snix/ops/dns
Florian Klink a11099fd1c feat(ops/dns): manage snix.{store,systems} in DO
Also include tvix.{store,systems}, they might still be used in some
places.

Change-Id: I90085d7488f94c8764e61e3d99d8f03459c6f9f0
Reviewed-on: https://cl.snix.dev/c/snix/+/30501
Reviewed-by: Ryan Lahfa <ryan@lahfa.xyz>
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
2025-05-12 14:39:47 +00:00
..
.gitignore feat(*): initialize new Snix infrastructure 2025-03-17 17:15:07 +00:00
default.nix fix(ops/dns): drop broken checkZone parts, fix validate 2025-05-10 16:09:02 +00:00
main.tf feat(ops): Deploy harmonia on cache.snix.dev 2025-03-31 12:39:21 +00:00
README.md feat(*): initialize new Snix infrastructure 2025-03-17 17:15:07 +00:00
snix-dev.tf feat(ops/dns): manage snix.{store,systems} in DO 2025-05-12 14:39:47 +00:00
snix-store.tf feat(ops/dns): manage snix.{store,systems} in DO 2025-05-12 14:39:47 +00:00
snix-systems.tf feat(ops/dns): manage snix.{store,systems} in DO 2025-05-12 14:39:47 +00:00

DNS configuration

This folder contains configuration for our DNS zones. The zones are hosted with Digital Ocean DNS, which possess a Terraform provider for DNS records.

Secrets are needed for applying this. The encrypted file //ops/secrets/tf-dns.age contains export calls which should be sourced, for example via direnv, by users with the appropriate credentials.

Here is an example direnv configuration:

# //ops/secrets/.envrc
source_up
eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-dns.age)
watch_file $(git rev-parse --show-toplevel)/secrets/tf-dns.age