Skip to content
Snippets Groups Projects
Verified Commit 4861cf0c authored by Kristian Klausen's avatar Kristian Klausen :tada:
Browse files

Merge branch 'https-dns-record' into 'master'

tf-stage1: Add HTTPS[1] DNS records for speeding up HTTP/3 negotiation

See merge request !867
parents 32a8c07a b82335ca
No related branches found
No related tags found
1 merge request!867tf-stage1: Add HTTPS[1] DNS records for speeding up HTTP/3 negotiation
Pipeline #106046 passed
......@@ -55,10 +55,12 @@ locals {
"archlinux.org" = {
server_type = "cx22"
domain = "@"
http3 = true
}
"aur.archlinux.org" = {
server_type = "cx52"
domain = "aur"
http3 = true
}
"bbs.archlinux.org" = {
server_type = "cx22"
......@@ -154,6 +156,7 @@ locals {
"wiki.archlinux.org" = {
server_type = "cx32"
domain = "wiki"
http3 = true
}
"worker1.buildbot.pkgbuild.com" = {
server_type = "cx22"
......@@ -294,6 +297,7 @@ locals {
www = {
ipv4_address = hcloud_server.machine["archlinux.org"].ipv4_address
ipv6_address = hcloud_server.machine["archlinux.org"].ipv6_address
http3 = true
}
}
......
......@@ -76,6 +76,18 @@ resource "hetznerdns_record" "pkgbuild_com_aaaa" {
type = "AAAA"
}
resource "hetznerdns_record" "pkgbuild_org_https" {
for_each = {
for k, v in local.pkgbuild_com_a_aaaa : k => v if try(v.http3, false)
}
zone_id = hetznerdns_zone.pkgbuild.id
name = each.key
ttl = lookup(local.pkgbuild_com_a_aaaa[each.key], "ttl", null)
value = "1 . alpn=h2,h3 ipv4hint=${each.value.ipv4_address} ipv6hint=${each.value.ipv6_address}"
type = "HTTPS"
}
resource "hetznerdns_record" "archlinux_org_txt" {
for_each = local.archlinux_org_txt
......@@ -116,6 +128,18 @@ resource "hetznerdns_record" "archlinux_org_aaaa" {
type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_https" {
for_each = {
for k, v in local.archlinux_org_a_aaaa : k => v if try(v.http3, false)
}
zone_id = hetznerdns_zone.archlinux.id
name = each.key
ttl = lookup(local.archlinux_org_a_aaaa[each.key], "ttl", null)
value = "1 . alpn=h2,h3 ipv4hint=${each.value.ipv4_address} ipv6hint=${each.value.ipv6_address}"
type = "HTTPS"
}
resource "hetznerdns_record" "archlinux_org_cname" {
for_each = local.archlinux_org_cname
......@@ -221,6 +245,21 @@ resource "hetznerdns_record" "machine_aaaa" {
type = "AAAA"
}
resource "hetznerdns_record" "machine_https" {
for_each = {
for name, machine in local.machines : name => machine if can(machine.domain) && try(machine.http3, false)
}
zone_id = lookup(local.machines[each.key], "zone", hetznerdns_zone.archlinux.id)
name = each.value.domain
ttl = lookup(local.machines[each.key], "ttl", null)
value = (try(local.machines[each.key].ipv4_enabled, true) ?
"1 . alpn=h2,h3 ipv4hint=${hcloud_server.machine[each.key].ipv4_address} ipv6hint=${hcloud_server.machine[each.key].ipv6_address}" :
"1 . alpn=h2,h3 ipv6hint=${hcloud_server.machine[each.key].ipv6_address}"
)
type = "HTTPS"
}
resource "hetznerdns_record" "geo_ns1" {
for_each = local.geo_domains
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment