refactor(ops/glesys): add explicit records pointing to whitby r/4316

instead of setting a wildcard record (which causes really weird behaviour if you set your search domain to tvl.su/tvl.fyi, which I do), DNS records for services running on whitby are now set explicitly. Change-Id: Ia05399b62dad326942fe0efda30782ce153df99d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5961 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su>
author: Vincent Ambo <mail@tazj.in> 2022-07-19T13·57+0300
committer: clbot <clbot@tvl.fyi> 2022-07-22T11·17+0000
commit: 7d3d3b3c8f22236f2947714c6da311d0a5f88009 (patch)
tree: b2801f730a2c2d639bf0c75ae83924a86b07320d /ops/glesys
parent: 1edba49adbf42e2c2baeb6a0741713a12d93196c (diff)
3 files changed, 33 insertions, 14 deletions
diff --git a/ops/glesys/dns-tvl-fyi.tf b/ops/glesys/dns-tvl-fyi.tf
index 803bfeae08..26105e9fdc 100644
--- a/ops/glesys/dns-tvl-fyi.tf
+++ b/ops/glesys/dns-tvl-fyi.tf
@@ -53,13 +53,13 @@ resource "glesys_dnsdomain_record" "tvl_fyi_whitby_AAAA" {
   data   = var.whitby_ipv6
 }
 
-# This record is responsible for hosting ~all TVL services. Be
-# mindful!
-resource "glesys_dnsdomain_record" "tvl_fyi_wildcard" {
-  domain = glesys_dnsdomain.tvl_fyi.id
-  host   = "*"
-  type   = "CNAME"
-  data   = "whitby.tvl.fyi."
+# Explicit records for all services running on whitby
+resource "glesys_dnsdomain_record" "tvl_fyi_whitby_services" {
+  domain   = glesys_dnsdomain.tvl_fyi.id
+  type     = "CNAME"
+  data     = "whitby.tvl.fyi."
+  host     = each.key
+  for_each = toset(local.whitby_services)
 }
 
 # Google Domains mail forwarding configuration (no sending)
diff --git a/ops/glesys/dns-tvl-su.tf b/ops/glesys/dns-tvl-su.tf
index 39fd054e01..f7f68cc5f9 100644
--- a/ops/glesys/dns-tvl-su.tf
+++ b/ops/glesys/dns-tvl-su.tf
@@ -67,13 +67,13 @@ resource "glesys_dnsdomain_record" "tvl_su_sanduny_AAAA" {
   data   = var.sanduny_ipv6
 }
 
-# This record is responsible for hosting ~all TVL services. Be
-# mindful!
-resource "glesys_dnsdomain_record" "tvl_su_wildcard" {
-  domain = glesys_dnsdomain.tvl_su.id
-  host   = "*"
-  type   = "CNAME"
-  data   = "whitby.tvl.su."
+# Explicit records for all services running on whitby
+resource "glesys_dnsdomain_record" "tvl_su_whitby_services" {
+  domain   = glesys_dnsdomain.tvl_su.id
+  type     = "CNAME"
+  data     = "whitby.tvl.su."
+  host     = each.key
+  for_each = toset(local.whitby_services)
 }
 
 resource "glesys_dnsdomain_record" "tvl_su_TXT_google_site" {
diff --git a/ops/glesys/main.tf b/ops/glesys/main.tf
index 9452971054..cd5ea9f4fd 100644
--- a/ops/glesys/main.tf
+++ b/ops/glesys/main.tf
@@ -66,3 +66,22 @@ variable "sanduny_ipv6" {
   type    = string
   default = "2001:ba8:1f1:f109::feed:edef:beef"
 }
+
+locals {
+  # Hostnames of all public services on whitby
+  whitby_services = [
+    "at",
+    "atward",
+    "auth",
+    "b",
+    "cache",
+    "cl",
+    "code",
+    "cs",
+    "deploys",
+    "images",
+    "static",
+    "status",
+    "todo",
+  ]
+}
author	Vincent Ambo <mail@tazj.in>	2022-07-19T13·57+0300
committer	clbot <clbot@tvl.fyi>	2022-07-22T11·17+0000
commit	7d3d3b3c8f22236f2947714c6da311d0a5f88009 (patch)
tree	b2801f730a2c2d639bf0c75ae83924a86b07320d /ops/glesys
parent	1edba49adbf42e2c2baeb6a0741713a12d93196c (diff)