Commit 6f22a572 authored by Evangelos Foutras's avatar Evangelos Foutras 🐱
Browse files

Merge branch 'standardize-ttl' into 'master'

tf-stage1: standardize on TTL 3600 for DNS records

See merge request archlinux/infrastructure!542
parents 58677706 e680dc3b
Pipeline #16530 passed with stage
in 45 seconds
......@@ -38,13 +38,13 @@ locals {
# - server_type (mandatory)
# - domain (optional, creates dns entry <domain>.archlinux.org pointing to the machine)
# - ttl (optional, applies to the dns entries)
# - zone (optionel, required for pkgbuild.com machines)
# - zone (optional, required for pkgbuild.com machines)
#
# Example:
# "archlinux.org" = {
# server_type = "cpx11"
# domain = "@"
# ttl = 600
# ttl = 3600
# }
machines = {
"archlinux.org" = {
......@@ -154,7 +154,7 @@ locals {
}
}
# This creates gitlab pages varification entries.
# This creates gitlab pages verification entries.
# Every line consists of "key" = "value":
# - key equals the pages subdomain
# - value equals the pages verification code
......@@ -176,12 +176,12 @@ locals {
# - value (mandatory)
#
# Example:
# "_github-challenge-archlinux" = { ttl = 600, value = "824af4446e" }
# "_github-challenge-archlinux" = { ttl = 3600, value = "824af4446e" }
archlinux_org_txt = {
"dkim-ed25519._domainkey.lists" = { ttl = 600, value = "v=DKIM1; k=ed25519;p=ongbdFgt5Vimg/VRRbbSVRU4lBCkcYNaPA4K3JS/DnY=" }
"dkim-rsa._domainkey.lists" = { ttl = 600, value = "v=DKIM1; k=rsa; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4M+y3ZeB9eI3GVgcrvMcI1SYOveH7P5TTRstaCHTlE/aRTiCzu5h6zKwwxEiK6NR5ugbHpBtfFnfnsl1eoaXVFBQfNdDNglHllJOZGVxTnyrFjRJUk9zN+PV/Haz73nAe1hOAENgV8NKnTok1ntaOYSH1AEj4yTswfQkuN23NPrQc1eyy3+hGC+lYpud3xAAl+oT4QE76PaLgk6Hz\" \"HOvZmAPGD3azJZRbobninZZXTAEvZFuPkfpWeUreDU9Hk9VX3zOmnqTN+YjIS5CdV6+Ghem3dCkmR9j3gOZBeBUYD7b+cinTYe/PZO2OG/LWCwN11EYyf1LSBGhBJCF9HPGiGIdhy5T62nKvwDQS0bj1HL+y6pXZdv2C7KgH+lAZ0idpOQ2TtV5e0tlVdryY4QXY9m7mSQ84WsoEdGDsetOhiTEKuqyGnDoYa0wYbM5477LL6EOzS0x3ZC/mbOg\" \"B+FSdzmLWCH/WjuzMNpw9WU+u4BucwVbYcnZ1vAxQQOEnA/Ku9drRHMFixBwodQuMA78j8ICCMJKlUiXmbbL7OFoXBArYJ7lgVs7mlaoEaqzDPCyqs1lJ9kOxdNoZj5zdxERcQhLm+Yo/948i6Js/nkWT0eAjNlHxZuCg3B4z7L4lRZpaGt+vHdcGUIeDKW34O0dWxPwIUmQA4CwmhUB0HWL9UcCAwEAAQ==" }
"dkim-ed25519._domainkey" = { ttl = 600, value = "v=DKIM1; k=ed25519; p=XOHB7b7V1puX+FryNIhsjXHYIFqk+q6JRu4XQ7Jc8MQ=" }
"dkim-rsa._domainkey" = { ttl = 600, value = "v=DKIM1; k=rsa; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1GjGrEczq7iHZbvT7wa4ltJz2jwSndUGdRHgfEPnGBeevOXEAlEFr4zsdkfZEaNaQLIhZNpvKAt/A+kkyalkj4u9AnxqeNsNmZflFl6TKgvh0tWNEP3+XNxfdQ7zfml4WggL/YdAjXngg42oZEUsnS/6iozOFn7bNvzqBx5PFJ21pgyuR8DWyLaeOt+p55dVed7DCKnKi11Xjiu7k\" \"H68W8rose7g8Fv9fecBatEE4jwloOXsjh+tH0iab1NSSSpIq6EdgcPrpmrllN3/n2J/kCGK6ztISB6vR7xWgvgHSMjmEL0GPWzohGPrw2UQhZhrNV8dJpiLRYmfK+rXaKF0Kqag/F0e4C4jCKFX7NYFcYXYRlN5QlDFjZvUmOILlgnZ8w/SdZUKzpLObGuwnANLG+WSOjw42p9mXVGN6AfOQPu8OjRjS1MyhcdDIbUvZiQjbmiVJ5frpYZ39BTg\" \"CIzYLJJ5932+3gnwROu1OeljWkpBkfHZXPzADus80l3Vxsk91XZVB36rN8tyuMownR/M4HNC7ZE/EBwOnn1mGH7bLd6pva8u5Qy8Y6LrDdYea5Kk7aZ2WJSSRTV+nkPvOEIx+DfsIWNfmkVWzmuVky96fRvwOCuh38w8zpmlqzhDuGSQrBaLFXwAC7LYQ6kPDHzrjQhs99ScR0ix6YclrmpimMcCAwEAAQ==" }
"dkim-ed25519._domainkey.lists" = { value = "v=DKIM1; k=ed25519;p=ongbdFgt5Vimg/VRRbbSVRU4lBCkcYNaPA4K3JS/DnY=" }
"dkim-rsa._domainkey.lists" = { value = "v=DKIM1; k=rsa; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4M+y3ZeB9eI3GVgcrvMcI1SYOveH7P5TTRstaCHTlE/aRTiCzu5h6zKwwxEiK6NR5ugbHpBtfFnfnsl1eoaXVFBQfNdDNglHllJOZGVxTnyrFjRJUk9zN+PV/Haz73nAe1hOAENgV8NKnTok1ntaOYSH1AEj4yTswfQkuN23NPrQc1eyy3+hGC+lYpud3xAAl+oT4QE76PaLgk6Hz\" \"HOvZmAPGD3azJZRbobninZZXTAEvZFuPkfpWeUreDU9Hk9VX3zOmnqTN+YjIS5CdV6+Ghem3dCkmR9j3gOZBeBUYD7b+cinTYe/PZO2OG/LWCwN11EYyf1LSBGhBJCF9HPGiGIdhy5T62nKvwDQS0bj1HL+y6pXZdv2C7KgH+lAZ0idpOQ2TtV5e0tlVdryY4QXY9m7mSQ84WsoEdGDsetOhiTEKuqyGnDoYa0wYbM5477LL6EOzS0x3ZC/mbOg\" \"B+FSdzmLWCH/WjuzMNpw9WU+u4BucwVbYcnZ1vAxQQOEnA/Ku9drRHMFixBwodQuMA78j8ICCMJKlUiXmbbL7OFoXBArYJ7lgVs7mlaoEaqzDPCyqs1lJ9kOxdNoZj5zdxERcQhLm+Yo/948i6Js/nkWT0eAjNlHxZuCg3B4z7L4lRZpaGt+vHdcGUIeDKW34O0dWxPwIUmQA4CwmhUB0HWL9UcCAwEAAQ==" }
"dkim-ed25519._domainkey" = { value = "v=DKIM1; k=ed25519; p=XOHB7b7V1puX+FryNIhsjXHYIFqk+q6JRu4XQ7Jc8MQ=" }
"dkim-rsa._domainkey" = { value = "v=DKIM1; k=rsa; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1GjGrEczq7iHZbvT7wa4ltJz2jwSndUGdRHgfEPnGBeevOXEAlEFr4zsdkfZEaNaQLIhZNpvKAt/A+kkyalkj4u9AnxqeNsNmZflFl6TKgvh0tWNEP3+XNxfdQ7zfml4WggL/YdAjXngg42oZEUsnS/6iozOFn7bNvzqBx5PFJ21pgyuR8DWyLaeOt+p55dVed7DCKnKi11Xjiu7k\" \"H68W8rose7g8Fv9fecBatEE4jwloOXsjh+tH0iab1NSSSpIq6EdgcPrpmrllN3/n2J/kCGK6ztISB6vR7xWgvgHSMjmEL0GPWzohGPrw2UQhZhrNV8dJpiLRYmfK+rXaKF0Kqag/F0e4C4jCKFX7NYFcYXYRlN5QlDFjZvUmOILlgnZ8w/SdZUKzpLObGuwnANLG+WSOjw42p9mXVGN6AfOQPu8OjRjS1MyhcdDIbUvZiQjbmiVJ5frpYZ39BTg\" \"CIzYLJJ5932+3gnwROu1OeljWkpBkfHZXPzADus80l3Vxsk91XZVB36rN8tyuMownR/M4HNC7ZE/EBwOnn1mGH7bLd6pva8u5Qy8Y6LrDdYea5Kk7aZ2WJSSRTV+nkPvOEIx+DfsIWNfmkVWzmuVky96fRvwOCuh38w8zpmlqzhDuGSQrBaLFXwAC7LYQ6kPDHzrjQhs99ScR0ix6YclrmpimMcCAwEAAQ==" }
"_dmarc" = { value = "v=DMARC1; p=none; rua=mailto:dmarc-reports@archlinux.org; ruf=mailto:dmarc-reports@archlinux.org;" }
"_github-challenge-archlinux" = { value = "824af4446e" }
......@@ -193,12 +193,12 @@ locals {
"_smtp._tls.master-key" = { value = "v=TLSRPTv1;rua=mailto:postmaster@archlinux.org" }
"_smtp._tls.lists" = { value = "v=TLSRPTv1;rua=mailto:postmaster@archlinux.org" }
# Generated with: date +%s
"_mta-sts" = { ttl = 600, value = "v=STSv1; id=1608210175" }
"@" = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all", ttl = 600 }
"mail" = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all", ttl = 600 }
"aur" = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all", ttl = 600 }
"master-key" = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all", ttl = 600 }
lists = { value = "v=spf1 ip4:${hcloud_server.machine["lists.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["lists.archlinux.org"].ipv6_address} ~all", ttl = 600 }
"_mta-sts" = { value = "v=STSv1; id=1608210175" }
"@" = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all" }
"mail" = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all" }
"aur" = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all" }
"master-key" = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all" }
lists = { value = "v=spf1 ip4:${hcloud_server.machine["lists.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["lists.archlinux.org"].ipv6_address} ~all" }
}
# This creates archlinux.org MX DNS entries
......@@ -207,12 +207,12 @@ locals {
# - ttl (optional)
#
# Example:
# "lists" = { mx = "lists", ttl = 600 }
# "lists" = { mx = "lists", ttl = 3600 }
archlinux_org_mx = {
"@" = { mx = "mail", ttl = 600 }
aur = { mx = "mail", ttl = 600 }
master-key = { mx = "mail", ttl = 600 }
lists = { mx = "lists", ttl = 600 }
"@" = { mx = "mail" }
aur = { mx = "mail" }
master-key = { mx = "mail" }
lists = { mx = "lists" }
}
# This creates archlinux.org A/AAAA DNS entries in addition to those already specified by the VPSes.
......@@ -230,7 +230,7 @@ locals {
# gemini = {
# ipv4_address = "49.12.124.107"
# ipv6_address = "2a01:4f8:242:5614::2"
# ttl = 600
# ttl = 3600
# }
archlinux_org_a_aaaa = {
aur4 = {
......@@ -281,7 +281,7 @@ locals {
# - ttl (optional)
#
# Example:
# dev = { value = "www", ttl = 600 }
# dev = { value = "www", ttl = 3600 }
archlinux_org_cname = {
archive = { value = "gemini" }
dev = { value = "www" }
......@@ -303,14 +303,14 @@ locals {
# MTA-STS
mta-sts = { value = "mail" }
"mta-sts.aur" = { value = "mail" }
"_mta-sts.aur" = { value = "_mta-sts", ttl = 600 }
"_mta-sts.aur" = { value = "_mta-sts" }
"mta-sts.master-key" = { value = "mail" }
"_mta-sts.master-key" = { value = "_mta-sts", ttl = 600 }
"_mta-sts.master-key" = { value = "_mta-sts" }
"mta-sts.lists" = { value = "mail" }
"_mta-sts.lists" = { value = "_mta-sts", ttl = 600 }
"_mta-sts.lists" = { value = "_mta-sts" }
}
# This creates pkgbuild.comA/AAAA DNS entries in addition to those already specified by the VPSes.
# This creates pkgbuild.com A/AAAA DNS entries in addition to those already specified by the VPSes.
# The VPSes already get a default domain assigned based on their domain parameter.
# Thus the domains in local.pkgbuild_com_a_aaaa are additional domains or domains assigned to dedicated servers.
#
......@@ -367,12 +367,12 @@ locals {
resource "hetznerdns_zone" "archlinux" {
name = "archlinux.org"
ttl = 86400
ttl = 3600
}
resource "hetznerdns_zone" "pkgbuild" {
name = "pkgbuild.com"
ttl = 86400
ttl = 3600
}
resource "hetznerdns_record" "pkgbuild_com_origin_caa" {
......@@ -394,6 +394,7 @@ resource "hetznerdns_record" "pkgbuild_com_origin_ns3" {
name = "@"
value = "helium.ns.hetzner.de."
type = "NS"
ttl = 86400
}
resource "hetznerdns_record" "pkgbuild_com_origin_ns2" {
......@@ -401,6 +402,7 @@ resource "hetznerdns_record" "pkgbuild_com_origin_ns2" {
name = "@"
value = "oxygen.ns.hetzner.com."
type = "NS"
ttl = 86400
}
resource "hetznerdns_record" "pkgbuild_com_origin_ns1" {
......@@ -408,6 +410,7 @@ resource "hetznerdns_record" "pkgbuild_com_origin_ns1" {
name = "@"
value = "hydrogen.ns.hetzner.com."
type = "NS"
ttl = 86400
}
# TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
......@@ -439,6 +442,7 @@ resource "hetznerdns_record" "archlinux_org_origin_ns3" {
name = "@"
value = "helium.ns.hetzner.de."
type = "NS"
ttl = 86400
}
resource "hetznerdns_record" "archlinux_org_origin_ns2" {
......@@ -446,6 +450,7 @@ resource "hetznerdns_record" "archlinux_org_origin_ns2" {
name = "@"
value = "oxygen.ns.hetzner.com."
type = "NS"
ttl = 86400
}
resource "hetznerdns_record" "archlinux_org_origin_ns1" {
......@@ -453,6 +458,7 @@ resource "hetznerdns_record" "archlinux_org_origin_ns1" {
name = "@"
value = "hydrogen.ns.hetzner.com."
type = "NS"
ttl = 86400
}
# TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment