mirror of
https://github.com/kittywitch/nixfiles.git
synced 2026-02-09 12:29:19 -08:00
feat: renko hostname
This commit is contained in:
parent
b01c6222f8
commit
26b3c66d22
GPG key ID:
465E64DECEA8CF0F
7 changed files with 102 additions and 48 deletions
22
iac/dns.go
22
iac/dns.go
|
|
@ -6,10 +6,10 @@ import(
|
|||
"fmt"
|
||||
)
|
||||
|
||||
func HandleDNS(ctx *pulumi.Context, config KatConfig) (zones map[string]*cloudflare.Zone, dnssec map[string]*cloudflare.ZoneDnssec, records map[string][]*cloudflare.Record, err error) {
|
||||
func HandleDNS(ctx *pulumi.Context, config KatConfig) (zones map[string]*cloudflare.Zone, dnssec map[string]*cloudflare.ZoneDnssec, records map[string]*cloudflare.Record, err error) {
|
||||
zones = make(map[string]*cloudflare.Zone)
|
||||
dnssec = make(map[string]*cloudflare.ZoneDnssec)
|
||||
records = make(map[string][]*cloudflare.Record)
|
||||
records = make(map[string]*cloudflare.Record)
|
||||
|
||||
for name, zone := range config.Zones {
|
||||
ctx.Log.Info(fmt.Sprintf("Handling zone %s", name), nil)
|
||||
|
|
@ -24,20 +24,12 @@ func HandleDNS(ctx *pulumi.Context, config KatConfig) (zones map[string]*cloudfl
|
|||
return nil, nil, nil, err
|
||||
}
|
||||
for _, record := range zone.Records {
|
||||
_, exists := records[name]
|
||||
if exists {
|
||||
record_, err := record.handle(ctx, name, zones[name])
|
||||
if err != nil {
|
||||
return nil, nil, nil, err
|
||||
}
|
||||
records[name] = append(records[name], record_)
|
||||
} else {
|
||||
record_, err := record.handle(ctx, name, zones[name])
|
||||
if err != nil {
|
||||
return nil, nil, nil, err
|
||||
}
|
||||
records[name] = []*cloudflare.Record{record_}
|
||||
record_, err := record.handle(ctx, name, zones[name])
|
||||
if err != nil {
|
||||
return nil, nil, nil, err
|
||||
}
|
||||
record_index := record.getName(name, zones[name])
|
||||
records[record_index] = record_
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
41
iac/files.go
Normal file
41
iac/files.go
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
package iac
|
||||
|
||||
import (
|
||||
"github.com/pulumi/pulumi-command/sdk/go/command/local"
|
||||
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
|
||||
"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
|
||||
"fmt"
|
||||
"os"
|
||||
"path"
|
||||
)
|
||||
|
||||
func createPulumiFile(ctx *pulumi.Context, name string, value pulumi.StringOutput, resource pulumi.Resource) (*local.Command, error) {
|
||||
repo_root := os.Getenv("REPO_ROOT")
|
||||
data_root := path.Join(repo_root, "./data")
|
||||
ctx.Export(name, value)
|
||||
return local.NewCommand(ctx, name, &local.CommandArgs{
|
||||
Create: pulumi.String(fmt.Sprintf("pulumi stack output %s --show-secrets > %s", name, name)),
|
||||
Update: pulumi.String(fmt.Sprintf("pulumi stack output %s --show-secrets > %s", name, name)),
|
||||
Delete: pulumi.String(fmt.Sprintf("rm %s", name)),
|
||||
Dir: pulumi.String(data_root),
|
||||
}, pulumi.DependsOn([]pulumi.Resource{resource}))
|
||||
}
|
||||
|
||||
func PKITLSFiles(ctx *pulumi.Context, files_ map[string]*local.Command, keys map[string]*tls.PrivateKey, certs map[string]*tls.LocallySignedCert) (files map[string]*local.Command, err error) {
|
||||
for name_, key := range keys {
|
||||
ctx.Log.Info("mew!", nil)
|
||||
name := fmt.Sprintf("%s-file", name_)
|
||||
files_[name], err = createPulumiFile(ctx, name, key.PrivateKeyPem, key)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
for name_, cert := range certs {
|
||||
name := fmt.Sprintf("%s-file", name_)
|
||||
files_[name], err = createPulumiFile(ctx, name, cert.CertPem, cert)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
return files_, err
|
||||
}
|
||||
|
|
@ -10,10 +10,10 @@ import (
|
|||
"fmt"
|
||||
)
|
||||
|
||||
func MakeRecord(ctx *pulumi.Context, zones map[string]*cloudflare.Zone, name string, address string) (record *cloudflare.Record, err error) {
|
||||
func MakeRecord(ctx *pulumi.Context, zones map[string]*cloudflare.Zone, name string, address string) (record *cloudflare.Record, index string, err error) {
|
||||
ip := net.ParseIP(address)
|
||||
kind := A;
|
||||
if ip.To4() != nil {
|
||||
if ip.To4() == nil {
|
||||
kind = AAAA;
|
||||
}
|
||||
record_ := DNSRecord{
|
||||
|
|
@ -23,41 +23,45 @@ func MakeRecord(ctx *pulumi.Context, zones map[string]*cloudflare.Zone, name str
|
|||
Ttl: 3600,
|
||||
}
|
||||
record, err = record_.handle(ctx, "inskip", zones["inskip"])
|
||||
index = record_.getName("inskip", zones["inskip"])
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, "", err
|
||||
}
|
||||
return record, err
|
||||
return record, index, err
|
||||
}
|
||||
|
||||
func HandleTSRecord(ctx *pulumi.Context, zones map[string]*cloudflare.Zone, device tailscale.GetDevicesDevice) (records []*cloudflare.Record, err error) {
|
||||
func HandleTSRecord(ctx *pulumi.Context, zones map[string]*cloudflare.Zone, device tailscale.GetDevicesDevice) (new_records map[string]*cloudflare.Record, err error) {
|
||||
if device.User != "kat@inskip.me" {
|
||||
return []*cloudflare.Record{}, nil
|
||||
return nil, nil
|
||||
}
|
||||
new_records = make(map[string]*cloudflare.Record)
|
||||
name := strings.Split(device.Name, ".")[0]
|
||||
for _, address := range device.Addresses {
|
||||
record, err := MakeRecord(ctx, zones, name, address)
|
||||
new_record, index, err := MakeRecord(ctx, zones, name, address)
|
||||
new_records[index] = new_record
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
records = append(records, record)
|
||||
}
|
||||
return records, err
|
||||
return new_records, err
|
||||
}
|
||||
|
||||
func HandleTSRecords(ctx *pulumi.Context,
|
||||
tailnet *tailscale.GetDevicesResult,
|
||||
zones map[string]*cloudflare.Zone,
|
||||
records map[string][]*cloudflare.Record,
|
||||
) (records_ map[string][]*cloudflare.Record, err error) {
|
||||
input_records map[string]*cloudflare.Record,
|
||||
) (records map[string]*cloudflare.Record, err error) {
|
||||
for _, device := range tailnet.Devices {
|
||||
record, err := HandleTSRecord(ctx, zones, device)
|
||||
new_records, err := HandleTSRecord(ctx, zones, device)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
records["inskip"] = append(records["inskip"], record...)
|
||||
for k,v := range new_records {
|
||||
input_records[k] = v
|
||||
}
|
||||
records = input_records
|
||||
}
|
||||
records_ = records
|
||||
return records_, err
|
||||
return records, err
|
||||
}
|
||||
|
||||
func HandleTSHostCert(ctx *pulumi.Context,
|
||||
|
|
@ -73,8 +77,8 @@ func HandleTSHostCert(ctx *pulumi.Context,
|
|||
fmt.Sprintf("ts-%s-host", name),
|
||||
ca_key,
|
||||
ca_cert,
|
||||
device.Addresses,
|
||||
[]string{fmt.Sprintf("%s.inskip.me", name)},
|
||||
device.Addresses,
|
||||
)
|
||||
if err != nil {
|
||||
return nil, nil, nil, err
|
||||
|
|
@ -94,6 +98,9 @@ func HandleTSHostCerts(ctx *pulumi.Context,
|
|||
certs = make(map[string]*tls.LocallySignedCert)
|
||||
|
||||
for _, device := range tailnet.Devices {
|
||||
if device.User != "kat@inskip.me" {
|
||||
return nil, nil, nil, err
|
||||
}
|
||||
name := strings.Split(device.Name, ".")[0]
|
||||
keys[name], crs[name], certs[name], err = HandleTSHostCert(ctx, device, ca_key, ca_cert)
|
||||
if err != nil {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue