feat(tf): system records

ci/deploy.sh

@@ -9,7 +9,7 @@ NF_ADDR=${NF_ADDR-${NF_HOST}.local}
 
 if [[ $NF_ADDR = tewi.local ]]; then
 	# work around homekit namespace clash
-	NF_ADDR=tewi.local.cutie.moe
+	NF_ADDR=tewi.local.gensokyo.zone
 fi
 
 if [[ $# -eq 0 ]]; then

modules/nixos/access.nix

@@ -19,9 +19,9 @@ in {
 
   config.networking.access = {
     hostnameForNetwork = {
-      local = mkIf config.services.avahi.enable "${hostName}.local.cutie.moe";
-      tail = mkIf config.services.tailscale.enable "${hostName}.tail.cutie.moe";
-      global = mkIf config.networking.enableIPv6 "${hostName}.cutie.moe";
+      local = mkIf config.services.avahi.enable "${hostName}.local.gensokyo.zone";
+      tail = mkIf config.services.tailscale.enable "${hostName}.tail.gensokyo.zone";
+      global = mkIf config.networking.enableIPv6 "${hostName}.gensokyo.zone";
     };
   };
 }

tf/cloudflare_records.tf

@@ -0,0 +1,33 @@
+module "reisen_system_records" {
+  source    = "./system/records"
+  name      = "reisen"
+  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
+  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
+  local_v4  = "10.1.1.40"
+}
+
+module "tewi_system_records" {
+  source       = "./system/records"
+  name         = "tei"
+  zone_id      = cloudflare_zone.gensokyo-zone_zone.id
+  zone_zone    = cloudflare_zone.gensokyo-zone_zone.zone
+  tailscale_v4 = "100.74.104.29"
+  tailscale_v6 = "fd7a:115c:a1e0::fd8a:681d"
+  local_v4     = "10.1.1.39"
+  local_v6     = "fd0a::be24:11ff:fecc:6657"
+  local_subdomains = [
+    "mqtt",
+    "home"
+  ]
+}
+
+module "tewi_legacy_system_records" {
+  source       = "./system/records"
+  name         = "tewi"
+  zone_id      = cloudflare_zone.gensokyo-zone_zone.id
+  zone_zone    = cloudflare_zone.gensokyo-zone_zone.zone
+  tailscale_v4 = "100.88.107.41"
+  tailscale_v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6258:6b29"
+  local_v4     = "10.1.1.38"
+  local_v6     = "fd0a::eea8:6bff:fefe:3986"
+}

tf/cloudflare_tunnels.tf

@@ -22,7 +22,7 @@ output "cloudflare_tunnel_id_tewi" {
 }
 
 output "cloudflare_tunnel_token_tewi" {
-  value = module.tewi.token
+  value     = module.tewi.token
   sensitive = true
 }
 
@@ -58,7 +58,7 @@ output "cloudflare_tunnel_id_mediabox" {
 }
 
 output "cloudflare_tunnel_token_mediabox" {
-  value = module.mediabox.token
+  value     = module.mediabox.token
   sensitive = true
 }
 

tf/system/records/cnames.tf

@@ -0,0 +1,27 @@
+variable "local_subdomains" {
+  type    = list(string)
+  default = []
+}
+
+locals {
+  cname_records = concat(
+    [for subdomain in var.local_subdomains : {
+      name  = "${subdomain}.local",
+      value = "${local.local_name}.${var.zone_zone}",
+    }],
+    local.has_tailscale ? [for subdomain in var.local_subdomains : {
+      name  = "${subdomain}.tail",
+      value = "${local.tailscale_name}.${var.zone_zone}",
+    }] : [],
+  )
+}
+
+resource "cloudflare_record" "cname_records" {
+  for_each = { for i, cname in local.cname_records : cname.name => i }
+  name     = local.cname_records[each.value].name
+  proxied  = false
+  ttl      = 360
+  type     = "CNAME"
+  value    = local.cname_records[each.value].value
+  zone_id  = var.zone_id
+}

tf/system/records/records.tf

@@ -0,0 +1,114 @@
+variable "zone_id" {
+  type = string
+}
+
+variable "zone_zone" {
+  type = string
+}
+
+variable "name" {
+  type = string
+}
+
+variable "tailscale_name" {
+  type    = string
+  default = null
+}
+
+variable "tailscale_v4" {
+  type    = string
+  default = null
+}
+
+variable "tailscale_v6" {
+  type    = string
+  default = null
+}
+
+variable "local_name" {
+  type    = string
+  default = null
+}
+
+variable "local_v4" {
+  type    = string
+  default = null
+}
+
+variable "local_v6" {
+  type    = string
+  default = null
+}
+
+variable "global_name" {
+  type    = string
+  default = null
+}
+
+variable "global_v4" {
+  type    = string
+  default = null
+}
+
+variable "global_v6" {
+  type    = string
+  default = null
+}
+
+locals {
+  local_name     = coalesce(var.local_name, "${var.name}.local")
+  tailscale_name = coalesce(var.tailscale_name, "${var.name}.tail")
+  global_name    = coalesce(var.global_name, var.name)
+
+  has_tailscale = var.tailscale_v4 != null || var.tailscale_v6 != null
+
+  a_records = [
+    {
+      name  = local.local_name,
+      value = var.local_v4,
+    },
+    {
+      name  = local.global_name,
+      value = var.global_v4,
+    },
+    {
+      name  = local.tailscale_name,
+      value = var.tailscale_v4,
+    }
+  ]
+
+  aaaa_records = [
+    {
+      name  = local.local_name,
+      value = var.local_v6,
+    },
+    {
+      name  = local.global_name,
+      value = var.global_v6,
+    },
+    {
+      name  = local.tailscale_name,
+      value = var.tailscale_v6,
+    }
+  ]
+}
+
+resource "cloudflare_record" "a_records" {
+  for_each = { for i, a in local.a_records : a.name => i if a.value != null }
+  name     = local.a_records[each.value].name
+  proxied  = false
+  ttl      = 3600
+  type     = "A"
+  value    = local.a_records[each.value].value
+  zone_id  = var.zone_id
+}
+
+resource "cloudflare_record" "aaaa_records" {
+  for_each = { for i, aaaa in local.aaaa_records : aaaa.name => i if aaaa.value != null }
+  name     = local.aaaa_records[each.value].name
+  proxied  = false
+  ttl      = 3600
+  type     = "AAAA"
+  value    = local.aaaa_records[each.value].value
+  zone_id  = var.zone_id
+}

tf/system/records/terraform.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.6.0"
+
+  required_providers {
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = ">= 4.22.0"
+    }
+  }
+}

tf/tunnel/tunnel.tf

@@ -25,7 +25,7 @@ output "id" {
 }
 
 output "token" {
-  value = cloudflare_tunnel.tunnel.tunnel_token
+  value     = cloudflare_tunnel.tunnel.tunnel_token
   sensitive = true
 }