Merge branch 'generalized-geo-domains' into 'master'

Implement generalized support for geo domains See merge request !574

Merge branch 'generalized-geo-domains' into 'master'
0ea6ad34 · Evangelos Foutras · d8958415 · 3ab65485 · d8958415 · 0ea6ad34
Commit 0ea6ad34 authored 2 years ago by Evangelos Foutras
--- a/roles/geomirror/defaults/main.yml
+++ b/roles/geomirror/defaults/main.yml
---
-geomirror_acme_challenge: false
--- a/roles/prometheus/defaults/main.yml
+++ b/roles/prometheus/defaults/main.yml
@@ -75,8 +75,8 @@ blackbox_targets:
  smtp_starttls:
    - mail.archlinux.org:25
    - lists.archlinux.org:25
-  dns_geomirror_a: "{{ groups['geo_mirrors'] + ['mirror.pkgbuild.com'] }}"
-  dns_geomirror_aaaa: "{{ groups['geo_mirrors'] + ['mirror.pkgbuild.com'] }}"
+  geo_dns_geo.mirror.pkgbuild.com_a: "{{ groups['geo_mirrors'] }}"
+  geo_dns_geo.mirror.pkgbuild.com_aaaa: "{{ groups['geo_mirrors'] }}"
 matrix_metrics_endpoints:
  - homeserver
  - appservice

--- a/roles/prometheus/templates/prometheus.yml.j2
+++ b/roles/prometheus/templates/prometheus.yml.j2
@@ -74,7 +74,7 @@ scrape_configs:

  - job_name: 'powerdns'
    static_configs:
-      {% for host in groups['geo_mirrors'] + ['mirror.pkgbuild.com'] %}
+      {% for host in groups['geo_mirrors'] + [geo_acme_dns_challenge_ns] %}
      - targets: ['{{ hostvars[host]['wireguard_address'] }}:8081']
        labels:
          instance: "{{ host }}"

--- a/roles/prometheus_exporters/templates/blackbox.yml.j2
+++ b/roles/prometheus_exporters/templates/blackbox.yml.j2
+#jinja2: lstrip_blocks: True
 modules:
  http_prometheus:
    prober: http
@@ -24,23 +25,25 @@ modules:
        - send: "EHLO prober\r"
        - expect: "^250"
        - send: "QUIT\r"
-  dns_geomirror_a:
+  {% for domain in geo_domains %}
+  geo_dns_{{ domain }}_a:
    prober: dns
    timeout: 5s
    dns:
-      query_name: geo.mirror.pkgbuild.com
+      query_name: {{ domain }}
      query_type: A
      preferred_ip_protocol: ip4
      validate_answer_rrs:
        fail_if_not_matches_regexp:
-          - geo\.mirror\.pkgbuild\.com\.\t.*\tIN\tA\t({{ groups['geo_mirrors'] | map('extract', hostvars, ['ipv4_address']) | join('|') | replace('.', '\.') }})
-  dns_geomirror_aaaa:
+          - {{ domain | replace('.', '\.') }}\.\t.*\tIN\tA\t({{ groups['geo_mirrors'] | map('extract', hostvars, ['ipv4_address']) | join('|') | replace('.', '\.') }})
+  geo_dns_{{ domain }}_aaaa:
    prober: dns
    timeout: 5s
    dns:
-      query_name: geo.mirror.pkgbuild.com
+      query_name: {{ domain }}
      query_type: AAAA
      preferred_ip_protocol: ip6
      validate_answer_rrs:
        fail_if_not_matches_regexp:
-          - geo\.mirror\.pkgbuild\.com\.\t.*\tIN\tAAAA\t({{ groups['geo_mirrors'] | map('extract', hostvars, ['ipv6_address']) | join('|') }})
+          - {{ domain | replace('.', '\.') }}\.\t.*\tIN\tAAAA\t({{ groups['geo_mirrors'] | map('extract', hostvars, ['ipv6_address']) | join('|') }})
+  {% endfor %}
--- a/tf-stage1/archlinux.tf
+++ b/tf-stage1/archlinux.tf
@@ -364,6 +364,14 @@ locals {
      ipv6_address = hcloud_server.machine["homedir.archlinux.org"].ipv6_address
    }
  }
+
+  # Domains served by machines in the geo_mirrors group
+  geo_domains = {
+    "geo.mirror.pkgbuild.com" = {
+      zone_id = hetznerdns_zone.pkgbuild.id
+      name    = "geo.mirror"
+    }
+  }
 }

 resource "hetznerdns_zone" "archlinux" {
@@ -431,38 +439,6 @@ resource "hetznerdns_record" "pkgbuild_com_origin_txt" {
  type    = "TXT"
 }

-resource "hetznerdns_record" "pkgbuild_com_geo_mirror_ns1" {
-  zone_id = hetznerdns_zone.pkgbuild.id
-  name    = "geo.mirror"
-  value   = "mirror.pkgbuild.com."
-  type    = "NS"
-  ttl     = 86400
-}
-
-resource "hetznerdns_record" "pkgbuild_com_geo_mirror_ns2" {
-  zone_id = hetznerdns_zone.pkgbuild.id
-  name    = "geo.mirror"
-  value   = "asia.mirror.pkgbuild.com."
-  type    = "NS"
-  ttl     = 86400
-}
-
-resource "hetznerdns_record" "pkgbuild_com_geo_mirror_ns3" {
-  zone_id = hetznerdns_zone.pkgbuild.id
-  name    = "geo.mirror"
-  value   = "america.mirror.pkgbuild.com."
-  type    = "NS"
-  ttl     = 86400
-}
-
-resource "hetznerdns_record" "pkgbuild_com_geo_mirror_ns4" {
-  zone_id = hetznerdns_zone.pkgbuild.id
-  name    = "geo.mirror"
-  value   = "europe.mirror.pkgbuild.com."
-  type    = "NS"
-  ttl     = 86400
-}
-
 resource "hetznerdns_record" "archlinux_org_origin_caa" {
  zone_id = hetznerdns_zone.archlinux.id
  name    = "@"

--- a/tf-stage1/templates.tf
+++ b/tf-stage1/templates.tf
@@ -142,3 +142,33 @@ resource "hetznerdns_record" "machine_aaaa" {
  value   = hcloud_server.machine[each.key].ipv6_address
  type    = "AAAA"
 }
+
+resource "hetznerdns_record" "geo_ns1" {
+  for_each = local.geo_domains
+
+  zone_id = each.value.zone_id
+  name    = each.value.name
+  value   = "asia.mirror.pkgbuild.com."
+  type    = "NS"
+  ttl     = 86400
+}
+
+resource "hetznerdns_record" "geo_ns2" {
+  for_each = local.geo_domains
+
+  zone_id = each.value.zone_id
+  name    = each.value.name
+  value   = "america.mirror.pkgbuild.com."
+  type    = "NS"
+  ttl     = 86400
+}
+
+resource "hetznerdns_record" "geo_ns3" {
+  for_each = local.geo_domains
+
+  zone_id = each.value.zone_id
+  name    = each.value.name
+  value   = "europe.mirror.pkgbuild.com."
+  type    = "NS"
+  ttl     = 86400
+}