feat(ops/dns): Import tvl.fyi DNS zone into depot

Imports the current state of the tvl.fyi zone and configures simple CI checks on the file format. No deployment automation exists for this (yet?). Change-Id: Ia7d72e02b9f6d3adef994c5dc1898cc0df9dfcfb Reviewed-on: https://cl.tvl.fyi/c/depot/+/2600 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: sterni <sternenseemann@systemli.org>
2021-03-14 02:58:30 +02:00 · 2021-03-14 02:58:30 +02:00 · b4e87f8254
commit b4e87f8254
parent b6895a5b30
4 changed files with 59 additions and 0 deletions
--- a/ops/dns/README.md
+++ b/ops/dns/README.md
@ -0,0 +1,11 @@
+DNS configuration
+=================
+
+This folder contains configuration for our DNS zones. The zones are hosted with
+Google Cloud DNS, which supports zone-file based import/export.
+
+Currently there is no automation to deploy these zones, but CI will check their
+integrity.
+
+*Note: While each zone file specifies an SOA record, it only exists to satisfy
+`named-checkzone`. Cloud DNS manages this record for us.*
--- a/ops/dns/default.nix
+++ b/ops/dns/default.nix
@ -0,0 +1,14 @@
+# Performs simple (local-only) validity checks on DNS zones.
+{ pkgs, ... }:
+
+let
+  checkZone = zone: file: pkgs.runCommandNoCC "${zone}-check" {} ''
+    ${pkgs.bind}/bin/named-checkzone -i local ${zone} ${file} | tee $out
+  '';
+
+  zones = {
+    tvl-fyi = checkZone "tvl.fyi" ./tvl.fyi.zone;
+  };
+in zones // {
+  meta.targets = builtins.attrNames zones;
+}
--- a/ops/dns/tvl.fyi.zone
+++ b/ops/dns/tvl.fyi.zone
@ -0,0 +1,33 @@
+;; Google Cloud DNS zone for tvl.fyi.
+;;
+;; This zone is hosted in the project 'tvl-fyi', and registered via
+;; Google Domains.
+tvl.fyi. 21600 IN SOA ns-cloud-b1.googledomains.com. cloud-dns-hostmaster.google.com. 9 21600 3600 259200 300
+tvl.fyi. 21600 IN NS ns-cloud-b1.googledomains.com.
+tvl.fyi. 21600 IN NS ns-cloud-b2.googledomains.com.
+tvl.fyi. 21600 IN NS ns-cloud-b3.googledomains.com.
+tvl.fyi. 21600 IN NS ns-cloud-b4.googledomains.com.
+
+;; Mail forwarding (via domains.google)
+tvl.fyi. 3600 IN MX 5 gmr-smtp-in.l.google.com.
+tvl.fyi. 3600 IN MX 10 alt1.gmr-smtp-in.l.google.com.
+tvl.fyi. 3600 IN MX 20 alt2.gmr-smtp-in.l.google.com.
+tvl.fyi. 3600 IN MX 30 alt3.gmr-smtp-in.l.google.com.
+tvl.fyi. 3600 IN MX 40 alt4.gmr-smtp-in.l.google.com.
+
+;; Landing website is hosted on whitby on the apex.
+tvl.fyi. 21600 IN A 49.12.129.211
+tvl.fyi. 21600 IN AAAA 2a01:4f8:242:5b21:0:feed:edef:beef
+
+;; TVL infrastructure
+whitby.tvl.fyi. 21600 IN A 49.12.129.211
+whitby.tvl.fyi. 21600 IN AAAA 2a01:4f8:242:5b21:0:feed:edef:beef
+
+;; TVL services
+b.tvl.fyi.     21600 IN CNAME whitby.tvl.fyi.
+cache.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi.
+cl.tvl.fyi.    21600 IN CNAME whitby.tvl.fyi.
+code.tvl.fyi.  21600 IN CNAME whitby.tvl.fyi.
+cs.tvl.fyi.    21600 IN CNAME whitby.tvl.fyi.
+login.tvl.fyi. 21600 IN CNAME whitby.tvl.fyi.
+todo.tvl.fyi.  21600 IN CNAME whitby.tvl.fyi.
--- a/third_party/nixpkgs-exposed/exposed/default.nix
+++ b/third_party/nixpkgs-exposed/exposed/default.nix
@ -14,6 +14,7 @@
    bashInteractive
    bat
    bc
+    bind
    buildBazelPackage
    buildFHSUserEnv
    buildGoModule