feat(ops/dns): Import tvl.fyi DNS zone into depot r/2280

Imports the current state of the tvl.fyi zone and configures simple CI
checks on the file format.

No deployment automation exists for this (yet?).

Change-Id: Ia7d72e02b9f6d3adef994c5dc1898cc0df9dfcfb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2600
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>

3 files changed, 58 insertions, 0 deletions

diff --git a/ops/dns/README.md b/ops/dns/README.md
new file mode 100644
index 0000000000..2290299fe4
--- /dev/null
+++ b/ops/dns/README.md
@@ -0,0 +1,11 @@
+DNS configuration
+=================
+
+This folder contains configuration for our DNS zones. The zones are hosted with
+Google Cloud DNS, which supports zone-file based import/export.
+
+Currently there is no automation to deploy these zones, but CI will check their
+integrity.
+
+*Note: While each zone file specifies an SOA record, it only exists to satisfy
+`named-checkzone`. Cloud DNS manages this record for us.*
diff --git a/ops/dns/default.nix b/ops/dns/default.nix
new file mode 100644
index 0000000000..d2f75f836c
--- /dev/null
+++ b/ops/dns/default.nix
@@ -0,0 +1,14 @@
+# Performs simple (local-only) validity checks on DNS zones.
+{ pkgs, ... }:
+
+let
+  checkZone = zone: file: pkgs.runCommandNoCC "${zone}-check" {} ''
+    ${pkgs.bind}/bin/named-checkzone -i local ${zone} ${file} | tee $out
+  '';
+
+  zones = {
+    tvl-fyi = checkZone "tvl.fyi" ./tvl.fyi.zone;
+  };
+in zones // {
+  meta.targets = builtins.attrNames zones;
+}
diff --git a/ops/dns/tvl.fyi.zone b/ops/dns/tvl.fyi.zone
new file mode 100644
index 0000000000..8707ca2ed4
--- /dev/null
+++ b/ops/dns/tvl.fyi.zone
@@ -0,0 +1,33 @@
+;; Google Cloud DNS zone for tvl.fyi.
+;;
+;; This zone is hosted in the project 'tvl-fyi', and registered via
+;; Google Domains.
+tvl.fyi. 21600 IN SOA ns-cloud-b1.googledomains.com. cloud-dns-hostmaster.google.com. 9 21600 3600 259200 300
+tvl.fyi. 21600 IN NS ns-cloud-b1.googledomains.com.
+tvl.fyi. 21600 IN NS ns-cloud-b2.googledomains.com.
+tvl.fyi. 21600 IN NS ns-cloud-b3.googledomains.com.
+tvl.fyi. 21600 IN NS ns-cloud-b4.googledomains.com.
+
+;; Mail forwarding (via domains.google)
+tvl.fyi. 3600 IN MX 5 gmr-smtp-in.l.google.com.
+tvl.fyi. 3600 IN MX 10 alt1.gmr-smtp-in.l.google.com.
+tvl.fyi. 3600 IN MX 20 alt2.gmr-smtp-in.l.google.com.
+tvl.fyi. 3600 IN MX 30 alt3.gmr-smtp-in.l.google.com.
+tvl.fyi. 3600 IN MX 40 alt4.gmr-smtp-in.l.google.com.
+
+;; Landing website is hosted on whitby on the apex.
+tvl.fyi. 21600 IN A 49.12.129.211
+tvl.fyi. 21600 IN AAAA 2a01:4f8:242:5b21:0:feed:edef:beef
+
+;; TVL infrastructure
+whitby.tvl.fyi. 21600 IN A 49.12.129.211
+whitby.tvl.fyi. 21600 IN AAAA 2a01:4f8:242:5b21:0:feed:edef:beef
+
+;; TVL services
+b.tvl.fyi.     21600 IN CNAME whitby.tvl.fyi.
+cache.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi.
+cl.tvl.fyi.    21600 IN CNAME whitby.tvl.fyi.
+code.tvl.fyi.  21600 IN CNAME whitby.tvl.fyi.
+cs.tvl.fyi.    21600 IN CNAME whitby.tvl.fyi.
+login.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi.
+todo.tvl.fyi.  21600 IN CNAME whitby.tvl.fyi.