diff options
Diffstat (limited to 'ops/dns')
| -rw-r--r-- | ops/dns/README.md | 11 | ||||
| -rw-r--r-- | ops/dns/default.nix | 14 | ||||
| -rw-r--r-- | ops/dns/nixery.dev.zone | 10 | ||||
| -rw-r--r-- | ops/dns/tvl.fyi.zone | 39 | ||||
| -rw-r--r-- | ops/dns/tvl.su.zone | 51 |
5 files changed, 125 insertions, 0 deletions
diff --git a/ops/dns/README.md b/ops/dns/README.md new file mode 100644 index 0000000000..2290299fe4 --- /dev/null +++ b/ops/dns/README.md @@ -0,0 +1,11 @@ +DNS configuration +================= + +This folder contains configuration for our DNS zones. The zones are hosted with +Google Cloud DNS, which supports zone-file based import/export. + +Currently there is no automation to deploy these zones, but CI will check their +integrity. + +*Note: While each zone file specifies an SOA record, it only exists to satisfy +`named-checkzone`. Cloud DNS manages this record for us.* diff --git a/ops/dns/default.nix b/ops/dns/default.nix new file mode 100644 index 0000000000..ad6e136f27 --- /dev/null +++ b/ops/dns/default.nix @@ -0,0 +1,14 @@ +# Performs simple (local-only) validity checks on DNS zones. +{ depot, pkgs, ... }: + +let + checkZone = zone: file: pkgs.runCommandNoCC "${zone}-check" { } '' + ${pkgs.bind}/bin/named-checkzone -i local ${zone} ${file} | tee $out + ''; + +in +depot.nix.readTree.drvTargets { + nixery-dev = checkZone "nixery.dev" ./nixery.dev.zone; + tvl-fyi = checkZone "tvl.fyi" ./tvl.fyi.zone; + tvl-su = checkZone "tvl.su" ./tvl.su.zone; +} diff --git a/ops/dns/nixery.dev.zone b/ops/dns/nixery.dev.zone new file mode 100644 index 0000000000..44cabab29b --- /dev/null +++ b/ops/dns/nixery.dev.zone @@ -0,0 +1,10 @@ +;; Google Cloud DNS zone for nixery.dev +nixery.dev. 21600 IN SOA ns-cloud-b1.googledomains.com. cloud-dns-hostmaster.google.com. 5 21600 3600 259200 300 +nixery.dev. 21600 IN NS ns-cloud-b1.googledomains.com. +nixery.dev. 21600 IN NS ns-cloud-b2.googledomains.com. +nixery.dev. 21600 IN NS ns-cloud-b3.googledomains.com. +nixery.dev. 21600 IN NS ns-cloud-b4.googledomains.com. + +;; Records for pointing nixery.dev to whitby +nixery.dev. 300 IN A 49.12.129.211 +nixery.dev. 300 IN AAAA 2a01:4f8:242:5b21:0:feed:edef:beef diff --git a/ops/dns/tvl.fyi.zone b/ops/dns/tvl.fyi.zone new file mode 100644 index 0000000000..d1961c6a7a --- /dev/null +++ b/ops/dns/tvl.fyi.zone @@ -0,0 +1,39 @@ +;; Google Cloud DNS zone for tvl.fyi. +;; +;; This zone is hosted in the project 'tvl-fyi', and registered via +;; Google Domains. +tvl.fyi. 21600 IN SOA ns-cloud-b1.googledomains.com. cloud-dns-hostmaster.google.com. 20 21600 3600 259200 300 +tvl.fyi. 21600 IN NS ns-cloud-b1.googledomains.com. +tvl.fyi. 21600 IN NS ns-cloud-b2.googledomains.com. +tvl.fyi. 21600 IN NS ns-cloud-b3.googledomains.com. +tvl.fyi. 21600 IN NS ns-cloud-b4.googledomains.com. + +;; Mail forwarding (via domains.google) +tvl.fyi. 3600 IN MX 5 gmr-smtp-in.l.google.com. +tvl.fyi. 3600 IN MX 10 alt1.gmr-smtp-in.l.google.com. +tvl.fyi. 3600 IN MX 20 alt2.gmr-smtp-in.l.google.com. +tvl.fyi. 3600 IN MX 30 alt3.gmr-smtp-in.l.google.com. +tvl.fyi. 3600 IN MX 40 alt4.gmr-smtp-in.l.google.com. + +;; Landing website is hosted on whitby on the apex. +tvl.fyi. 21600 IN A 49.12.129.211 +tvl.fyi. 21600 IN AAAA 2a01:4f8:242:5b21:0:feed:edef:beef + +;; TVL infrastructure +whitby.tvl.fyi. 21600 IN A 49.12.129.211 +whitby.tvl.fyi. 21600 IN AAAA 2a01:4f8:242:5b21:0:feed:edef:beef + +;; TVL services +at.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi. +atward.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi. +b.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi. +cache.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi. +cl.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi. +code.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi. +cs.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi. +deploys.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi. +images.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi. +login.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi. +static.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi. +status.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi. +todo.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi. diff --git a/ops/dns/tvl.su.zone b/ops/dns/tvl.su.zone new file mode 100644 index 0000000000..da46752f13 --- /dev/null +++ b/ops/dns/tvl.su.zone @@ -0,0 +1,51 @@ +;; Google Cloud DNS for tvl.su. +;; +;; This zone is hosted in the project 'tvl-fyi', and registered via +;; NIC.RU. +;; +;; This zone is mostly identical to tvl.fyi and will eventually become +;; the primary zone. +tvl.su. 21600 IN SOA ns-cloud-b1.googledomains.com. cloud-dns-hostmaster.google.com. 33 21600 3600 259200 300 +tvl.su. 21600 IN NS ns-cloud-b1.googledomains.com. +tvl.su. 21600 IN NS ns-cloud-b2.googledomains.com. +tvl.su. 21600 IN NS ns-cloud-b3.googledomains.com. +tvl.su. 21600 IN NS ns-cloud-b4.googledomains.com. + +;; Landing website is hosted on whitby on the apex. +tvl.su. 21600 IN A 49.12.129.211 +tvl.su. 21600 IN AAAA 2a01:4f8:242:5b21:0:feed:edef:beef + +;; TVL infrastructure +whitby.tvl.su. 21600 IN A 49.12.129.211 +whitby.tvl.su. 21600 IN AAAA 2a01:4f8:242:5b21:0:feed:edef:beef + +;; TVL services +at.tvl.su. 21600 IN CNAME whitby.tvl.su. +atward.tvl.su. 21600 IN CNAME whitby.tvl.su. +b.tvl.su. 21600 IN CNAME whitby.tvl.su. +cache.tvl.su. 21600 IN CNAME whitby.tvl.su. +cl.tvl.su. 21600 IN CNAME whitby.tvl.su. +code.tvl.su. 21600 IN CNAME whitby.tvl.su. +cs.tvl.su. 21600 IN CNAME whitby.tvl.su. +images.tvl.su. 21600 IN CNAME whitby.tvl.su. +login.tvl.su. 21600 IN CNAME whitby.tvl.su. +static.tvl.su. 21600 IN CNAME whitby.tvl.su. +status.tvl.su. 21600 IN CNAME whitby.tvl.su. +todo.tvl.su. 21600 IN CNAME whitby.tvl.su. + +;; Google Workspaces domain verification +tvl.su. 21600 IN TXT "google-site-verification=3ksTBzFK3lZlzD3ddBfpaHs9qasfAiYBmvbW2T_ejH4" + +;; Google Workspaces email configuration +tvl.su. 21600 IN MX 1 aspmx.l.google.com. +tvl.su. 21600 IN MX 5 alt1.aspmx.l.google.com. +tvl.su. 21600 IN MX 5 alt2.aspmx.l.google.com. +tvl.su. 21600 IN MX 10 alt3.aspmx.l.google.com. +tvl.su. 21600 IN MX 10 alt4.aspmx.l.google.com. +tvl.su. 21600 IN TXT "v=spf1 include:_spf.google.com ~all" +google._domainkey.tvl.su. 21600 IN TXT ("v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqCbnGa8oPwrudJK60l6MJj3NBnwj8wAPXNGtYy2SXrOBi7FT+ySwW7ATpfv6Xq9zGDUWJsENPUlFmvDiUs7Qi4scnNvSO1L+sDseB9/q1m3gMFVnTuieDO/" "T+KKkg0+uYgMM7YX5PahsAAJJ+EMb/r4afl3tcBMPR64VveKQ0hiSHA4zIYPsB9FB+b8S5C46uyY0r6WR7IzGjq2Gzb1do0kxvaKItTITWLSImcUu5ZZuXOUKJb441frVBWur5lXaYuedkxb1IRTTK0V/mBODE1D7k73MxGrqlzaMPdCqz+c3hRE18WVUkBTYjANVXDrs3yzBBVxaIAeu++vkO6BvQIDAQAB") + +;; Google Workspaces site aliases +docs.tvl.su. 21600 IN CNAME ghs.googlehosted.com. +groups.tvl.su. 21600 IN CNAME ghs.googlehosted.com. +mail.tvl.su. 21600 IN CNAME ghs.googlehosted.com. |