about summary refs log tree commit diff
path: root/ops/dns
diff options
context:
space:
mode:
Diffstat (limited to 'ops/dns')
-rw-r--r--ops/dns/README.md11
-rw-r--r--ops/dns/default.nix13
-rw-r--r--ops/dns/nixery.dev.zone10
-rw-r--r--ops/dns/tvl.fyi.zone39
-rw-r--r--ops/dns/tvl.su.zone51
5 files changed, 124 insertions, 0 deletions
diff --git a/ops/dns/README.md b/ops/dns/README.md
new file mode 100644
index 000000000000..2290299fe46c
--- /dev/null
+++ b/ops/dns/README.md
@@ -0,0 +1,11 @@
+DNS configuration
+=================
+
+This folder contains configuration for our DNS zones. The zones are hosted with
+Google Cloud DNS, which supports zone-file based import/export.
+
+Currently there is no automation to deploy these zones, but CI will check their
+integrity.
+
+*Note: While each zone file specifies an SOA record, it only exists to satisfy
+`named-checkzone`. Cloud DNS manages this record for us.*
diff --git a/ops/dns/default.nix b/ops/dns/default.nix
new file mode 100644
index 000000000000..136a4c58dca7
--- /dev/null
+++ b/ops/dns/default.nix
@@ -0,0 +1,13 @@
+# Performs simple (local-only) validity checks on DNS zones.
+{ depot, pkgs, ... }:
+
+let
+  checkZone = zone: file: pkgs.runCommandNoCC "${zone}-check" {} ''
+    ${pkgs.bind}/bin/named-checkzone -i local ${zone} ${file} | tee $out
+  '';
+
+in depot.nix.readTree.drvTargets {
+  nixery-dev = checkZone "nixery.dev" ./nixery.dev.zone;
+  tvl-fyi = checkZone "tvl.fyi" ./tvl.fyi.zone;
+  tvl-su = checkZone "tvl.su" ./tvl.su.zone;
+}
diff --git a/ops/dns/nixery.dev.zone b/ops/dns/nixery.dev.zone
new file mode 100644
index 000000000000..44cabab29bd8
--- /dev/null
+++ b/ops/dns/nixery.dev.zone
@@ -0,0 +1,10 @@
+;; Google Cloud DNS zone for nixery.dev
+nixery.dev. 21600 IN SOA ns-cloud-b1.googledomains.com. cloud-dns-hostmaster.google.com. 5 21600 3600 259200 300
+nixery.dev. 21600 IN NS ns-cloud-b1.googledomains.com.
+nixery.dev. 21600 IN NS ns-cloud-b2.googledomains.com.
+nixery.dev. 21600 IN NS ns-cloud-b3.googledomains.com.
+nixery.dev. 21600 IN NS ns-cloud-b4.googledomains.com.
+
+;; Records for pointing nixery.dev to whitby
+nixery.dev. 300 IN A 49.12.129.211
+nixery.dev. 300 IN AAAA 2a01:4f8:242:5b21:0:feed:edef:beef
diff --git a/ops/dns/tvl.fyi.zone b/ops/dns/tvl.fyi.zone
new file mode 100644
index 000000000000..d1961c6a7a82
--- /dev/null
+++ b/ops/dns/tvl.fyi.zone
@@ -0,0 +1,39 @@
+;; Google Cloud DNS zone for tvl.fyi.
+;;
+;; This zone is hosted in the project 'tvl-fyi', and registered via
+;; Google Domains.
+tvl.fyi. 21600 IN SOA ns-cloud-b1.googledomains.com. cloud-dns-hostmaster.google.com. 20 21600 3600 259200 300
+tvl.fyi. 21600 IN NS ns-cloud-b1.googledomains.com.
+tvl.fyi. 21600 IN NS ns-cloud-b2.googledomains.com.
+tvl.fyi. 21600 IN NS ns-cloud-b3.googledomains.com.
+tvl.fyi. 21600 IN NS ns-cloud-b4.googledomains.com.
+
+;; Mail forwarding (via domains.google)
+tvl.fyi. 3600 IN MX 5 gmr-smtp-in.l.google.com.
+tvl.fyi. 3600 IN MX 10 alt1.gmr-smtp-in.l.google.com.
+tvl.fyi. 3600 IN MX 20 alt2.gmr-smtp-in.l.google.com.
+tvl.fyi. 3600 IN MX 30 alt3.gmr-smtp-in.l.google.com.
+tvl.fyi. 3600 IN MX 40 alt4.gmr-smtp-in.l.google.com.
+
+;; Landing website is hosted on whitby on the apex.
+tvl.fyi. 21600 IN A 49.12.129.211
+tvl.fyi. 21600 IN AAAA 2a01:4f8:242:5b21:0:feed:edef:beef
+
+;; TVL infrastructure
+whitby.tvl.fyi. 21600 IN A 49.12.129.211
+whitby.tvl.fyi. 21600 IN AAAA 2a01:4f8:242:5b21:0:feed:edef:beef
+
+;; TVL services
+at.tvl.fyi.      21600 IN CNAME whitby.tvl.fyi.
+atward.tvl.fyi.  21600 IN CNAME whitby.tvl.fyi.
+b.tvl.fyi.       21600 IN CNAME whitby.tvl.fyi.
+cache.tvl.fyi.   21600 IN CNAME whitby.tvl.fyi.
+cl.tvl.fyi.      21600 IN CNAME whitby.tvl.fyi.
+code.tvl.fyi.    21600 IN CNAME whitby.tvl.fyi.
+cs.tvl.fyi.      21600 IN CNAME whitby.tvl.fyi.
+deploys.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi.
+images.tvl.fyi.  21600 IN CNAME whitby.tvl.fyi.
+login.tvl.fyi.   21600 IN CNAME whitby.tvl.fyi.
+static.tvl.fyi.  21600 IN CNAME whitby.tvl.fyi.
+status.tvl.fyi.  21600 IN CNAME whitby.tvl.fyi.
+todo.tvl.fyi.    21600 IN CNAME whitby.tvl.fyi.
diff --git a/ops/dns/tvl.su.zone b/ops/dns/tvl.su.zone
new file mode 100644
index 000000000000..da46752f13ba
--- /dev/null
+++ b/ops/dns/tvl.su.zone
@@ -0,0 +1,51 @@
+;; Google Cloud DNS for tvl.su.
+;;
+;; This zone is hosted in the project 'tvl-fyi', and registered via
+;; NIC.RU.
+;;
+;; This zone is mostly identical to tvl.fyi and will eventually become
+;; the primary zone.
+tvl.su. 21600 IN SOA ns-cloud-b1.googledomains.com. cloud-dns-hostmaster.google.com. 33 21600 3600 259200 300
+tvl.su. 21600 IN NS ns-cloud-b1.googledomains.com.
+tvl.su. 21600 IN NS ns-cloud-b2.googledomains.com.
+tvl.su. 21600 IN NS ns-cloud-b3.googledomains.com.
+tvl.su. 21600 IN NS ns-cloud-b4.googledomains.com.
+
+;; Landing website is hosted on whitby on the apex.
+tvl.su. 21600 IN A 49.12.129.211
+tvl.su. 21600 IN AAAA 2a01:4f8:242:5b21:0:feed:edef:beef
+
+;; TVL infrastructure
+whitby.tvl.su. 21600 IN A 49.12.129.211
+whitby.tvl.su. 21600 IN AAAA 2a01:4f8:242:5b21:0:feed:edef:beef
+
+;; TVL services
+at.tvl.su.     21600 IN CNAME whitby.tvl.su.
+atward.tvl.su. 21600 IN CNAME whitby.tvl.su.
+b.tvl.su.      21600 IN CNAME whitby.tvl.su.
+cache.tvl.su.  21600 IN CNAME whitby.tvl.su.
+cl.tvl.su.     21600 IN CNAME whitby.tvl.su.
+code.tvl.su.   21600 IN CNAME whitby.tvl.su.
+cs.tvl.su.     21600 IN CNAME whitby.tvl.su.
+images.tvl.su. 21600 IN CNAME whitby.tvl.su.
+login.tvl.su.  21600 IN CNAME whitby.tvl.su.
+static.tvl.su. 21600 IN CNAME whitby.tvl.su.
+status.tvl.su. 21600 IN CNAME whitby.tvl.su.
+todo.tvl.su.   21600 IN CNAME whitby.tvl.su.
+
+;; Google Workspaces domain verification
+tvl.su. 21600 IN TXT "google-site-verification=3ksTBzFK3lZlzD3ddBfpaHs9qasfAiYBmvbW2T_ejH4"
+
+;; Google Workspaces email configuration
+tvl.su. 21600 IN MX 1 aspmx.l.google.com.
+tvl.su. 21600 IN MX 5 alt1.aspmx.l.google.com.
+tvl.su. 21600 IN MX 5 alt2.aspmx.l.google.com.
+tvl.su. 21600 IN MX 10 alt3.aspmx.l.google.com.
+tvl.su. 21600 IN MX 10 alt4.aspmx.l.google.com.
+tvl.su. 21600 IN TXT "v=spf1 include:_spf.google.com ~all"
+google._domainkey.tvl.su. 21600 IN TXT ("v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqCbnGa8oPwrudJK60l6MJj3NBnwj8wAPXNGtYy2SXrOBi7FT+ySwW7ATpfv6Xq9zGDUWJsENPUlFmvDiUs7Qi4scnNvSO1L+sDseB9/q1m3gMFVnTuieDO/" "T+KKkg0+uYgMM7YX5PahsAAJJ+EMb/r4afl3tcBMPR64VveKQ0hiSHA4zIYPsB9FB+b8S5C46uyY0r6WR7IzGjq2Gzb1do0kxvaKItTITWLSImcUu5ZZuXOUKJb441frVBWur5lXaYuedkxb1IRTTK0V/mBODE1D7k73MxGrqlzaMPdCqz+c3hRE18WVUkBTYjANVXDrs3yzBBVxaIAeu++vkO6BvQIDAQAB")
+
+;; Google Workspaces site aliases
+docs.tvl.su. 21600 IN CNAME ghs.googlehosted.com.
+groups.tvl.su. 21600 IN CNAME ghs.googlehosted.com.
+mail.tvl.su. 21600 IN CNAME ghs.googlehosted.com.