From 9d274bbe7326501056bd112abdeb2dfa51a598ed Mon Sep 17 00:00:00 2001 From: arcnmx Date: Mon, 15 Jan 2024 11:00:45 -0800 Subject: [PATCH] feat(tf): system records --- ci/deploy.sh | 2 +- modules/nixos/access.nix | 6 +- tf/cloudflare_records.tf | 33 ++++++++++ tf/cloudflare_tunnels.tf | 4 +- tf/system/records/cnames.tf | 27 ++++++++ tf/system/records/records.tf | 114 +++++++++++++++++++++++++++++++++ tf/system/records/terraform.tf | 10 +++ tf/tunnel/tunnel.tf | 2 +- 8 files changed, 191 insertions(+), 7 deletions(-) create mode 100644 tf/cloudflare_records.tf create mode 100644 tf/system/records/cnames.tf create mode 100644 tf/system/records/records.tf create mode 100644 tf/system/records/terraform.tf diff --git a/ci/deploy.sh b/ci/deploy.sh index b2fe10cd..f8e581d2 100755 --- a/ci/deploy.sh +++ b/ci/deploy.sh @@ -9,7 +9,7 @@ NF_ADDR=${NF_ADDR-${NF_HOST}.local} if [[ $NF_ADDR = tewi.local ]]; then # work around homekit namespace clash - NF_ADDR=tewi.local.cutie.moe + NF_ADDR=tewi.local.gensokyo.zone fi if [[ $# -eq 0 ]]; then diff --git a/modules/nixos/access.nix b/modules/nixos/access.nix index 637536f9..7aa1d0e7 100644 --- a/modules/nixos/access.nix +++ b/modules/nixos/access.nix @@ -19,9 +19,9 @@ in { config.networking.access = { hostnameForNetwork = { - local = mkIf config.services.avahi.enable "${hostName}.local.cutie.moe"; - tail = mkIf config.services.tailscale.enable "${hostName}.tail.cutie.moe"; - global = mkIf config.networking.enableIPv6 "${hostName}.cutie.moe"; + local = mkIf config.services.avahi.enable "${hostName}.local.gensokyo.zone"; + tail = mkIf config.services.tailscale.enable "${hostName}.tail.gensokyo.zone"; + global = mkIf config.networking.enableIPv6 "${hostName}.gensokyo.zone"; }; }; } diff --git a/tf/cloudflare_records.tf b/tf/cloudflare_records.tf new file mode 100644 index 00000000..f32e507a --- /dev/null +++ b/tf/cloudflare_records.tf @@ -0,0 +1,33 @@ +module "reisen_system_records" { + source = "./system/records" + name = "reisen" + zone_id = cloudflare_zone.gensokyo-zone_zone.id + zone_zone = cloudflare_zone.gensokyo-zone_zone.zone + local_v4 = "10.1.1.40" +} + +module "tewi_system_records" { + source = "./system/records" + name = "tei" + zone_id = cloudflare_zone.gensokyo-zone_zone.id + zone_zone = cloudflare_zone.gensokyo-zone_zone.zone + tailscale_v4 = "100.74.104.29" + tailscale_v6 = "fd7a:115c:a1e0::fd8a:681d" + local_v4 = "10.1.1.39" + local_v6 = "fd0a::be24:11ff:fecc:6657" + local_subdomains = [ + "mqtt", + "home" + ] +} + +module "tewi_legacy_system_records" { + source = "./system/records" + name = "tewi" + zone_id = cloudflare_zone.gensokyo-zone_zone.id + zone_zone = cloudflare_zone.gensokyo-zone_zone.zone + tailscale_v4 = "100.88.107.41" + tailscale_v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6258:6b29" + local_v4 = "10.1.1.38" + local_v6 = "fd0a::eea8:6bff:fefe:3986" +} diff --git a/tf/cloudflare_tunnels.tf b/tf/cloudflare_tunnels.tf index b5b702bd..904815c4 100644 --- a/tf/cloudflare_tunnels.tf +++ b/tf/cloudflare_tunnels.tf @@ -22,7 +22,7 @@ output "cloudflare_tunnel_id_tewi" { } output "cloudflare_tunnel_token_tewi" { - value = module.tewi.token + value = module.tewi.token sensitive = true } @@ -58,7 +58,7 @@ output "cloudflare_tunnel_id_mediabox" { } output "cloudflare_tunnel_token_mediabox" { - value = module.mediabox.token + value = module.mediabox.token sensitive = true } diff --git a/tf/system/records/cnames.tf b/tf/system/records/cnames.tf new file mode 100644 index 00000000..debc80bb --- /dev/null +++ b/tf/system/records/cnames.tf @@ -0,0 +1,27 @@ +variable "local_subdomains" { + type = list(string) + default = [] +} + +locals { + cname_records = concat( + [for subdomain in var.local_subdomains : { + name = "${subdomain}.local", + value = "${local.local_name}.${var.zone_zone}", + }], + local.has_tailscale ? [for subdomain in var.local_subdomains : { + name = "${subdomain}.tail", + value = "${local.tailscale_name}.${var.zone_zone}", + }] : [], + ) +} + +resource "cloudflare_record" "cname_records" { + for_each = { for i, cname in local.cname_records : cname.name => i } + name = local.cname_records[each.value].name + proxied = false + ttl = 360 + type = "CNAME" + value = local.cname_records[each.value].value + zone_id = var.zone_id +} diff --git a/tf/system/records/records.tf b/tf/system/records/records.tf new file mode 100644 index 00000000..5999c910 --- /dev/null +++ b/tf/system/records/records.tf @@ -0,0 +1,114 @@ +variable "zone_id" { + type = string +} + +variable "zone_zone" { + type = string +} + +variable "name" { + type = string +} + +variable "tailscale_name" { + type = string + default = null +} + +variable "tailscale_v4" { + type = string + default = null +} + +variable "tailscale_v6" { + type = string + default = null +} + +variable "local_name" { + type = string + default = null +} + +variable "local_v4" { + type = string + default = null +} + +variable "local_v6" { + type = string + default = null +} + +variable "global_name" { + type = string + default = null +} + +variable "global_v4" { + type = string + default = null +} + +variable "global_v6" { + type = string + default = null +} + +locals { + local_name = coalesce(var.local_name, "${var.name}.local") + tailscale_name = coalesce(var.tailscale_name, "${var.name}.tail") + global_name = coalesce(var.global_name, var.name) + + has_tailscale = var.tailscale_v4 != null || var.tailscale_v6 != null + + a_records = [ + { + name = local.local_name, + value = var.local_v4, + }, + { + name = local.global_name, + value = var.global_v4, + }, + { + name = local.tailscale_name, + value = var.tailscale_v4, + } + ] + + aaaa_records = [ + { + name = local.local_name, + value = var.local_v6, + }, + { + name = local.global_name, + value = var.global_v6, + }, + { + name = local.tailscale_name, + value = var.tailscale_v6, + } + ] +} + +resource "cloudflare_record" "a_records" { + for_each = { for i, a in local.a_records : a.name => i if a.value != null } + name = local.a_records[each.value].name + proxied = false + ttl = 3600 + type = "A" + value = local.a_records[each.value].value + zone_id = var.zone_id +} + +resource "cloudflare_record" "aaaa_records" { + for_each = { for i, aaaa in local.aaaa_records : aaaa.name => i if aaaa.value != null } + name = local.aaaa_records[each.value].name + proxied = false + ttl = 3600 + type = "AAAA" + value = local.aaaa_records[each.value].value + zone_id = var.zone_id +} diff --git a/tf/system/records/terraform.tf b/tf/system/records/terraform.tf new file mode 100644 index 00000000..a18bca31 --- /dev/null +++ b/tf/system/records/terraform.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.6.0" + + required_providers { + cloudflare = { + source = "cloudflare/cloudflare" + version = ">= 4.22.0" + } + } +} diff --git a/tf/tunnel/tunnel.tf b/tf/tunnel/tunnel.tf index b8fe5988..77251359 100644 --- a/tf/tunnel/tunnel.tf +++ b/tf/tunnel/tunnel.tf @@ -25,7 +25,7 @@ output "id" { } output "token" { - value = cloudflare_tunnel.tunnel.tunnel_token + value = cloudflare_tunnel.tunnel.tunnel_token sensitive = true }