ahuston-0/dns-management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

format terraform, add TXT and SRV records

Browse Source 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
This commit is contained in:
ahuston-0 2025-02-14 17:48:41 -05:00
parent ea5898ff4e
commit b5ccaed9e9
No known key found for this signature in database
GPG Key ID: 47940175096C1330
4 changed files with 62 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
main.tf
View File

@ -1,37 +1,37 @@
terraform { terraform {
required_providers { required_providers {
desec = { desec = {
source = "Valodim/desec" source = "Valodim/desec"
version = "0.5.0" version = "0.5.0"
} }
sops = { sops = {
source = "carlpett/sops" source = "carlpett/sops"
version = "1.1.1" version = "1.1.1"
} }
} }
backend "s3" { backend "s3" {
bucket = "tfstate" # Name of the S3 bucket bucket = "tfstate" # Name of the S3 bucket
endpoints = { endpoints = {
s3 = "http://192.168.76.2:8502" # Minio endpoint s3 = "http://192.168.76.2:8502" # Minio endpoint
} }
key = "dns-management/desec-io.tfstate" # Name of the tfstate file key = "dns-management/desec-io.tfstate" # Name of the tfstate file
workspace_key_prefix="tfstate" workspace_key_prefix = "tfstate"
profile = "minio" # aws profile profile = "minio" # aws profile
region = "us-east-1" # Region validation will be skipped region = "us-east-1" # Region validation will be skipped
skip_credentials_validation = true # Skip AWS related checks and validations skip_credentials_validation = true # Skip AWS related checks and validations
skip_requesting_account_id = true skip_requesting_account_id = true
skip_metadata_api_check = true skip_metadata_api_check = true
skip_region_validation = true skip_region_validation = true
skip_s3_checksum = true skip_s3_checksum = true
use_path_style = true # Enable path-style S3 URLs (https://<HOST>/<BUCKET> https://developer.hashicorp.com/terraform/language/settings/backends/s3#use_path_style use_path_style = true # Enable path-style S3 URLs (https://<HOST>/<BUCKET> https://developer.hashicorp.com/terraform/language/settings/backends/s3#use_path_style
} }
} }
provider sops {} provider "sops" {}
provider desec { provider "desec" {
api_token = data.sops_file.desec_secrets.data["desec_api"] api_token = data.sops_file.secrets.data["desec_api"]
} }

37
nayeonie.com.tf
View File

@ -1,3 +1,40 @@
resource "desec_domain" "nayeonie_com" { resource "desec_domain" "nayeonie_com" {
name = "nayeonie.com" name = "nayeonie.com"
} }
resource "desec_rrset" "wildcard_nayeonie_com_cname" {
domain = "nayeonie.com"
subname = "*"
type = "CNAME"
records = ["alicehuston.duckdns.org."]
ttl = 3600
depends_on = [desec_domain.nayeonie_com]
}
# not needed as its dynamically created
# resource "desec_rrset" "nayeonie_com_ns" {
# domain = "nayeonie.com"
# subname = ""
# type = "NS"
# records = ["ns2.desec.org.", "ns1.desec.io."]
# ttl = 3600
# depends_on = [desec_domain.nayeonie_com]
# }
resource "desec_rrset" "tiktok_txt" {
domain = "nayeonie.com"
subname = ""
type = "TXT"
records = [trim(data.sops_file.secrets.data["tiktok_txt"], "\"")]
ttl = 3600
depends_on = [desec_domain.nayeonie_com]
}
resource "desec_rrset" "gitea_nayeonie_com_srv" {
domain = "nayeonie.com"
subname = "_gitea._tcp"
type = "SRV"
records = ["0 100 2222 nayeonie.com."]
ttl = 3600
depends_on = [desec_domain.nayeonie_com]
}

7
secrets.json
View File

@ -1,5 +1,6 @@
{ {
"desec_api": "ENC[AES256_GCM,data:85Gl1Is17tPKMVfqF92AowFjRfPMuO92U8M71A==,iv:NcpQ5c6WTx/02h/tlnpkmyFKBKRMcg9TMNL5tQikZGs=,tag:5M3pSts5AWqODijQIh7MiA==,type:str]", "desec_api": "ENC[AES256_GCM,data:3l1SNtRY6Cto3+CwkcJc95IjzHqa+G+Hbe2/yw==,iv:12m1GaG4ZNiWPqSZp1hmBJsbXqUjMn3hOf9bKHaGZuQ=,tag:aKJ8o/2alhzmoPB5dVvRQQ==,type:str]",
"tiktok_txt": "ENC[AES256_GCM,data:3sNHYlsJuCgJoDZ6A8RxbXGMwP760qjE8es0Px2HTJJ12eqtK1aB62OP7SJFVFHVm43gg3TUlhtVMffE51Q1TItawiA=,iv:gvcULZVb4EdrtJT9V1uJ8twoCf6pBO5BOGULdQCT5Tw=,tag:LT2EjnlBKQdfOlqxvwzWRw==,type:str]",
"sops": { "sops": {
"kms": null, "kms": null,
"gcp_kms": null, "gcp_kms": null,
@ -19,8 +20,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUQ0ZEQ0prNjZiZzV6YnlG\nTWlHQk1mV0t2ZE1peFFsdWIybXdVdWh3ZGg0ClJhc3ZsZk10Ti9CbU4yMk8xZ3JS\nQUNXbWtyRXJ6amFBejg0NVhNQmk0MXMKLS0tIHJrVmhETmxOYUV6S3JtY1BVa09i\nSW9wV0pvNWx6ZEZDVE5Hc2syVVo2NjQKV16Dq1BJr/mIsnZMlH04WOIwi2CK2GIV\nc1Rpi1b2GXeXr0avCyhilCBgVJU+R9mEwunm7vfbBjD/hyEZXSYaVg==\n-----END AGE ENCRYPTED FILE-----\n" "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUQ0ZEQ0prNjZiZzV6YnlG\nTWlHQk1mV0t2ZE1peFFsdWIybXdVdWh3ZGg0ClJhc3ZsZk10Ti9CbU4yMk8xZ3JS\nQUNXbWtyRXJ6amFBejg0NVhNQmk0MXMKLS0tIHJrVmhETmxOYUV6S3JtY1BVa09i\nSW9wV0pvNWx6ZEZDVE5Hc2syVVo2NjQKV16Dq1BJr/mIsnZMlH04WOIwi2CK2GIV\nc1Rpi1b2GXeXr0avCyhilCBgVJU+R9mEwunm7vfbBjD/hyEZXSYaVg==\n-----END AGE ENCRYPTED FILE-----\n"
} }
], ],
"lastmodified": "2025-02-14T20:50:25Z", "lastmodified": "2025-02-14T22:18:09Z",
"mac": "ENC[AES256_GCM,data:9v0vlgUiYXsOAIewL6S33tMXk9rDZX/LDZWqR+oVl9ZzA/82nTKNzP1oHakN2vTP2zl7YarGiBFZgYen0DQeNiFP+HurAASjyGI3dNY62Fr8QjvDKU0/aYVkSD57/Y2oiPhsBY57NOxP7Y8Aw/nCVoGp1zlG54V3Q6KDBpGBEMQ=,iv:WypPyIyxbY9Cr9xgAvJ2TpttG1+ipPpjjkNgx0PT5R8=,tag:iT0S+PZa8g2i+ttHfCeDlA==,type:str]", "mac": "ENC[AES256_GCM,data:oy6AH5kB2NTkTGq9smpEB8qWoRnnrJPbm++qDFWOJoeyExA6OFkZg78UGQSDzUf04nGqN7XQIiErZc2J5aPayu3XSOM78LwJ/ZsX3q+Fm3cpVgZKjuwLfxVebGYA+DCJtyvdbI8SlLL9U4Z+SeBnF9cCCg3Gcp0oRiJUJvwx73E=,iv:wGOAe27/vn0h02ylHzX2Ru/oIFRhPQRj3sA+gx8cxlE=,tag:f9MzqGtPvAVHqso0VNuKQQ==,type:str]",
"pgp": [ "pgp": [
{ {
"created_at": "2025-02-14T20:43:56Z", "created_at": "2025-02-14T20:43:56Z",

2
secrets.tf
View File

@ -1,3 +1,3 @@
data "sops_file" "desec_secrets" { data "sops_file" "secrets" {
source_file = "secrets.json" source_file = "secrets.json"
} }