home internet providers.
+  # so we should only ever use "cloud" ingresses.
+  "mail.tjo.space"      = { to = "nevaroo.ingress.tjo.cloud" }
+  "paperless.tjo.space" = { to = "any.ingress.tjo.cloud" }
+  "penpot.tjo.space"    = { to = "any.ingress.tjo.cloud" }
+  "rss.tjo.space"       = { to = "any.ingress.tjo.cloud" }
+  "search.tjo.space"    = { to = "any.ingress.tjo.cloud" }
+  "send.tjo.space"      = { to = "any.ingress.tjo.cloud" }
+  "status.tjo.space"    = { to = "tjo-space.github.io", type = "CNAME" }
+  "stuff.tjo.space"     = { to = "any.ingress.tjo.cloud" }
+  "vault.tjo.space"     = { to = "any.ingress.tjo.cloud" }
+  "yt.tjo.space"        = { to = "any.ingress.tjo.cloud" }
+  # CLOUD.TJO.SPACE
+  "cloud.tjo.space"     = { to = "any.ingress.tjo.cloud" }
+  "collabora.tjo.space" = { to = "any.ingress.tjo.cloud" }
+  # CHAT.TJO.SPACE
+  "chat.tjo.space"         = { to = "any.ingress.tjo.cloud" }
+  "matrix.chat.tjo.space"  = { to = "any.ingress.tjo.cloud" }
+  "webhook.chat.tjo.space" = { to = "any.ingress.tjo.cloud" }
+  "turn.chat.tjo.space"    = { to = "any.ingress.tjo.cloud" }
+  # MEDIA.TJO.SPACE
+  "media.tjo.space"   = { to = "any.ingress.tjo.cloud" }
+  "*.media.tjo.space" = { to = "any.ingress.tjo.cloud" }
+  # TJO.CLOUD
+  "grpc.otel.monitor.tjo.cloud"  = { to = "any.ingress.tjo.cloud" }
+  "http.otel.monitor.tjo.cloud"  = { to = "any.ingress.tjo.cloud" }
+  "loki.monitor.tjo.cloud"       = { to = "any.ingress.tjo.cloud" }
+  "prometheus.monitor.tjo.cloud" = { to = "any.ingress.tjo.cloud" }
+  "monitor.tjo.cloud"            = { to = "any.ingress.tjo.cloud" }
+  "postgresql.tjo.cloud"         = { to = "any.ingress.tjo.cloud" }
+  "proxmox.tjo.cloud"            = { to = "any.ingress.tjo.cloud" }
+  "vault.tjo.cloud"              = { to = "any.ingress.tjo.cloud" }
+}

ingress.tjo.cloud/terraform/variables.tf

@@ -19,6 +19,20 @@ variable "nodes" {
   }))
 }
 
+variable "zones" {
+  type = set(string)
+}
+
+variable "records" {
+  type = map(object({
+    to   = string
+    ttl  = optional(number, 600)
+    type = optional(string, "ALIAS")
+  }))
+}
+
+
+
 variable "ssh_keys" {
   type = list(string)
 }
@@ -41,4 +55,9 @@ variable "tailscale_apikey" {
 variable "dnsimple_token" {
   type      = string
   sensitive = true
-}
+}
+
+variable "dnsimple_account_id" {
+  type = string
+}
+

justfile

@@ -54,4 +54,4 @@ lint:
 
 format:
   @tofu fmt -recursive .
-  @tflint --recursive
+  @tflint --recursive

k8s.tjo.cloud/cluster/terraform.tfstate.encrypted

@@ -1,8 +1,8 @@
 {
-	"version": "ENC[AES256_GCM,data:lQ==,iv:SYNcW46e7HEOh7iczdWJFH9I8y8sox0nzrcYcrPiKKM=,tag:HinDAl4Q6896UllEruRV8Q==,type:float]",
-	"terraform_version": "ENC[AES256_GCM,data:1mbixhY=,iv:mCUnLWsm1lmfmpmRcFMo5sT+zrZcuh9toCieKZGCq1E=,tag:BvkRHRvrainaz8meSNIm7A==,type:str]",
-	"serial": "ENC[AES256_GCM,data:mw==,iv:Pl0GbMeWh+0vIcWzgDyS97QZ6bpUA3JOMVnTKB8Xels=,tag:/UWZxEzlgIkRYCPMCQbBKA==,type:float]",
-	"lineage": "ENC[AES256_GCM,data:TDGlpj0jUKKGYiJnQdqzn4uCF9TFTJYqfGwpPeeOEeWzQOri,iv:uI9OXyJYHI84IisQ3xND+xLl+tA5nOaScHtW+o19OLI=,tag:EcezSEDO0XTzATY/vCylZw==,type:str]",
+	"version": "ENC[AES256_GCM,data:rw==,iv:dwK8SyF/1wanH+zrZ/ZJ2Gpf9lmx8yh/zga8yVWGDAk=,tag:WyqCUlFdTCBEKxGGiLoqMw==,type:float]",
+	"terraform_version": "ENC[AES256_GCM,data:jGfiZv8=,iv:Z4kLokk55GLLbd93KwAKCszR4nLVQDycJZ1r4g7aB6I=,tag:xvDTMgvAYeUARB111zPD0Q==,type:str]",
+	"serial": "ENC[AES256_GCM,data:YA==,iv:YWcTW1PN6OdYlaV3Eq2X03m9bbWtXdOjZQl/EKHN9xc=,tag:6hJ1Unzc03xKP407IHwszQ==,type:float]",
+	"lineage": "ENC[AES256_GCM,data:gXyW0OIJEnMQopZaqpHmMPK03c7ANMHQdx1wHME9ajinCPSQ,iv:N7PS1r8emaycLdMeu125gg1fbVihOZ7WO8gkRVfbFYM=,tag:i8ks4+Aba3626M5zflIzuw==,type:str]",
 	"outputs": {},
 	"resources": [],
 	"check_results": null,
@@ -14,11 +14,11 @@
 		"age": [
 			{
 				"recipient": "age1cl3d4wtrrqrgldmrzpu53q2mk60r7hrhrymsrwss8s57z4mdv9fst4a55h",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2WU0xYlQ5K2IyUTNBQjdp\ncGd5czRrNGJtazNHeTkySFJFbXpIbkRMZUZ3CldDVVR2YVBjdHo3V09OSi9sS2ps\nWHVxdUw4dnpZWUpwVENuVCt6YzNGR0EKLS0tIHQ5UnpBTG1STFpkVW5OTExpRXN0\nSXFXajlzenJHWm10a3hyZ1B2V2djZW8KCyre83uxYFWHuJFfZrxVTinFHFod42aF\nOqVk7nWcQmFaoVBbywYKX1XNQEzUz/3LUQh5N9pgBsCCEfd3oVURVQ==\n-----END AGE ENCRYPTED FILE-----\n"
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCMTNhOGp2clVEdzQzV3FE\nL3JWY2phemlsZ3d1Ty9MVDNWejhlQnpMdGw4CnRydUtBZmxWQjlaaTh2WDAydTZI\nd0NCb0lYTVI3QTJEalBqaHZYVHRaUUkKLS0tIDN6ZEtaM2JMYVFNb0NDY1ZUNEdX\nN3RaUUp4QWYxL1V6a0lTS3BwSXpndGMKWMKkqCwljZvBh3r/XSueF+whS1qKBGRE\n5R9/93+0fPARx7QWnmUUjh3G9gCSdSUbp0Hx63spR9l0A0pruZMyxA==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2025-01-04T10:03:25Z",
-		"mac": "ENC[AES256_GCM,data:8GxpvXkg5hBhWOvqgulIZ9SHYiw/2SH8a7VHZ0npF4sRkRDp8l+0CqfNZREHJSKU5UnKfZql+v3cJpM9wzKZSfQf0FATxMpwp8SUi8g4ebeOjHcaYl16ti+63hhvJ9P0SKAdlc7kPZr+FigJSR1Sme9UcjKZXEpaFexvmt/NOBw=,iv:P3CBWgdU4/UCZGBUCBx2wkzvgx4au2imdhNA+mQ0DHM=,tag:QQ5RJXEqDs9YTVBpbnYFdA==,type:str]",
+		"lastmodified": "2025-01-07T21:16:46Z",
+		"mac": "ENC[AES256_GCM,data:OVURip8SAtZ6LkFIgR9JP+JJW6XhxT1RGqBFIyYOKuARV/wXKfhvzZPvZiCkpcSDjQhEQu/wBefjXVqVoD6G7Ml/fNFQEWtmwG+qVsOLDtCzhlz2128Yw2QAysIPSCOPFWAHULaykHUDrr7EKt+KyhRCzCfWsNiaKOJqBuGgdfE=,iv:62ib4WUtBxWBPdRG9XjVfKSeQAcDzwXBd1tomDcE/hE=,tag:GjVWsyUlOpvyA8VE25/RHw==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.9.2"

k8s.tjo.cloud/main.tf

@@ -108,7 +108,7 @@ module "cluster-components" {
   oidc_issuer_url = var.oidc_issuer_url
   oidc_client_id  = var.oidc_client_id
 
-  dnsimple_token = var.dnsimple_token
+  dnsimple_token      = var.dnsimple_token
   dnsimple_account_id = var.dnsimple_account_id
 
   cluster_name   = module.cluster.name

k8s.tjo.cloud/modules/cluster-components/gateway.tf

@@ -18,7 +18,7 @@ resource "kubernetes_manifest" "tjo-cloud-issuer" {
             dns01 = {
               webhook = {
                 solverName = "dnsimple"
-                groupName = "acme.dnsimple.com"
+                groupName  = "acme.dnsimple.com"
                 config = {
                   tokenSecretRef = {
                     name = kubernetes_secret.dnsimple.metadata[0].name

k8s.tjo.cloud/modules/cluster-components/main.tf

@@ -10,7 +10,7 @@ resource "kubernetes_secret" "dnsimple" {
     namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
   }
   data = {
-    token = var.dnsimple_token
+    token      = var.dnsimple_token
     account_id = var.dnsimple_account_id
   }
 }

k8s.tjo.cloud/modules/cluster-components/variables.tf

@@ -1,8 +1,3 @@
-variable "cluster_name" {
-  description = "Name of the cluster."
-  type        = string
-}
-
 variable "cluster_domain" {
   description = "Domain of the cluster."
   type        = string
@@ -21,5 +16,5 @@ variable "dnsimple_token" {
 }
 
 variable "dnsimple_account_id" {
-  type      = string
+  type = string
 }

k8s.tjo.cloud/modules/cluster-core/versions.tf

@@ -6,5 +6,9 @@ terraform {
       source  = "hashicorp/helm"
       version = "2.14.0"
     }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.35.1"
+    }
   }
 }

k8s.tjo.cloud/modules/cluster/main.tf

@@ -343,18 +343,18 @@ resource "dnsimple_zone_record" "api-internal-ipv4" {
   for_each = { for k, v in local.nodes_with_address : k => v if v.type == "controlplane" }
 
   zone_name = var.cluster.api.internal.domain
-  type   = "A"
-  name   = var.cluster.api.internal.subdomain
-  value  = each.value.ipv4
-  ttl    = 30
+  type      = "A"
+  name      = var.cluster.api.internal.subdomain
+  value     = each.value.ipv4
+  ttl       = 30
 }
 
 resource "dnsimple_zone_record" "api-internal-ipv6" {
   for_each = { for k, v in local.nodes_with_address : k => v if v.type == "controlplane" }
 
   zone_name = var.cluster.api.internal.domain
-  type   = "AAAA"
-  name   = var.cluster.api.internal.subdomain
-  value  = each.value.ipv6
-  ttl    = 30
+  type      = "AAAA"
+  name      = var.cluster.api.internal.subdomain
+  value     = each.value.ipv6
+  ttl       = 30
 }

k8s.tjo.cloud/modules/cluster/versions.tf

@@ -15,7 +15,7 @@ terraform {
       version = "1.4.0"
     }
     dnsimple = {
-      source = "dnsimple/dnsimple"
+      source  = "dnsimple/dnsimple"
       version = "1.8.0"
     }
     random = {

k8s.tjo.cloud/terraform.tf

@@ -13,7 +13,7 @@ terraform {
       version = "1.4.0"
     }
     dnsimple = {
-      source = "dnsimple/dnsimple"
+      source  = "dnsimple/dnsimple"
       version = "1.8.0"
     }
     random = {
@@ -69,7 +69,7 @@ provider "proxmox" {
 }
 
 provider "dnsimple" {
-  token = var.dnsimple_token
+  token   = var.dnsimple_token
   account = var.dnsimple_account_id
 }
 

network.tjo.cloud/terraform/terraform.tfvars

@@ -1,53 +1,53 @@
 nodes = {
   batuu = {
-    id      = 700
-    host      = "batuu"
+    id           = 700
+    host         = "batuu"
     boot_storage = "local-nvme"
-    iso_storage = "local"
+    iso_storage  = "local"
 
     bridge_ports = ["enp1s0", "enp2s0"]
-    gateway = "192.168.1.1"
-    address = "192.168.1.161/24"
+    gateway      = "192.168.1.1"
+    address      = "192.168.1.161/24"
   }
   jakku = {
-    id      = 701
-    host      = "jakku"
+    id           = 701
+    host         = "jakku"
     boot_storage = "local-nvme"
-    iso_storage = "local"
+    iso_storage  = "local"
 
     bridge_ports = ["enp1s0", "enp2s0"]
-    gateway = "192.168.1.1"
-    address = "192.168.1.187/24"
+    gateway      = "192.168.1.1"
+    address      = "192.168.1.187/24"
   }
   nevaroo = {
-    id      = 702
-    host      = "nevaroo"
+    id           = 702
+    host         = "nevaroo"
     boot_storage = "local"
-    iso_storage = "local"
+    iso_storage  = "local"
 
-    mac_address = "00:50:56:00:97:FD"
+    mac_address  = "00:50:56:00:97:FD"
     bridge_ports = ["eno1"]
-    gateway = "178.63.49.193"
-    address = "178.63.49.225/26"
+    gateway      = "178.63.49.193"
+    address      = "178.63.49.225/26"
   }
   mustafar = {
-    id      = 703
-    host      = "mustafar"
+    id           = 703
+    host         = "mustafar"
     boot_storage = "local"
-    iso_storage = "local"
+    iso_storage  = "local"
 
     bridge_ports = ["enp3s0", "enp5s0"]
-    gateway = "192.168.64.1"
-    address = "192.168.64.107/24"
+    gateway      = "192.168.64.1"
+    address      = "192.168.64.107/24"
   }
   endor = {
-    id      = 704
-    host      = "endor"
+    id           = 704
+    host         = "endor"
     boot_storage = "local-nvme"
-    iso_storage = "local"
+    iso_storage  = "local"
 
     bridge_ports = ["enp1s0", "enp2s0"]
-    gateway = "192.168.1.1"
-    address = "192.168.1.103/24"
+    gateway      = "192.168.1.1"
+    address      = "192.168.1.103/24"
   }
 }