From 71cf156541c955a6ae27ab1824c74ccfd44ab735 Mon Sep 17 00:00:00 2001 From: Josh Klar Date: Wed, 14 Feb 2024 16:21:22 -0800 Subject: [PATCH] terraform: Track Gandi domains in state again finally. --- .mise.toml | 2 +- terraform/.terraform.lock.hcl | 20 +++ terraform/domains.tf | 244 ++++++++++++++++++++++++++++++++++ terraform/main.tf | 5 + 4 files changed, 270 insertions(+), 1 deletion(-) create mode 100644 terraform/domains.tf diff --git a/.mise.toml b/.mise.toml index 465eb5e..520f8df 100644 --- a/.mise.toml +++ b/.mise.toml @@ -1,2 +1,2 @@ [tools] -terraform = "1.0" +terraform = "1.6" diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index 3d9c176..059c325 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -24,6 +24,26 @@ provider "registry.terraform.io/digitalocean/digitalocean" { ] } +provider "registry.terraform.io/go-gandi/gandi" { + version = "2.3.0" + constraints = "2.3.0" + hashes = [ + "h1:9kqWL+eFk/ogrQSltL9zVqjMcOqbvs3EgIJEeyNPb8U=", + "zh:0936d011cf75bb5162c6027d00575a586807adc9008f4152def157b6ad22bae9", + "zh:2170e671f04d3346ea416fcc404be6d05f637eab7df77e289a6898a928885f0b", + "zh:250329baae3cb09cfb88dd004d45f003ba76fbe7b8daf9d18fd640b93a2b7252", + "zh:2ccd9f253424738ca5fbbcb2127bf3713c20e87bfb3829f8c4565569424fd0bd", + "zh:3607b48bc4691cd209528f9ffe16a6cc666bd284b0d0bdfe8c4e1d538559a408", + "zh:3bc1d2b770fe0f50027da59c405b2468d1322243235367014f75f765124f458d", + "zh:6c8a9092847ee2e2890825432b54424c456638d494e49b7d1845f055214714f5", + "zh:8e0b62a330876005d52bcd65d7b1d9a679a7ac79c626e0f86661519e8f9b5698", + "zh:8f44f4d52583ff249e2001ea2a8b8841010489dd43e1a01a9ec3a6813d121c28", + "zh:9a617927d4a3a2897ff10999a19a6d1f0ef634b8c6b8fc3be12cf53948cfd9cf", + "zh:cab3c82c54e38e6001eed5b80a2d16b7824921f8f8b3909049e174c48e6e8804", + "zh:f78cc685aa4ba5056ea53a7f8ce585f87a911f0a8a387a44a33d7dfb69db7663", + ] +} + provider "registry.terraform.io/linode/linode" { version = "1.21.0" constraints = "1.21.0" diff --git a/terraform/domains.tf b/terraform/domains.tf new file mode 100644 index 0000000..0bf47de --- /dev/null +++ b/terraform/domains.tf @@ -0,0 +1,244 @@ +/* All of these should come from env vars for privacy. */ +variable "whois_email" { + type = string +} + +variable "whois_given_name" { + type = string +} + +variable "whois_family_name" { + type = string +} + +variable "whois_phone" { + type = string +} + +variable "whois_city" { + type = string +} + +variable "whois_country" { + type = string + default = "US" +} + +variable "whois_state" { + type = string +} + +variable "whois_street_addr" { + type = string +} + +variable "whois_zip" { + type = string +} + +variable "whois_type" { + type = string + default = "person" +} +/* End env vars. */ + +locals { + ns_digitalocean = [ + "ns1.digitalocean.com", + "ns2.digitalocean.com", + "ns3.digitalocean.com", + ] +} + +# Note that Gandi provider doesn't currently support updating domain owner +# contact as of time of writing, so we must `ignore_changes` the entire owner +# block for now. + +resource "gandi_domain" "kmkfw_io" { + name = "kmkfw.io" + nameservers = local.ns_digitalocean + + owner { + city = var.whois_city + country = var.whois_country + email = var.whois_email + family_name = var.whois_family_name + given_name = var.whois_given_name + phone = var.whois_phone + state = var.whois_state + street_addr = var.whois_street_addr + type = var.whois_type + zip = var.whois_zip + } + + lifecycle { + ignore_changes = [owner] + } +} + +import { + to = gandi_domain.kmkfw_io + id = "kmkfw.io" +} + +resource "gandi_domain" "absolutelynot_fun" { + name = "absolutelynot.fun" + + owner { + city = var.whois_city + country = var.whois_country + email = var.whois_email + family_name = var.whois_family_name + given_name = var.whois_given_name + phone = var.whois_phone + state = var.whois_state + street_addr = var.whois_street_addr + type = var.whois_type + zip = var.whois_zip + } + + lifecycle { + ignore_changes = [owner] + } +} + +import { + to = gandi_domain.absolutelynot_fun + id = "absolutelynot.fun" +} + + +resource "gandi_domain" "whattheref_info" { + name = "whattheref.info" + # nameservers = local.ns_digitalocean + # ^ evidently uses Gandi LiveDNS for now still + + owner { + city = var.whois_city + country = var.whois_country + email = var.whois_email + family_name = var.whois_family_name + given_name = var.whois_given_name + phone = var.whois_phone + state = var.whois_state + street_addr = var.whois_street_addr + type = var.whois_type + zip = var.whois_zip + } + + lifecycle { + ignore_changes = [owner] + } +} + +import { + to = gandi_domain.whattheref_info + id = "whattheref.info" +} + +resource "gandi_domain" "stopfuckingbreakingshit_online" { + name = "stopfuckingbreakingshit.online" + + owner { + city = var.whois_city + country = var.whois_country + email = var.whois_email + family_name = var.whois_family_name + given_name = var.whois_given_name + phone = var.whois_phone + state = var.whois_state + street_addr = var.whois_street_addr + type = var.whois_type + zip = var.whois_zip + } + + lifecycle { + ignore_changes = [owner] + } +} + +import { + to = gandi_domain.stopfuckingbreakingshit_online + id = "stopfuckingbreakingshit.online" +} + +resource "gandi_domain" "iv597_com" { + name = "iv597.com" + nameservers = local.ns_digitalocean + + owner { + city = var.whois_city + country = var.whois_country + email = var.whois_email + family_name = var.whois_family_name + given_name = var.whois_given_name + phone = var.whois_phone + state = var.whois_state + street_addr = var.whois_street_addr + type = var.whois_type + zip = var.whois_zip + } + + lifecycle { + ignore_changes = [owner] + } +} + +import { + to = gandi_domain.iv597_com + id = "iv597.com" +} + +resource "gandi_domain" "klar_sh" { + name = "klar.sh" + nameservers = local.ns_digitalocean + + owner { + city = var.whois_city + country = var.whois_country + email = var.whois_email + family_name = var.whois_family_name + given_name = var.whois_given_name + phone = var.whois_phone + state = var.whois_state + street_addr = var.whois_street_addr + type = var.whois_type + zip = var.whois_zip + } + + lifecycle { + ignore_changes = [owner] + } +} + +import { + to = gandi_domain.klar_sh + id = "klar.sh" +} + +resource "gandi_domain" "joshklar_com" { + name = "joshklar.com" + nameservers = local.ns_digitalocean + + owner { + city = var.whois_city + country = var.whois_country + email = var.whois_email + family_name = var.whois_family_name + given_name = var.whois_given_name + phone = var.whois_phone + state = var.whois_state + street_addr = var.whois_street_addr + type = var.whois_type + zip = var.whois_zip + } + + lifecycle { + ignore_changes = [owner] + } +} + +import { + to = gandi_domain.joshklar_com + id = "joshklar.com" +} diff --git a/terraform/main.tf b/terraform/main.tf index 0f0b0d5..3bb227b 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -3,6 +3,11 @@ terraform { // don't want tfstate on a single point of failure required_providers { + gandi = { + version = "2.3" + source = "go-gandi/gandi" + } + digitalocean = { source = "digitalocean/digitalocean" version = "2.11" -- 2.45.2