infra/terraform/cloudflare_nix-community_org.tf

locals {
  nix_community_zone_id = "8965c5ff4e19a3ca46b5df6965f2bc36"

  # For each github page, create a CNAME alias to nix-community.github.io
  nix_community_github_pages = [
    "nur"
  ]
}

# blocks other CAs from issuing certificates for the domain
resource "cloudflare_record" "nix-community-org-caa" {
  zone_id = local.nix_community_zone_id
  name    = "@"
  type    = "CAA"
  data {
    flags = "0"
    tag   = "issue"
    value = "letsencrypt.org"
  }
}

resource "cloudflare_record" "nix-community-org-build01-A" {
  zone_id = local.nix_community_zone_id
  name    = "build01"
  value   = "135.181.218.169"
  type    = "A"
}

resource "cloudflare_record" "nix-community-org-build01-AAAA" {
  zone_id = local.nix_community_zone_id
  name    = "build01"
  value   = "2a01:4f9:3a:3b16::1"
  type    = "AAAA"
}

resource "cloudflare_record" "nix-community-org-build02-A" {
  zone_id = local.nix_community_zone_id
  name    = "build02"
  value   = "65.21.133.211"
  type    = "A"
}

resource "cloudflare_record" "nix-community-org-build02-AAAA" {
  zone_id = local.nix_community_zone_id
  name    = "build02"
  value   = "2a01:4f9:3b:41d9::1"
  type    = "AAAA"
}

resource "cloudflare_record" "nix-community-org-build03-A" {
  zone_id = local.nix_community_zone_id
  name    = "build03"
  value   = "65.21.139.242"
  type    = "A"
}

resource "cloudflare_record" "nix-community-org-build03-AAAA" {
  zone_id = local.nix_community_zone_id
  name    = "build03"
  value   = "2a01:4f9:3b:2946::1"
  type    = "AAAA"
}

resource "cloudflare_record" "nix-community-org-build04-A" {
  zone_id = local.nix_community_zone_id
  name    = "build04"
  value   = "65.109.107.32"
  type    = "A"
}

resource "cloudflare_record" "nix-community-org-build04-AAAA" {
  zone_id = local.nix_community_zone_id
  name    = "build04"
  value   = "2a01:4f9:3051:3962::2"
  type    = "AAAA"
}

resource "cloudflare_record" "nix-community-org-darwin01-A" {
  zone_id = local.nix_community_zone_id
  name    = "darwin01"
  value   = "142.132.141.89"
  type    = "A"
}

resource "cloudflare_record" "nix-community-org-darwin01-AAAA" {
  zone_id = local.nix_community_zone_id
  name    = "darwin01"
  value   = "2a01:4f8:261:1397::1"
  type    = "AAAA"
}

resource "cloudflare_record" "nix-community-org-darwin02-A" {
  zone_id = local.nix_community_zone_id
  name    = "darwin02"
  value   = "167.235.38.49"
  type    = "A"
}

resource "cloudflare_record" "nix-community-org-darwin02-AAAA" {
  zone_id = local.nix_community_zone_id
  name    = "darwin02"
  value   = "2a01:4f8:262:24af::1"
  type    = "AAAA"
}

resource "cloudflare_record" "nix-community-org-darwin03-A" {
  zone_id = local.nix_community_zone_id
  name    = "darwin03"
  value   = "142.132.141.44"
  type    = "A"
}

resource "cloudflare_record" "nix-community-org-darwin03-AAAA" {
  zone_id = local.nix_community_zone_id
  name    = "darwin03"
  value   = "2a01:4f8:261:135a::1"
  type    = "AAAA"
}

resource "cloudflare_record" "nix-community-org-web02-A" {
  zone_id = local.nix_community_zone_id
  name    = "web02"
  value   = "46.226.105.188"
  type    = "A"
}

resource "cloudflare_record" "nix-community-org-web02-AAAA" {
  zone_id = local.nix_community_zone_id
  name    = "web02"
  value   = "2001:4b98:dc0:43:f816:3eff:fe99:9fca"
  type    = "AAAA"
}

resource "cloudflare_record" "nix-community-org-build-box-CNAME" {
  zone_id = local.nix_community_zone_id
  name    = "build-box"
  value   = "build01.nix-community.org"
  type    = "CNAME"
}

resource "cloudflare_record" "nix-community-org-darwin-build-box-CNAME" {
  zone_id = local.nix_community_zone_id
  name    = "darwin-build-box"
  value   = "darwin01.nix-community.org"
  type    = "CNAME"
}

resource "cloudflare_record" "nix-community-org-nixpkgs-update-logs-CNAME" {
  zone_id = local.nix_community_zone_id
  name    = "nixpkgs-update-logs"
  value   = "build02.nix-community.org"
  type    = "CNAME"
}

resource "cloudflare_record" "nix-community-org-buildbot-CNAME" {
  zone_id = local.nix_community_zone_id
  name    = "buildbot"
  value   = "build03.nix-community.org"
  type    = "CNAME"
}

# Used by nix-community/nixpkgs-docker
resource "cloudflare_record" "nix-community-org-docker-CNAME" {
  zone_id = local.nix_community_zone_id
  name    = "docker"
  value   = "zimbatm.docker.scarf.sh"
  type    = "CNAME"
}

resource "cloudflare_record" "nix-community-org-hydra-CNAME" {
  zone_id = local.nix_community_zone_id
  name    = "hydra"
  value   = "build03.nix-community.org"
  type    = "CNAME"
}

resource "cloudflare_record" "nix-community-org-nur-update-CNAME" {
  zone_id = local.nix_community_zone_id
  name    = "nur-update"
  value   = "build03.nix-community.org"
  type    = "CNAME"
}

resource "cloudflare_record" "nix-community-org-monitoring-CNAME" {
  zone_id = local.nix_community_zone_id
  name    = "monitoring"
  value   = "web02.nix-community.org"
  type    = "CNAME"
}

resource "cloudflare_record" "nix-community-org-apex-A" {
  zone_id = local.nix_community_zone_id
  name    = "@"
  value   = "nix-community.github.io"
  type    = "CNAME"
  proxied = false
}

resource "cloudflare_record" "nix-community-org-apex-TXT" {
  zone_id = local.nix_community_zone_id
  name    = "@"
  value   = "v=spf1 include:_mailcust.gandi.net -all"
  type    = "TXT"
}

resource "cloudflare_record" "nix-community-org-apex-MX" {
  for_each = {
    "spool.mail.gandi.net." = 10
    "fb.mail.gandi.net."    = 50
  }
  zone_id  = local.nix_community_zone_id
  name     = "@"
  value    = each.key
  type     = "MX"
  priority = each.value
}

resource "cloudflare_record" "nix-community-org-github-challenge-TXT" {
  zone_id = local.nix_community_zone_id
  name    = "_github-challenge-nix-community-org"
  value   = "2eee7c1945"
  type    = "TXT"
}

resource "cloudflare_record" "nix-community-org-github-pages-challenge-TXT" {
  zone_id = local.nix_community_zone_id
  name    = "_github-pages-challenge-nix-community.nix-community.org."
  value   = "6d236784300b9b1e80fdc496b7bfce"
  type    = "TXT"
}

resource "cloudflare_record" "nix-community-org-github-pages" {
  for_each = { for page in local.nix_community_github_pages : page => page }

  zone_id = local.nix_community_zone_id
  name    = each.value
  value   = "nix-community.github.io"
  type    = "CNAME"
}
terraform: add nix-community.org 2020-02-22 13:18:20 +01:00			`locals {`
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`nix_community_zone_id = "8965c5ff4e19a3ca46b5df6965f2bc36"`

			`# For each github page, create a CNAME alias to nix-community.github.io`
			`nix_community_github_pages = [`
			`"nur"`
			`]`
terraform: add nix-community.org 2020-02-22 13:18:20 +01:00			`}`

add CAA record 2023-10-21 19:03:32 +02:00			`# blocks other CAs from issuing certificates for the domain`
			`resource "cloudflare_record" "nix-community-org-caa" {`
			`zone_id = local.nix_community_zone_id`
			`name = "@"`
			`type = "CAA"`
			`data {`
			`flags = "0"`
			`tag = "issue"`
			`value = "letsencrypt.org"`
			`}`
			`}`

terraform: add nix-community.org 2020-02-22 13:18:20 +01:00			`resource "cloudflare_record" "nix-community-org-build01-A" {`
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`zone_id = local.nix_community_zone_id`
terraform: add nix-community.org 2020-02-22 13:18:20 +01:00			`name = "build01"`
build01: switch to new hardware 2023-12-02 13:47:36 +10:00			`value = "135.181.218.169"`
terraform: add nix-community.org 2020-02-22 13:18:20 +01:00			`type = "A"`
			`}`

			`resource "cloudflare_record" "nix-community-org-build01-AAAA" {`
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`zone_id = local.nix_community_zone_id`
terraform: add nix-community.org 2020-02-22 13:18:20 +01:00			`name = "build01"`
build01: switch to new hardware 2023-12-02 13:47:36 +10:00			`value = "2a01:4f9:3a:3b16::1"`
terraform: add nix-community.org 2020-02-22 13:18:20 +01:00			`type = "AAAA"`
			`}`

terraform: add build02 2021-01-18 18:19:46 +01:00			`resource "cloudflare_record" "nix-community-org-build02-A" {`
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`zone_id = local.nix_community_zone_id`
terraform: add build02 2021-01-18 18:19:46 +01:00			`name = "build02"`
build02: switch to new hardware 2023-12-11 11:28:40 +10:00			`value = "65.21.133.211"`
terraform: add build02 2021-01-18 18:19:46 +01:00			`type = "A"`
			`}`

terraform: add aaaa record for build02 2021-02-20 17:17:04 +01:00			`resource "cloudflare_record" "nix-community-org-build02-AAAA" {`
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`zone_id = local.nix_community_zone_id`
terraform: add aaaa record for build02 2021-02-20 17:17:04 +01:00			`name = "build02"`
build02: switch to new hardware 2023-12-11 11:28:40 +10:00			`value = "2a01:4f9:3b:41d9::1"`
terraform: add aaaa record for build02 2021-02-20 17:17:04 +01:00			`type = "AAAA"`
			`}`
terraform: add build02 2021-01-18 18:19:46 +01:00
terraform: add build03.nix-community.org 2021-03-06 08:27:07 +01:00			`resource "cloudflare_record" "nix-community-org-build03-A" {`
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`zone_id = local.nix_community_zone_id`
terraform: add build03.nix-community.org 2021-03-06 08:27:07 +01:00			`name = "build03"`
terraform/cloudflare: update build03 2023-12-02 13:37:16 +10:00			`value = "65.21.139.242"`
terraform: add build03.nix-community.org 2021-03-06 08:27:07 +01:00			`type = "A"`
			`}`

			`resource "cloudflare_record" "nix-community-org-build03-AAAA" {`
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`zone_id = local.nix_community_zone_id`
terraform: add build03.nix-community.org 2021-03-06 08:27:07 +01:00			`name = "build03"`
terraform/cloudflare: update build03 2023-12-02 13:37:16 +10:00			`value = "2a01:4f9:3b:2946::1"`
terraform: add build03.nix-community.org 2021-03-06 08:27:07 +01:00			`type = "AAAA"`
			`}`

add build04 2021-08-17 20:31:59 +02:00			`resource "cloudflare_record" "nix-community-org-build04-A" {`
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`zone_id = local.nix_community_zone_id`
add build04 2021-08-17 20:31:59 +02:00			`name = "build04"`
build04: switch to new hardware 2023-12-14 09:39:50 +10:00			`value = "65.109.107.32"`
add build04 2021-08-17 20:31:59 +02:00			`type = "A"`
			`}`

			`resource "cloudflare_record" "nix-community-org-build04-AAAA" {`
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`zone_id = local.nix_community_zone_id`
add build04 2021-08-17 20:31:59 +02:00			`name = "build04"`
build04: switch to new hardware 2023-12-14 09:39:50 +10:00			`value = "2a01:4f9:3051:3962::2"`
add build04 2021-08-17 20:31:59 +02:00			`type = "AAAA"`
			`}`

darwin01: init 2024-03-08 09:51:37 +10:00			`resource "cloudflare_record" "nix-community-org-darwin01-A" {`
			`zone_id = local.nix_community_zone_id`
			`name = "darwin01"`
			`value = "142.132.141.89"`
			`type = "A"`
			`}`

			`resource "cloudflare_record" "nix-community-org-darwin01-AAAA" {`
			`zone_id = local.nix_community_zone_id`
			`name = "darwin01"`
			`value = "2a01:4f8:261:1397::1"`
			`type = "AAAA"`
			`}`

terraform/cloudflare: add darwin02 2023-05-16 18:58:13 +10:00			`resource "cloudflare_record" "nix-community-org-darwin02-A" {`
			`zone_id = local.nix_community_zone_id`
			`name = "darwin02"`
darwin02: scaleway -> hetzner 2023-07-17 21:13:04 +10:00			`value = "167.235.38.49"`
terraform/cloudflare: add darwin02 2023-05-16 18:58:13 +10:00			`type = "A"`
			`}`

terraform/cloudflare: add ipv6 for darwin0{2,3} 2023-11-03 14:03:27 +10:00			`resource "cloudflare_record" "nix-community-org-darwin02-AAAA" {`
			`zone_id = local.nix_community_zone_id`
			`name = "darwin02"`
			`value = "2a01:4f8:262:24af::1"`
			`type = "AAAA"`
			`}`
terraform/cloudflare: add darwin02 2023-05-16 18:58:13 +10:00
terraform/cloudflare: add darwin03 2023-07-17 09:48:14 +10:00			`resource "cloudflare_record" "nix-community-org-darwin03-A" {`
			`zone_id = local.nix_community_zone_id`
			`name = "darwin03"`
			`value = "142.132.141.44"`
			`type = "A"`
			`}`

terraform/cloudflare: add ipv6 for darwin0{2,3} 2023-11-03 14:03:27 +10:00			`resource "cloudflare_record" "nix-community-org-darwin03-AAAA" {`
			`zone_id = local.nix_community_zone_id`
			`name = "darwin03"`
			`value = "2a01:4f8:261:135a::1"`
			`type = "AAAA"`
			`}`
terraform/cloudflare: add darwin03 2023-07-17 09:48:14 +10:00
terraform/cloudflare: add web02 2023-07-25 17:49:00 +10:00			`resource "cloudflare_record" "nix-community-org-web02-A" {`
			`zone_id = local.nix_community_zone_id`
			`name = "web02"`
web02: init 2023-07-22 09:50:53 +10:00			`value = "46.226.105.188"`
terraform/cloudflare: add web02 2023-07-25 17:49:00 +10:00			`type = "A"`
			`}`

			`resource "cloudflare_record" "nix-community-org-web02-AAAA" {`
			`zone_id = local.nix_community_zone_id`
			`name = "web02"`
web02: init 2023-07-22 09:50:53 +10:00			`value = "2001:4b98:dc0:43:f816:3eff:fe99:9fca"`
terraform/cloudflare: add web02 2023-07-25 17:49:00 +10:00			`type = "AAAA"`
			`}`

terraform/cloudflare: add `build-box` CNAME also add ssh public key 2023-09-24 20:45:51 +10:00			`resource "cloudflare_record" "nix-community-org-build-box-CNAME" {`
			`zone_id = local.nix_community_zone_id`
			`name = "build-box"`
			`value = "build01.nix-community.org"`
			`type = "CNAME"`
			`}`

darwin03: convert to community builder 2023-10-27 13:43:31 +10:00			`resource "cloudflare_record" "nix-community-org-darwin-build-box-CNAME" {`
			`zone_id = local.nix_community_zone_id`
			`name = "darwin-build-box"`
move darwin-build-box to darwin01 2024-03-08 17:44:34 +10:00			`value = "darwin01.nix-community.org"`
darwin03: convert to community builder 2023-10-27 13:43:31 +10:00			`type = "CNAME"`
			`}`

serve logs on nixpkgs-update-logs.nix-community.org 2024-04-27 20:00:24 +10:00			`resource "cloudflare_record" "nix-community-org-nixpkgs-update-logs-CNAME" {`
			`zone_id = local.nix_community_zone_id`
			`name = "nixpkgs-update-logs"`
			`value = "build02.nix-community.org"`
			`type = "CNAME"`
			`}`

terraform/cloudflare: add buildbot CNAME 2023-10-25 14:29:14 +10:00			`resource "cloudflare_record" "nix-community-org-buildbot-CNAME" {`
			`zone_id = local.nix_community_zone_id`
			`name = "buildbot"`
			`value = "build03.nix-community.org"`
			`type = "CNAME"`
			`}`

terraform: bind docker.nix-community.org -> zimbatm.docker.scarf.sh 2021-04-15 14:50:46 +02:00			`# Used by nix-community/nixpkgs-docker`
			`resource "cloudflare_record" "nix-community-org-docker-CNAME" {`
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`zone_id = local.nix_community_zone_id`
terraform: bind docker.nix-community.org -> zimbatm.docker.scarf.sh 2021-04-15 14:50:46 +02:00			`name = "docker"`
			`value = "zimbatm.docker.scarf.sh"`
			`type = "CNAME"`
			`}`

terraform: add nix-community.org 2020-02-22 13:18:20 +01:00			`resource "cloudflare_record" "nix-community-org-hydra-CNAME" {`
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`zone_id = local.nix_community_zone_id`
terraform: add nix-community.org 2020-02-22 13:18:20 +01:00			`name = "hydra"`
also start hydra instance on build03 2021-04-20 21:51:03 +02:00			`value = "build03.nix-community.org"`
			`type = "CNAME"`
			`}`

terraform/cloudflare: add dns for nur-update 2022-12-12 07:17:24 +10:00			`resource "cloudflare_record" "nix-community-org-nur-update-CNAME" {`
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`zone_id = local.nix_community_zone_id`
terraform/cloudflare: add dns for nur-update 2022-12-12 07:17:24 +10:00			`name = "nur-update"`
Revert "nur-update: build03 -> web01" This reverts commit 0fe327bce4c24e9be6e582d70eb77916f28c5dc4. 2023-11-12 09:51:41 +10:00			`value = "build03.nix-community.org"`
terraform/cloudflare: add dns for nur-update 2022-12-12 07:17:24 +10:00			`type = "CNAME"`
			`}`

move alertmanager, prometheus under monitoring.nix-community.org 2023-09-05 15:42:49 +10:00			`resource "cloudflare_record" "nix-community-org-monitoring-CNAME" {`
terraform/cloudflare: add alertmanager and grafana 2023-08-13 09:05:25 +10:00			`zone_id = local.nix_community_zone_id`
move alertmanager, prometheus under monitoring.nix-community.org 2023-09-05 15:42:49 +10:00			`name = "monitoring"`
web02: monitoring 2023-07-29 15:54:41 +10:00			`value = "web02.nix-community.org"`
			`type = "CNAME"`
			`}`

terraform: add nix-community.org 2020-02-22 13:18:20 +01:00			`resource "cloudflare_record" "nix-community-org-apex-A" {`
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`zone_id = local.nix_community_zone_id`
terraform: add nix-community.org 2020-02-22 13:18:20 +01:00			`name = "@"`
			`value = "nix-community.github.io"`
			`type = "CNAME"`
			`proxied = false`
			`}`

			`resource "cloudflare_record" "nix-community-org-apex-TXT" {`
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`zone_id = local.nix_community_zone_id`
terraform: add nix-community.org 2020-02-22 13:18:20 +01:00			`name = "@"`
terraform: use Gandi for email Fix the DNS records so we can use the email forwarding service from Gandi. 2023-02-16 11:46:51 +01:00			`value = "v=spf1 include:_mailcust.gandi.net -all"`
terraform: add nix-community.org 2020-02-22 13:18:20 +01:00			`type = "TXT"`
			`}`
Add DNS records for mumble server (#23) 2020-05-03 18:58:57 +05:30
terraform: use Gandi for email Fix the DNS records so we can use the email forwarding service from Gandi. 2023-02-16 11:46:51 +01:00			`resource "cloudflare_record" "nix-community-org-apex-MX" {`
			`for_each = {`
			`"spool.mail.gandi.net." = 10`
			`"fb.mail.gandi.net." = 50`
			`}`
			`zone_id = local.nix_community_zone_id`
			`name = "@"`
			`value = each.key`
			`type = "MX"`
			`priority = each.value`
			`}`

terraform/cloudflare: add nix-community.org verification for github 2023-01-20 21:15:48 +10:00			`resource "cloudflare_record" "nix-community-org-github-challenge-TXT" {`
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`zone_id = local.nix_community_zone_id`
terraform/cloudflare: add nix-community.org verification for github 2023-01-20 21:15:48 +10:00			`name = "_github-challenge-nix-community-org"`
			`value = "2eee7c1945"`
			`type = "TXT"`
			`}`

terraform/cloudflare: add nix-community.org verification for github 2023-01-10 06:51:59 +10:00			`resource "cloudflare_record" "nix-community-org-github-pages-challenge-TXT" {`
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`zone_id = local.nix_community_zone_id`
terraform/cloudflare: add nix-community.org verification for github 2023-01-10 06:51:59 +10:00			`name = "_github-pages-challenge-nix-community.nix-community.org."`
			`value = "6d236784300b9b1e80fdc496b7bfce"`
			`type = "TXT"`
			`}`

terraform: bind github pages to nix-community.org (#27) This allows to host repos under the domain if we want to. For now, only have nur.nix-community.org 2020-06-17 12:18:06 +02:00			`resource "cloudflare_record" "nix-community-org-github-pages" {`
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`for_each = { for page in local.nix_community_github_pages : page => page }`
terraform: bind github pages to nix-community.org (#27) This allows to host repos under the domain if we want to. For now, only have nur.nix-community.org 2020-06-17 12:18:06 +02:00
terraform: clean nix-community.org code * Move locals to the top of the file * Use same prefix for all the locals 2023-01-25 09:54:29 +01:00			`zone_id = local.nix_community_zone_id`
terraform: bind github pages to nix-community.org (#27) This allows to host repos under the domain if we want to. For now, only have nur.nix-community.org 2020-06-17 12:18:06 +02:00			`name = each.value`
			`value = "nix-community.github.io"`
			`type = "CNAME"`
			`}`
No results found.