feat(ops/glesys): Import DNS records for tvl.fyi r/3480

These records were previously configured manually in the GleSYS web UI during our DNS outage (b/155). Note that I could not find a way to `terraform import` these records and have instead recreated the set and then cleaned up in the UI. Since we often point things at whitby, I have extracted variables for its IPs in this change. Change-Id: I09fda94d3734e8aaa278fa858e160d046740da1e Reviewed-on: https://cl.tvl.fyi/c/depot/+/4714 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: grfn <grfn@gws.fyi>
author: Vincent Ambo <mail@tazj.in> 2021-12-27T15·42+0300
committer: clbot <clbot@tvl.fyi> 2021-12-27T16·42+0000
commit: 228138395ba211514c8ba8dcc34f32996d34af91 (patch)
tree: 3df5e07c3f5b04844b73ba545ec12e66e80b39cb /ops/glesys
parent: b2c151cebb2ecdc94852bbe577dda2f5e9dbd9d8 (diff)
3 files changed, 111 insertions, 2 deletions
diff --git a/ops/glesys/dns-nixery-dev.tf b/ops/glesys/dns-nixery-dev.tf
index dabd3a27b9..53a421d20e 100644
--- a/ops/glesys/dns-nixery-dev.tf
+++ b/ops/glesys/dns-nixery-dev.tf
@@ -12,14 +12,14 @@ resource "glesys_dnsdomain_record" "nixery_dev_apex_A" {
   domain = glesys_dnsdomain.nixery_dev.id
   host   = "@"
   type   = "A"
-  data   = "49.12.129.211"
+  data   = var.whitby_ipv4
 }
 
 resource "glesys_dnsdomain_record" "nixery_dev_apex_AAAA" {
   domain = glesys_dnsdomain.nixery_dev.id
   host   = "@"
   type   = "AAAA"
-  data   = "2a01:4f8:242:5b21:0:feed:edef:beef"
+  data   = var.whitby_ipv6
 }
 
 resource "glesys_dnsdomain_record" "nixery_dev_NS1" {
diff --git a/ops/glesys/dns-tvl-fyi.tf b/ops/glesys/dns-tvl-fyi.tf
new file mode 100644
index 0000000000..803bfeae08
--- /dev/null
+++ b/ops/glesys/dns-tvl-fyi.tf
@@ -0,0 +1,99 @@
+# DNS configuration for tvl.fyi
+
+resource "glesys_dnsdomain" "tvl_fyi" {
+  name = "tvl.fyi"
+}
+
+resource "glesys_dnsdomain_record" "tvl_fyi_NS1" {
+  domain = glesys_dnsdomain.tvl_fyi.id
+  host   = "@"
+  type   = "NS"
+  data   = "ns1.namesystem.se."
+}
+
+resource "glesys_dnsdomain_record" "tvl_fyi_NS2" {
+  domain = glesys_dnsdomain.tvl_fyi.id
+  host   = "@"
+  type   = "NS"
+  data   = "ns2.namesystem.se."
+}
+
+resource "glesys_dnsdomain_record" "tvl_fyi_NS3" {
+  domain = glesys_dnsdomain.tvl_fyi.id
+  host   = "@"
+  type   = "NS"
+  data   = "ns3.namesystem.se."
+}
+
+resource "glesys_dnsdomain_record" "tvl_fyi_apex_A" {
+  domain = glesys_dnsdomain.tvl_fyi.id
+  host   = "@"
+  type   = "A"
+  data   = var.whitby_ipv4
+}
+
+resource "glesys_dnsdomain_record" "tvl_fyi_apex_AAAA" {
+  domain = glesys_dnsdomain.tvl_fyi.id
+  host   = "@"
+  type   = "AAAA"
+  data   = var.whitby_ipv6
+}
+
+resource "glesys_dnsdomain_record" "tvl_fyi_whitby_A" {
+  domain = glesys_dnsdomain.tvl_fyi.id
+  host   = "whitby"
+  type   = "A"
+  data   = var.whitby_ipv4
+}
+
+resource "glesys_dnsdomain_record" "tvl_fyi_whitby_AAAA" {
+  domain = glesys_dnsdomain.tvl_fyi.id
+  host   = "whitby"
+  type   = "AAAA"
+  data   = var.whitby_ipv6
+}
+
+# This record is responsible for hosting ~all TVL services. Be
+# mindful!
+resource "glesys_dnsdomain_record" "tvl_fyi_wildcard" {
+  domain = glesys_dnsdomain.tvl_fyi.id
+  host   = "*"
+  type   = "CNAME"
+  data   = "whitby.tvl.fyi."
+}
+
+# Google Domains mail forwarding configuration (no sending)
+resource "glesys_dnsdomain_record" "tvl_fyi_MX_5" {
+  domain = glesys_dnsdomain.tvl_fyi.id
+  host   = "@"
+  type   = "MX"
+  data   = "5 gmr-smtp-in.l.google.com."
+}
+
+resource "glesys_dnsdomain_record" "tvl_fyi_MX_10" {
+  domain = glesys_dnsdomain.tvl_fyi.id
+  host   = "@"
+  type   = "MX"
+  data   = "10 alt1.gmr-smtp-in.l.google.com."
+}
+
+resource "glesys_dnsdomain_record" "tvl_fyi_MX_20" {
+  domain = glesys_dnsdomain.tvl_fyi.id
+  host   = "@"
+  type   = "MX"
+  data   = "20 alt2.gmr-smtp-in.l.google.com."
+}
+
+resource "glesys_dnsdomain_record" "tvl_fyi_MX_30" {
+  domain = glesys_dnsdomain.tvl_fyi.id
+  host   = "@"
+  type   = "MX"
+  data   = "30 alt3.aspmx.l.google.com."
+}
+
+resource "glesys_dnsdomain_record" "tvl_fyi_MX_40" {
+  domain = glesys_dnsdomain.tvl_fyi.id
+  host   = "@"
+  type   = "MX"
+  data   = "40 alt4.gmr-smtp-in.l.google.com."
+}
diff --git a/ops/glesys/main.tf b/ops/glesys/main.tf
index 9fa87f0609..857c1677fb 100644
--- a/ops/glesys/main.tf
+++ b/ops/glesys/main.tf
@@ -50,3 +50,13 @@ resource "glesys_objectstorage_credential" "litestream" {
   instanceid  = glesys_objectstorage_instance.tvl-state.id
   description = "key for litestream"
 }
+
+variable "whitby_ipv4" {
+  type    = string
+  default = "49.12.129.211"
+}
+
+variable "whitby_ipv6" {
+  type    = string
+  default = "2a01:4f8:242:5b21:0:feed:edef:beef"
+}
author	Vincent Ambo <mail@tazj.in>	2021-12-27T15·42+0300
committer	clbot <clbot@tvl.fyi>	2021-12-27T16·42+0000
commit	228138395ba211514c8ba8dcc34f32996d34af91 (patch)
tree	3df5e07c3f5b04844b73ba545ec12e66e80b39cb /ops/glesys
parent	b2c151cebb2ecdc94852bbe577dda2f5e9dbd9d8 (diff)