use gandi for our domains

2023-01-25 13:31:54 +01:00 · 2023-01-25 13:31:54 +01:00 · 9bae446a1a
commit 9bae446a1a
parent e62b523dcf
4 changed files with 24 additions and 2 deletions
--- a/shell.nix
+++ b/shell.nix
@ -9,6 +9,7 @@ mkShellNoCC {
      p: [
        p.cloudflare
        p.external
+        p.gandi
        p.hydra
        p.null
        p.sops
--- a/terraform/gandi.tf
+++ b/terraform/gandi.tf
@ -0,0 +1,11 @@
+# FIXME: Not declared because needs the owners block and so would require us
+# to expose personal mail addresses to the public.
+#
+# resource "gandi_domain" "nix_community" {
+#   name = "nix-community.org"
+# }
+
+resource "gandi_email_forwarding" "admin" {
+  source       = "admin@nix-community.org"
+  destinations = values(local.admins)
+}
--- a/terraform/secrets.yaml
+++ b/terraform/secrets.yaml
@ -2,6 +2,8 @@ CLOUDFLARE_API_TOKEN: ENC[AES256_GCM,data:RCXy2ccuRjpLqrbqy6Xx3ZA6XO4ZgKKyK3vrl3
 HYDRA_PASSWORD: ENC[AES256_GCM,data:7o8RuTWxYY7HNbMDgl9ur0j+ehI1bf0JSA==,iv:oZ6iHGGL4xbCC54kQ+mjpYYrm3Kn2PAlhDOyX8K6VCY=,tag:hXSlJSgjQymbsriHBiMy4w==,type:str]
 TF_TOKEN_app_terraform_io: ENC[AES256_GCM,data:htOyHZEIKxwPHzgpao+m3YIhLBM6ihZdq54YVlIw9bNHup7qrwgjJbT4nX6SIrFQvGQmqbVvhoFN6+UYyfcPlOWfdiIMUgZfa2F4zMceIsArNAcXMtv7Efzy,iv:RmDIHFfPJ5hHNDwvjdb7vxTnpE6JIlbLmbFzfGo+YAc=,tag:gzFY4HOGmuT5BrrFhzBtxw==,type:str]
 TFE_TOKEN: ENC[AES256_GCM,data:OiC6uMy/ilF3v/4cI0boZh7jYkVFwyeIASukif3d6PlWkIUkPonCbXmTXOcp+tpuCg7KzJC7r/bwsSM1BlFmCjXwOs7oeRK5sfNg+a071CEZnHpkMTgdwEqU,iv:mHIn4vwLS4oTYrhDVlmGbG0yzYrhcFbizIevGDIoaAs=,tag:UhKQ8w8Hk2POnZnr7BCBTg==,type:str]
+GANDI_KEY: ENC[AES256_GCM,data:3QWIFW4DIBdpY7vNHLIuewr9zU1igzXH,iv:q1A45jVoD7MxgFoIpUrO+Kj/41mEldH96OlpUJv626M=,tag:m3c1vDtdjMOS5lFjvHKogQ==,type:str]
+GANDI_SHARING_ID: ENC[AES256_GCM,data:635hSpyHifVPk+EP0yy4DmVVvmH+zQWVUfkJzvzmyu+UXvWV,iv:LyXWKmIb3ThPMH3KkzYkk6r4QAb7kWWaflhQYcWc2pw=,tag:LvtAmeDhMDv+AVDN07O7oA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -53,8 +55,8 @@ sops:
            MnhHSHdqd2xxbk5OWEx1Q3hGTGcySWsKnGKLLHKPewnG83Ejc+NJkfKsl8Z6vmSA
            Ao8Dc09GJzou5X0fP2h1/CpsB6XASD1Qox2oxEYPZvWNtiFGAaq9tg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-01-24T00:16:00Z"
-    mac: ENC[AES256_GCM,data:vHtOQcP2mwr2bI8ss3M7NzyNmPj3guDzF4Xaj0Z8/GcVPC1VR4s4aqnIsvVPN6XXv7ORcZXGJ/laKX8dn44HcTkmN1wrvsbggaedOsq8SGqspsvciFmudnGlPUMlqXtQ5Hwsk4qYM/aGYZkC0S36ctCPMcA4WkczAws238DFA5w=,iv:QUgOBLMctB3nuJW8SLb6tq0aAWyuLqJtXfBanTOeqo4=,tag:Pa7NfLRhaMcsfha9Vvvs2Q==,type:str]
+    lastmodified: "2023-01-25T12:37:56Z"
+    mac: ENC[AES256_GCM,data:qSxIjsSauNTb6uMqEN7dWGvUE2si4Ow23kPJDFqfIVxtHPL2K794uRCwNSPDPybecF7vPBxjUAv04xxw1Z8TiE3WKnORZlJmeTylSb08WWAKyjK3GYTAlw5c8DrSSNDQp5C/114RkC6pfpVwGq/ABmSsvBChuXfrwAl0uy+dm5g=,iv:4XDIlaKo8zFIR46GlnxQ9UcgVhL6Q20oUfOFNhUUQP4=,tag:bs3BBo1mDyfEONGl92CPUw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
--- a/terraform/terraform_providers.tf
+++ b/terraform/terraform_providers.tf
@ -3,6 +3,9 @@ terraform {
    cloudflare = {
      source = "cloudflare/cloudflare"
    }
+    gandi = {
+      source = "go-gandi/gandi"
+    }
    hydra = {
      source = "DeterminateSystems/hydra"
    }
@ -23,6 +26,11 @@ provider "cloudflare" {
  api_token = data.sops_file.nix-community.data["CLOUDFLARE_API_TOKEN"]
 }

+provider "gandi" {
+  key        = data.sops_file.nix-community.data["GANDI_KEY"]
+  sharing_id = data.sops_file.nix-community.data["GANDI_SHARING_ID"]
+}
+
 provider "hydra" {
  host     = "https://hydra.nix-community.org"
  password = data.sops_file.nix-community.data["HYDRA_PASSWORD"]