Merge branch 'https-dns-record' into 'master'

tf-stage1: Add HTTPS[1] DNS records for speeding up HTTP/3 negotiation See merge request !867

Merge branch 'https-dns-record' into 'master'
4861cf0c · Kristian Klausen · 32a8c07a · b82335ca · 4861cf0c · 4861cf0c
Verified Commit 4861cf0c authored 6 months ago by Kristian Klausen
--- a/tf-stage1/archlinux.tf
+++ b/tf-stage1/archlinux.tf
@@ -55,10 +55,12 @@ locals {
    "archlinux.org" = {
      server_type = "cx22"
      domain      = "@"
+      http3       = true
    }
    "aur.archlinux.org" = {
      server_type = "cx52"
      domain      = "aur"
+      http3       = true
    }
    "bbs.archlinux.org" = {
      server_type = "cx22"
@@ -154,6 +156,7 @@ locals {
    "wiki.archlinux.org" = {
      server_type = "cx32"
      domain      = "wiki"
+      http3       = true
    }
    "worker1.buildbot.pkgbuild.com" = {
      server_type = "cx22"
@@ -294,6 +297,7 @@ locals {
    www = {
      ipv4_address = hcloud_server.machine["archlinux.org"].ipv4_address
      ipv6_address = hcloud_server.machine["archlinux.org"].ipv6_address
+      http3        = true
    }
  }


--- a/tf-stage1/templates.tf
+++ b/tf-stage1/templates.tf
@@ -76,6 +76,18 @@ resource "hetznerdns_record" "pkgbuild_com_aaaa" {
  type    = "AAAA"
 }

+resource "hetznerdns_record" "pkgbuild_org_https" {
+  for_each = {
+    for k, v in local.pkgbuild_com_a_aaaa : k => v if try(v.http3, false)
+  }
+
+  zone_id = hetznerdns_zone.pkgbuild.id
+  name    = each.key
+  ttl     = lookup(local.pkgbuild_com_a_aaaa[each.key], "ttl", null)
+  value   = "1 . alpn=h2,h3 ipv4hint=${each.value.ipv4_address} ipv6hint=${each.value.ipv6_address}"
+  type    = "HTTPS"
+}
+
 resource "hetznerdns_record" "archlinux_org_txt" {
  for_each = local.archlinux_org_txt

@@ -116,6 +128,18 @@ resource "hetznerdns_record" "archlinux_org_aaaa" {
  type    = "AAAA"
 }

+resource "hetznerdns_record" "archlinux_org_https" {
+  for_each = {
+    for k, v in local.archlinux_org_a_aaaa : k => v if try(v.http3, false)
+  }
+
+  zone_id = hetznerdns_zone.archlinux.id
+  name    = each.key
+  ttl     = lookup(local.archlinux_org_a_aaaa[each.key], "ttl", null)
+  value   = "1 . alpn=h2,h3 ipv4hint=${each.value.ipv4_address} ipv6hint=${each.value.ipv6_address}"
+  type    = "HTTPS"
+}
+
 resource "hetznerdns_record" "archlinux_org_cname" {
  for_each = local.archlinux_org_cname

@@ -221,6 +245,21 @@ resource "hetznerdns_record" "machine_aaaa" {
  type    = "AAAA"
 }

+resource "hetznerdns_record" "machine_https" {
+  for_each = {
+    for name, machine in local.machines : name => machine if can(machine.domain) && try(machine.http3, false)
+  }
+
+  zone_id = lookup(local.machines[each.key], "zone", hetznerdns_zone.archlinux.id)
+  name    = each.value.domain
+  ttl     = lookup(local.machines[each.key], "ttl", null)
+  value = (try(local.machines[each.key].ipv4_enabled, true) ?
+    "1 . alpn=h2,h3 ipv4hint=${hcloud_server.machine[each.key].ipv4_address} ipv6hint=${hcloud_server.machine[each.key].ipv6_address}" :
+    "1 . alpn=h2,h3 ipv6hint=${hcloud_server.machine[each.key].ipv6_address}"
+  )
+  type = "HTTPS"
+}
+
 resource "hetznerdns_record" "geo_ns1" {
  for_each = local.geo_domains