migrate nayeonie.com to dnsimple
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
This commit is contained in:
parent
fe2783273c
commit
92352375f6
@ -21,7 +21,7 @@ servers: &servers
|
||||
# update keys by executing: sops updatekeys secrets.yaml
|
||||
# note: add .* before \.yaml if you'd like to use the mergetool config
|
||||
creation_rules:
|
||||
- path_regex: secrets.*json$
|
||||
- path_regex: secrets.*yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_alice
|
||||
|
||||
37
.terraform.lock.hcl
generated
37
.terraform.lock.hcl
generated
@ -16,24 +16,25 @@ provider "registry.terraform.io/carlpett/sops" {
|
||||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/valodim/desec" {
|
||||
version = "0.5.0"
|
||||
constraints = "0.5.0"
|
||||
provider "registry.terraform.io/dnsimple/dnsimple" {
|
||||
version = "1.8.0"
|
||||
constraints = "1.8.0"
|
||||
hashes = [
|
||||
"h1:cjk3hxvxbu70hluQ2mZ+NUhN8818ESaddHmPhMLlwtM=",
|
||||
"zh:02a1a8c93fdf480683518580d95660c26e4a573c03ecc145b8f7cf4a94206e50",
|
||||
"zh:08d84a229c20b78da4426195047805fb5b1dd0b803a0d0d219528782fa4fc638",
|
||||
"zh:15159f119c4afceca551abca814a085a0f2c277d69ff3a2a235a1e5100969e58",
|
||||
"zh:1a23c57a25e258d26a86f3b01e6ee7e6b5cd75867ea6e9460765261cdc0a4a02",
|
||||
"zh:2417beec12f72d6a82474737880988c7499dcd7cacfb2a91bc26d440c3335820",
|
||||
"zh:46cde27d77f1bf1d5ca0e051504727073a9318016f18f3ba61e796a80493e8d6",
|
||||
"zh:7a8f392dc6cc48328e7783d4f7bae3f9b8fec4047f4f5b3bab0bd3adfd9cd061",
|
||||
"zh:88e849be319b262caa5d6c8aa1926109c69934292d1c7740dedf979ef6c87f55",
|
||||
"zh:8c722a10660ddef51f087611fdc202ae087f16d10da1f5e8c5afcec2ee920dc2",
|
||||
"zh:90335bf608b845ac59fdd0860faacadd195c94422aa19dc44342ece458de0ef6",
|
||||
"zh:939273e7453421f1570dfd96792d3c72566474e9087007fbda4bc7d1b47c926a",
|
||||
"zh:c42e33dce10ab70fdcf1cd18dc44672c4894a36369fb59964156a7072d21eb3d",
|
||||
"zh:d57d776833aa1af41e1a037c8d6b176eb75562f9933fb3050587bb5097aa1e97",
|
||||
"zh:d65cb7d81f9ac31b107cfebd100d6baca93edc7be85ff6ee8488531265cfcc9e",
|
||||
"h1:Nwu+3tVJnNmSJQoctRSWAamUX3AiTCZ5mOMtAUPtg7Q=",
|
||||
"zh:0852fd9523268b30fb637a03a0cb6d6a5878cbbf7e0e4219615c9ba073fbdf17",
|
||||
"zh:0ac43193082dd467abad4937b0abb97ea349205726fc450cb3a94dc0db6e9a49",
|
||||
"zh:10e4aad54c2d6cbd9328a1661d72a978357743eda7099a3f120a497119be4ff1",
|
||||
"zh:211d481935dec36903928c51f5f4f15d98313f6d50649ea064bc20a4d6541678",
|
||||
"zh:2705b5ebac4219449f9126cc19fa982cf0644e5df60d3d5254131d2e2d676afd",
|
||||
"zh:27f0df80af6652e96f85a0856daa571af495d2119ab126199d6d5ab53f6eb887",
|
||||
"zh:27fbb2fb69291a660d8e99ba960f01051b7fc28658f7932772ce7e80a42bd6e9",
|
||||
"zh:3ecf20ead1f044f08ae9e411c9341d47319eb6af5d6543b58f2f6932c6b288b0",
|
||||
"zh:635055f0af3eb27d30801aeead51d8b960c386f369a378fad7146350ec6b4d68",
|
||||
"zh:7ca26f64221a9c6634a02296e30a87e3fffed1144ac57e0ae9a86a448f42d4ca",
|
||||
"zh:895e0732da00942b2eb13c78673a9c9268e87e92a225999cddf2d13b823f3295",
|
||||
"zh:b3806e5b687faf97ad8cb2a23e105729059693ae07a229fecef52da5279d7bd1",
|
||||
"zh:c3c284a54aab3ddea2dba140af4a707ce077c9c2d9d34556902afdb25fe6ca8e",
|
||||
"zh:d2539f2cc5960a55a53eaaa90248abfb3167275e34af7e93735ec4571eb879eb",
|
||||
"zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32",
|
||||
]
|
||||
}
|
||||
|
||||
14
main.tf
14
main.tf
@ -1,19 +1,20 @@
|
||||
terraform {
|
||||
required_providers {
|
||||
desec = {
|
||||
source = "Valodim/desec"
|
||||
version = "0.5.0"
|
||||
}
|
||||
sops = {
|
||||
source = "carlpett/sops"
|
||||
version = "1.1.1"
|
||||
}
|
||||
dnsimple = {
|
||||
source = "dnsimple/dnsimple"
|
||||
version = "1.8.0"
|
||||
}
|
||||
}
|
||||
|
||||
backend "s3" {
|
||||
bucket = "tfstate" # Name of the S3 bucket
|
||||
endpoints = {
|
||||
s3 = "http://192.168.76.2:8502" # Minio endpoint
|
||||
#s3 = "http://alicehuston.duckdns.org" # Minio endpoint
|
||||
}
|
||||
key = "dns-management/desec-io.tfstate" # Name of the tfstate file
|
||||
workspace_key_prefix = "tfstate"
|
||||
@ -32,6 +33,7 @@ terraform {
|
||||
|
||||
provider "sops" {}
|
||||
|
||||
provider "desec" {
|
||||
api_token = data.sops_file.secrets.data["desec_api"]
|
||||
provider "dnsimple" {
|
||||
account = data.sops_file.secrets.data["dnsimple.account"]
|
||||
token = data.sops_file.secrets.data["dnsimple.token"]
|
||||
}
|
||||
|
||||
@ -1,40 +1,41 @@
|
||||
resource "desec_domain" "nayeonie_com" {
|
||||
# Create a zone
|
||||
resource "dnsimple_zone" "nayeonie_com" {
|
||||
name = "nayeonie.com"
|
||||
}
|
||||
|
||||
resource "desec_rrset" "wildcard_nayeonie_com_cname" {
|
||||
domain = "nayeonie.com"
|
||||
subname = "*"
|
||||
type = "CNAME"
|
||||
records = ["alicehuston.duckdns.org."]
|
||||
ttl = 3600
|
||||
depends_on = [desec_domain.nayeonie_com]
|
||||
# Add a record to the root domain
|
||||
resource "dnsimple_zone_record" "root_nayeonie_com_cname" {
|
||||
zone_name = "nayeonie.com"
|
||||
name = ""
|
||||
value = "alicehuston.duckdns.org"
|
||||
type = "ALIAS"
|
||||
ttl = 3600
|
||||
}
|
||||
|
||||
# not needed as its dynamically created
|
||||
# resource "desec_rrset" "nayeonie_com_ns" {
|
||||
# domain = "nayeonie.com"
|
||||
# subname = ""
|
||||
# type = "NS"
|
||||
# records = ["ns2.desec.org.", "ns1.desec.io."]
|
||||
# ttl = 3600
|
||||
# depends_on = [desec_domain.nayeonie_com]
|
||||
# }
|
||||
# Add a record to the root domain
|
||||
resource "dnsimple_zone_record" "wildcard_nayeonie_com_cname" {
|
||||
zone_name = "nayeonie.com"
|
||||
name = "*"
|
||||
value = "alicehuston.duckdns.org"
|
||||
type = "ALIAS"
|
||||
ttl = 3600
|
||||
depends_on = [dnsimple_zone.nayeonie_com]
|
||||
}
|
||||
|
||||
resource "desec_rrset" "tiktok_txt" {
|
||||
domain = "nayeonie.com"
|
||||
subname = ""
|
||||
resource "dnsimple_zone_record" "tiktok_txt" {
|
||||
zone_name = "nayeonie.com"
|
||||
name = ""
|
||||
type = "TXT"
|
||||
records = [trim(data.sops_file.secrets.data["tiktok_txt"], "\"")]
|
||||
value = data.sops_file.secrets.data["tiktok.txt"]
|
||||
ttl = 3600
|
||||
depends_on = [desec_domain.nayeonie_com]
|
||||
depends_on = [dnsimple_zone.nayeonie_com]
|
||||
}
|
||||
|
||||
resource "desec_rrset" "gitea_nayeonie_com_srv" {
|
||||
domain = "nayeonie.com"
|
||||
subname = "_gitea._tcp"
|
||||
resource "dnsimple_zone_record" "gitea_nayeonie_com_srv" {
|
||||
zone_name = "nayeonie.com"
|
||||
name = "_gitea._tcp"
|
||||
type = "SRV"
|
||||
records = ["0 100 2222 nayeonie.com."]
|
||||
value = "100 2222 nayeonie.com."
|
||||
ttl = 3600
|
||||
depends_on = [desec_domain.nayeonie_com]
|
||||
depends_on = [dnsimple_zone.nayeonie_com]
|
||||
}
|
||||
|
||||
35
secrets.json
35
secrets.json
@ -1,35 +0,0 @@
|
||||
{
|
||||
"desec_api": "ENC[AES256_GCM,data:3l1SNtRY6Cto3+CwkcJc95IjzHqa+G+Hbe2/yw==,iv:12m1GaG4ZNiWPqSZp1hmBJsbXqUjMn3hOf9bKHaGZuQ=,tag:aKJ8o/2alhzmoPB5dVvRQQ==,type:str]",
|
||||
"tiktok_txt": "ENC[AES256_GCM,data:3sNHYlsJuCgJoDZ6A8RxbXGMwP760qjE8es0Px2HTJJ12eqtK1aB62OP7SJFVFHVm43gg3TUlhtVMffE51Q1TItawiA=,iv:gvcULZVb4EdrtJT9V1uJ8twoCf6pBO5BOGULdQCT5Tw=,tag:LT2EjnlBKQdfOlqxvwzWRw==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBybFUzRTM2NjdZcFV5Vk9W\nNko3Sm1VcWZ1V1FoTnZJS09jK0NST0hXejEwCnZDUzZENDAxZzl4OEluUTAyS0ZC\nem9CL08yb3NJemEvbFROTVcyRmc5S28KLS0tIDZZMlhFd3psY0NpSnl3WXhZY1Q1\neFNoUmR6MmxndmdVc1gzSGwvWW01SDgKA99BQjEcwLZ4EvFz39xO619U+MVH1rEv\n+b8X4jJCgUmqG5QGaYFjJRtUfOQJCU3qNEmFpIZlf63mE0mWweNlcg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPOUp0M1NJRDlDMGdsT2kr\nTkRHbWdyMlV0WWdZaDRXaUNtdmNGajl2QlgwClphUXlESnFTaUNSOWNmZ1RjZnVu\nbnpBTEZidTYzenl1R2ZycFJ0eFVjSWsKLS0tIGMrTVZmRXZYWlpoaE13Rkp2Smh6\nZStUWG4rNk1qWFR5TysyOHFCUWlRdkUKTj/CgFLWH5msyRTjoh7RePCI7kEIO05v\nQQ9TSRmThLQAQ998hnIeZ1ec3QJ4AvOhHzqFMwZCvwh28drjUADDyg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUQ0ZEQ0prNjZiZzV6YnlG\nTWlHQk1mV0t2ZE1peFFsdWIybXdVdWh3ZGg0ClJhc3ZsZk10Ti9CbU4yMk8xZ3JS\nQUNXbWtyRXJ6amFBejg0NVhNQmk0MXMKLS0tIHJrVmhETmxOYUV6S3JtY1BVa09i\nSW9wV0pvNWx6ZEZDVE5Hc2syVVo2NjQKV16Dq1BJr/mIsnZMlH04WOIwi2CK2GIV\nc1Rpi1b2GXeXr0avCyhilCBgVJU+R9mEwunm7vfbBjD/hyEZXSYaVg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-02-14T22:18:09Z",
|
||||
"mac": "ENC[AES256_GCM,data:oy6AH5kB2NTkTGq9smpEB8qWoRnnrJPbm++qDFWOJoeyExA6OFkZg78UGQSDzUf04nGqN7XQIiErZc2J5aPayu3XSOM78LwJ/ZsX3q+Fm3cpVgZKjuwLfxVebGYA+DCJtyvdbI8SlLL9U4Z+SeBnF9cCCg3Gcp0oRiJUJvwx73E=,iv:wGOAe27/vn0h02ylHzX2Ru/oIFRhPQRj3sA+gx8cxlE=,tag:f9MzqGtPvAVHqso0VNuKQQ==,type:str]",
|
||||
"pgp": [
|
||||
{
|
||||
"created_at": "2025-02-14T20:43:56Z",
|
||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdAK3zlysJ2QMIjTEfJwN6k1xa/8VmwkSPXU2TDpOuVJjYw\nLj4ANsUO5cFWw0VCR9AcU7Eui3OF7/jSLSM+JGBTy7CSbOo7uAJ46mt7QmzkXaTp\n0l4BLxY6ZHexCArTaN73vunTSFJsmBIw1W15xckcN523A1Dw/cZXYRazkMpQVdXc\nU6SaxkSwgZpcC0wBYUwYjFyUSwD9w3/gmhjnltrbsU7EbKFPz5hBkQpGDwFZgXoJ\n=INhR\n-----END PGP MESSAGE-----",
|
||||
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
|
||||
}
|
||||
],
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.3"
|
||||
}
|
||||
}
|
||||
@ -1,3 +1,3 @@
|
||||
data "sops_file" "secrets" {
|
||||
source_file = "secrets.json"
|
||||
source_file = "secrets.yaml"
|
||||
}
|
||||
|
||||
56
secrets.yaml
Normal file
56
secrets.yaml
Normal file
@ -0,0 +1,56 @@
|
||||
desec:
|
||||
api: ENC[AES256_GCM,data:208LIsuEe06aDWOucVnNmVjbUdXjT/9OLVKM1Q==,iv:ft8+ui1/EcGCXM7/FBEk6UwgRJ6CDX5Gy7AMlCSrbsk=,tag:jV0wuKK2Ok0BESMUPNapwA==,type:str]
|
||||
tiktok:
|
||||
txt: ENC[AES256_GCM,data:XHtpPSPf/IHh1n9qn7QIBeWIolAS8hNugAryOcpsLAGukSZCHubtPjiRWcErm3rJz2iRgs9IE197AhBORhLa9kNYb0w=,iv:+0K8qxM7hEHVfw+ZZ0suPILjxtjOQLCd4unbrXff61c=,tag:e/t2yltQu/X5zcJZOSA70w==,type:str]
|
||||
dnsimple:
|
||||
account: ENC[AES256_GCM,data:3wAR4C3z,iv:bPMrRCySF56ry28rjwVKmi8vvhj7xv3TymKn8l2S7MI=,tag:+q2I37HbzTXAY/Q7H/TNJQ==,type:str]
|
||||
token: ENC[AES256_GCM,data:zJstjpUIR5q6c1ZK9JMg5A6QQ9gLCI/15cgaEEF266D5qclvrCjSzU1pcw==,iv:HgI50IN84iqcSuovtREZUppEEHFeeZGsY8bU5r8B70g=,tag:jWK6a4UNZlCwdk8tsQ7w3Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6Yzg2RG5MMTNJVjBPVHJn
|
||||
RXl1Y2hmMjFZT2wxeWhTZUFMeUswdnZhWmpZCnVuZ3FEdHNRQ1VCMTc2MlZySkhQ
|
||||
VVFxbnhKd0NQM2RrMFBXVlR5TVcvSW8KLS0tIFNMWGt0eG52RXArVVFEdGlGNXpw
|
||||
Q09Od08zQzNTQkFqY2xyVFNmU2dYV2sKQu1lFgLueFfREOqQr/KNzl+QoMMAltvU
|
||||
rw0XzMilOEgd3PzedgGVWgWPF3Bfl0eO0Z85bOXoBowEFF7ZT7ZwHQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5RlhXY3hmUkc2Vysrck90
|
||||
NTcySDVhYlE5L01GcjkzNkJQeVU4L20wdWxZCjBIcFpyQkRJaDdwdGxML045UEov
|
||||
Zm9waTYrb1U0MXZWL3NiMFNEbFFtZUUKLS0tICtYMHNkek5RTVcwK1pJTmI5emFX
|
||||
YkJLU0xMWWY1cDlQVFVCM3BsRjZOK2sK2ukAnhzv2FoNGZNs6kvoK7Uhq9AET3/Y
|
||||
t5CeUgxDrYjmhKg4RK6U0XFayx7h6armhC3MTpS0H30i15Ph9JjGGg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArd20vU2lQbkdUSThIa1Nk
|
||||
YzRPY1NoVytuR0FxWTBMUTNvTURYL0ZvQkN3CmNZYytNZ0lYUzRCSVlRTzhXUEFs
|
||||
N3lqWkIzcDRsTVZqSHVmc3NGTEZhZmMKLS0tIGtrMVMrVmVNT3ErQW04SzB3SXdI
|
||||
Y0pZNTZRNWFiS2o3YmlwbXpHSjU3WEUKeP/QqhWgbVrNO2NNqQq2JzvOugUKmjLZ
|
||||
1VfsllJBQGzcWAllecbV6ZjfuVNLt1btnX4Yug0VDdQs8Ds38xIU5g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-02-27T06:09:54Z"
|
||||
mac: ENC[AES256_GCM,data:T5QplfNf2yU8ZHHF0LFHx72v06OXDHw1a+/T5UbIB0GU8Hsdg45VIAMEQed+QqeTIINMjzEEzfZvDcVQYnhHHjCeWjtq3ZsBE8n49FvnkjltnIvXBZO3pH2Zp7K+sDxPol+CgRSx0SUOF24boUDYFMNitG0BZ5wL6V0+7l6I3Zg=,iv:8+MwOaj5NnB2emAATaXJ2NdlUmwOcTWdQSQe7O0St28=,tag:8ce4QcAHZxOgG/zd4OeTsw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2025-02-27T06:09:54Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hF4DQWNzDMjrP2ISAQdArkYM3X8lh9SmCckGtsmXn0P5Mp/KQybPTGSN4ip53i8w
|
||||
J0FZKicpH+oPDrDa/jU1EUaCebv+vqmzD83zbOcEoLU9bte6OM9MJlnXcnyxAp20
|
||||
0l4Bozr3JjpBoyzKL0GGAOLwoKndhpPZgINqF3W5BT4dbWp1+nEnnU5nW9Dan+Sl
|
||||
UIMCCRonJn6dlunQeIYrMMLo4PCuQrLsSm7z3+jjqA6cL8j9pBEMD5UhwGhjOcu6
|
||||
=i5U/
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.3
|
||||
Loading…
x
Reference in New Issue
Block a user