From 733a2133b5cda548fca0cb1b232ab0fb7ca9d585 Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutrelis.com>
Date: Mon, 16 May 2022 15:46:43 +0300
Subject: [PATCH] geo_dns: add option to set NS TTL for geo domains

Ansible side of commit 5007c1a85ec6 ("tf-stage1: allow setting the NS
TTL of geo domains"); both values need to match so our geo nameservers
report the same TTL as that returned by the parent zone's nameservers.
---
 group_vars/all/geo.yml             | 5 +++--
 roles/geo_dns/templates/geo.yml.j2 | 6 +++---
 tf-stage1/archlinux.tf             | 3 +++
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/group_vars/all/geo.yml b/group_vars/all/geo.yml
index a70e3a158..e12fa1aa7 100644
--- a/group_vars/all/geo.yml
+++ b/group_vars/all/geo.yml
@@ -1,5 +1,6 @@
 geo_acme_dns_challenge_ns: redirect.archlinux.org
 geo_domains:
   - geo.mirror.pkgbuild.com
-geo_health_check_paths:
-  geo.mirror.pkgbuild.com: /lastupdate
+geo_options:
+  geo.mirror.pkgbuild.com:
+    health_check_path: /lastupdate
diff --git a/roles/geo_dns/templates/geo.yml.j2 b/roles/geo_dns/templates/geo.yml.j2
index 485f62b27..0b7049cd7 100644
--- a/roles/geo_dns/templates/geo.yml.j2
+++ b/roles/geo_dns/templates/geo.yml.j2
@@ -9,19 +9,19 @@ domains:
         - soa: {{ groups['geo_mirrors'] | first }}. root.archlinux.org. 2022042701 3600 1800 604800 3600
         {% for host in groups['geo_mirrors'] %}
         - ns:
-            ttl: 86400
+            ttl: {{ geo_options[domain]['ns_ttl'] | default(86400) }}
             content: {{ host }}
         {% endfor %}
         - lua:
             ttl: 300
             content: >
-              A "ifurlup('https://{{ domain }}{{ geo_health_check_paths[domain] | default('/') }}',
+              A "ifurlup('https://{{ domain }}{{ geo_options[domain]['health_check_path'] | default('/') }}',
               {'{{ groups['geo_mirrors'] | map('extract', hostvars, ['ipv4_address']) | join("', '") }}'},
               {selector='pickclosest', useragent='pdns on {{ inventory_hostname }}'})"
         - lua:
             ttl: 300
             content: >
-              AAAA "ifurlup('https://{{ domain }}{{ geo_health_check_paths[domain] | default('/') }}',
+              AAAA "ifurlup('https://{{ domain }}{{ geo_options[domain]['health_check_path'] | default('/') }}',
               {'{{ groups['geo_mirrors'] | map('extract', hostvars, ['ipv6_address']) | join("', '") }}'},
               {selector='pickclosest', useragent='pdns on {{ inventory_hostname }}'})"
       _acme-challenge.{{ domain }}:
diff --git a/tf-stage1/archlinux.tf b/tf-stage1/archlinux.tf
index 41bba840f..06d7e16fc 100644
--- a/tf-stage1/archlinux.tf
+++ b/tf-stage1/archlinux.tf
@@ -371,6 +371,9 @@ locals {
   #   - name (mandatory, specifies the subdomain to create in the above zone)
   #   - ttl (optional, the TTL of the NS records, defaults to 86400 if unset)
   #
+  # Note: If you use a custom TTL, also add it to geo_options[domain]['ns_ttl']
+  #       in Ansible (see the 'geo_options' variable in group_vars/all/geo.yml)
+  #
   geo_domains = {
     "geo.mirror.pkgbuild.com" = {
       zone_id = hetznerdns_zone.pkgbuild.id
-- 
GitLab