diff --git a/dns/default_records.js b/dns/default_records.js
index f9cf54b..e4ad5e3 100644
--- a/dns/default_records.js
+++ b/dns/default_records.js
@@ -12,7 +12,7 @@ function mx_default(dkim) {
TXT("_dmarc", "v=DMARC1; p=quarantine; rua=mailto:dmarcreports@serguzim.me; ruf=mailto:dmarcreports@serguzim.me; rf=afrf; sp=quarantine; fo=1; pct=100; ri=604800; adkim=r; aspf=r"),
TXT("dkim._domainkey", "v=DKIM1; k=rsa; t=s; s=email; p=" + dkim),
- TLSA("_25._tcp", 3, 1, 1, "e66a608a3ec459bda7fb1f2d500b8abeb78f2910f26641204b6bc454b8aa2a49"),
+ TLSA("_25._tcp", 3, 1, 1, "70143145ab67680a3b61fe2d0eb63319625fa086f845cce59afdbf1dad79e561"),
MX("@", 10, "mail.serguzim.me."),
MX("*", 10, "mail.serguzim.me."),
diff --git a/dns/functions.js b/dns/functions.js
index a8efc14..52922cb 100644
--- a/dns/functions.js
+++ b/dns/functions.js
@@ -1,11 +1,12 @@
-function service(target, domain, host, alias) {
+function service(target, domain, host, alias, vpn) {
return {
target: target,
domain: domain,
host: hosts[host],
alias: alias,
+ vpn: vpn,
record: function() {
- return my_host_record(this.target, this.resolve_host());
+ return my_host_record(this.target, this.resolve_host(), this.vpn);
},
resolve_host: function() {
if (this.alias) {
@@ -27,18 +28,18 @@ function collect_services(domain) {
return result;
}
-function my_host_record(target, host) {
- switch (target) {
- case "db":
- return [
- A(target, host.ipv4_address_vpn),
- AAAA(target, host.ipv6_address_vpn)
- ];
- default:
- return [
- A(target, host.ipv4_address),
- AAAA(target, host.ipv6_address)
- ];
+function my_host_record(target, host, vpn) {
+ if (vpn) {
+ return [
+ A(target, host.ipv4_address_vpn),
+ AAAA(target, host.ipv6_address_vpn)
+ ];
+ }
+ else {
+ return [
+ A(target, host.ipv4_address),
+ AAAA(target, host.ipv6_address)
+ ];
}
}
diff --git a/dnsconfig.js b/dnsconfig.js
index 427fc85..6d8ece0 100644
--- a/dnsconfig.js
+++ b/dnsconfig.js
@@ -15,7 +15,7 @@ var DSP_OVH = NewDnsProvider("ovh");
var services = {};
for (var key in services_json) {
var s = services_json[key];
- services[key] = service(s.target, s.domain, s.host, s.alias);
+ services[key] = service(s.target, s.domain, s.host, s.alias, s.vpn);
}
@@ -61,11 +61,13 @@ D("serguzim.me", REG_OVH, DnsProvider(DSP_OVH),
all_defaults("serguzim.me", true),
TXT("direct", "v=spf1 mx -all"),
- TLSA("_25._tcp.mail", 3, 1, 1, "e66a608a3ec459bda7fb1f2d500b8abeb78f2910f26641204b6bc454b8aa2a49"),
+ TLSA("_25._tcp.mail", 3, 1, 1, "70143145ab67680a3b61fe2d0eb63319625fa086f845cce59afdbf1dad79e561"),
acme_challenge("auth", "18a42983-3d19-4c17-8213-fc275a8be721"),
acme_challenge("db", "ca2c86c0-ff3d-458a-89e0-11bcfd2543e4"),
acme_challenge("paas", "92924f7c-0859-4941-9e3d-2ecedfb21c1b"),
+ acme_challenge("alloy", "92924f7c-0859-4941-9e3d-2ecedfb21c1b"),
+ acme_challenge("mimir", "92924f7c-0859-4941-9e3d-2ecedfb21c1b"),
verify_amazon_ses(dkim_ses["serguzim.me"]),
diff --git a/playbooks/filter_plugins/service_filters.py b/playbooks/filter_plugins/service_filters.py
index 91d6700..d55c5bd 100644
--- a/playbooks/filter_plugins/service_filters.py
+++ b/playbooks/filter_plugins/service_filters.py
@@ -71,6 +71,7 @@ class FilterModule(object):
result[name] = {
"target": ".".join(target_parts),
"domain": ".".join(domain_parts[-2:]),
+ "vpn": dns.get("vpn", False),
}
if dns.get("alias"):
diff --git a/services.auto.tfvars b/services.auto.tfvars
index 69b4b94..be7a9d8 100644
--- a/services.auto.tfvars
+++ b/services.auto.tfvars
@@ -502,6 +502,7 @@ services = {
host = "node001"
dns = [{
domain = "db.serguzim.me"
+ vpn = true
}]
backup = [{
name = "postgresql"
diff --git a/variables.tf b/variables.tf
index a28d5af..4224771 100644
--- a/variables.tf
+++ b/variables.tf
@@ -139,6 +139,7 @@ variable "services" {
domain = string
name = optional(string)
alias = optional(string)
+ vpn = optional(bool)
})))
backup = optional(list(object({
name = string