Merge pull request #61 from ChristianLempa:test

Test
ChristianLempa · Sep 1, 2023 · c2b9d2e · c2b9d2e
2 parents ba26926 + d4d0d97
commit c2b9d2e
Show file tree

Hide file tree

Showing 13 changed files with 513 additions and 0 deletions.
diff --git a/.github/workflows/dns-update-config.yml b/.github/workflows/dns-update-config.yml
@@ -0,0 +1,39 @@
+name: Update Config Files
+
+on:
+  push:
+    branches:
+      - main
+      - test
+      - dev
+    paths:
+      - 'dns/dns-prod-1/config/**'
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: "self-hosted"
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: SCP files via ssh key
+        uses: appleboy/scp-action@master
+        with:
+          username: xcad
+          host: srv-prod-7.home.clcreative.de
+          key: ${{ secrets.SSH_XCAD }}
+          source: './dns/dns-prod-1/config/*'
+          target: '/home/xcad/dns-prod-1/'
+          overwrite: true
+
+      - name: Restart Docker Container
+        uses: fifsky/ssh-action@master
+        with:
+          user: xcad
+          host: srv-prod-7.home.clcreative.de
+          key: ${{ secrets.SSH_XCAD }}
+          command: |
+            cd dns-prod-1
+            docker compose restart
diff --git a/.github/workflows/dns-update-dns.yml b/.github/workflows/dns-update-dns.yml
@@ -0,0 +1,86 @@
+name: "Update DNS Records"
+
+on:
+  push:
+    branches:
+      - main
+      - test
+      - dev
+    paths:
+      - 'dns/dns-prod-1/terraform/*.tf'
+  # pull_request:
+  #   branches:
+  #     - main
+  #   paths:
+  #     - 'dns/dns-prod-1/terraform/*.tf'
+  workflow_dispatch:
+
+defaults:
+  run:
+    working-directory: dns/dns-prod-1/terraform
+
+env:
+  TF_VAR_TSIG_KEY_HOME: ${{ secrets.TSIG_KEY_HOME }}
+
+jobs:
+  terraform:
+    runs-on: "self-hosted"
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          # terraform_version: 0.13.0:
+          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+      - name: Terraform Format
+        id: fmt
+        run: terraform fmt -check
+
+      - name: Terraform Init
+        id: init
+        run: terraform init
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
+
+      - name: Terraform Plan
+        id: plan
+        if: github.event_name == 'pull_request'
+        run: terraform plan -no-color -input=false
+        continue-on-error: true
+
+      - uses: actions/github-script@v6
+        if: github.event_name == 'pull_request'
+        env:
+          PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+            #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+            #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+            #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+            <details><summary>Show Plan</summary>
+            \`\`\`\n
+            ${process.env.PLAN}
+            \`\`\`
+            </details>
+            *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })
+      - name: Terraform Plan Status
+        if: steps.plan.outcome == 'failure'
+        run: exit 1
+
+      - name: Terraform Apply
+        if: github.event_name == 'push'
+        run: terraform apply -auto-approve -input=false
diff --git a/.github/workflows/dns-update-docker.yml b/.github/workflows/dns-update-docker.yml
@@ -0,0 +1,38 @@
+name: Update Docker Compose File
+
+on:
+  push:
+    branches:
+      - main
+      - test
+      - dev
+    paths:
+      - 'dns/dns-prod-1/docker-compose.yaml'
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: "self-hosted"
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Upload new Docker Compose File
+        uses: appleboy/scp-action@master
+        with:
+          username: xcad
+          host: srv-prod-7.home.clcreative.de
+          key: ${{ secrets.SSH_XCAD }}
+          source: './dns/dns-prod-1/docker-compose.yaml'
+          target: '/home/xcad/dns-prod-1/'
+
+      - name: Restart Docker Container
+        uses: fifsky/ssh-action@master
+        with:
+          user: xcad
+          host: srv-prod-7.home.clcreative.de
+          key: ${{ secrets.SSH_XCAD }}
+          command: |
+            cd dns-prod-1
+            docker compose up -d --force-recreate
diff --git a/dns/dns-prod-1/config/home-clcreative-de.zone b/dns/dns-prod-1/config/home-clcreative-de.zone
@@ -0,0 +1,10 @@
+$ORIGIN .
+$TTL 86400	; 1 day
+home.clcreative.de	IN SOA	ns.home.clcreative.de. home.clcreative.de. (
+				2001062618 ; serial
+				3600       ; refresh (1 hour)
+				3600       ; retry (1 hour)
+				2419200    ; expire (4 weeks)
+				3600       ; minimum (1 hour)
+				)
+			NS	ns.home.clcreative.de.
diff --git a/dns/dns-prod-1/config/named.conf b/dns/dns-prod-1/config/named.conf
@@ -0,0 +1,40 @@
+include "/etc/bind/named.conf.key";
+
+controls {
+    inet 127.0.0.1 port 953
+    allow { 127.0.0.1; } keys { "tsig-key"; };
+};
+
+acl docker-1 {
+  172.17.0.0/16;
+  172.18.0.0/16;
+  172.19.0.0/16;
+  172.20.0.0/16;
+  172.21.0.0/16;
+  172.22.0.0/16;
+  172.23.0.0/16;
+  172.24.0.0/16;
+  172.25.0.0/16;
+};
+
+acl dmz-prod-1 {
+  10.20.0.0/16;
+};
+
+acl lan-prod-1 {
+  10.10.0.0/16;
+};
+
+options {
+  forwarders {
+    1.1.1.1;
+    1.0.0.1;
+  };
+  allow-query { 127.0.0.1; docker-1; lan-prod-1; dmz-prod-1; };
+};
+
+zone "home.clcreative.de" IN {
+  type master;
+  file "/etc/bind/home-clcreative-de.zone";
+  update-policy { grant tsig-key zonesub any; };
+};
diff --git a/dns/dns-prod-1/config/rndc.conf b/dns/dns-prod-1/config/rndc.conf
@@ -0,0 +1,7 @@
+include "/etc/bind/named.conf.key";
+
+options {
+    default-key "tsig-key";
+    default-server 127.0.0.1;
+    default-port 953;
+};
diff --git a/dns/dns-prod-1/docker-compose.yaml b/dns/dns-prod-1/docker-compose.yaml
@@ -0,0 +1,12 @@
+---
+services:
+  bind9:
+    container_name: dns-prod-1
+    image: ubuntu/bind9:9.18-23.04_edge
+    environment:
+      - BIND9_USER=root
+      - TZ=Europe/Berlin
+    volumes:
+      - ./config/:/etc/bind:rw
+    network_mode: host
+    restart: unless-stopped
diff --git a/dns/dns-prod-1/terraform/_provider.tf b/dns/dns-prod-1/terraform/_provider.tf
@@ -0,0 +1,31 @@
+terraform {
+  required_version = ">= 0.13.0"
+
+  required_providers {
+    dns = {
+      source  = "hashicorp/dns"
+      version = "3.2.3"
+    }
+  }
+  cloud {
+    organization = "clcreative"
+
+    workspaces {
+      name = "dns-prod-1"
+    }
+  }
+}
+
+variable "TSIG_KEY_HOME" {
+  type      = string
+  sensitive = true
+}
+
+provider "dns" {
+  update {
+    server        = "10.20.0.19"
+    key_name      = "tsig-key."
+    key_algorithm = "hmac-sha256"
+    key_secret    = var.TSIG_KEY_HOME
+  }
+}
diff --git a/dns/dns-prod-1/terraform/apps.tf b/dns/dns-prod-1/terraform/apps.tf
@@ -0,0 +1,8 @@
+resource "dns_a_record_set" "db_prod_1" {
+  zone = "home.clcreative.de."
+  name = "db-prod-1"
+  addresses = [
+    "10.20.0.3"
+  ]
+  ttl = 3600
+}
diff --git a/dns/dns-prod-1/terraform/eval.tf b/dns/dns-prod-1/terraform/eval.tf
diff --git a/dns/dns-prod-1/terraform/infra.tf b/dns/dns-prod-1/terraform/infra.tf
@@ -0,0 +1,62 @@
+resource "dns_a_record_set" "fw_demo_1" {
+  zone = "home.clcreative.de."
+  name = "fw-demo-1"
+  addresses = [
+    "10.20.3.2"
+  ]
+  ttl = 3600
+}
+
+resource "dns_a_record_set" "fw_demo_2" {
+  zone = "home.clcreative.de."
+  name = "fw-demo-2"
+  addresses = [
+    "10.20.3.3"
+  ]
+  ttl = 3600
+}
+
+resource "dns_a_record_set" "fw_prod_1" {
+  zone = "home.clcreative.de."
+  name = "fw-prod-1"
+  addresses = [
+    "10.20.0.1"
+  ]
+  ttl = 3600
+}
+
+resource "dns_a_record_set" "prx_prod_1" {
+  zone = "home.clcreative.de."
+  name = "prx-prod-1"
+  addresses = [
+    "10.20.0.4"
+  ]
+  ttl = 3600
+}
+
+resource "dns_a_record_set" "prx_prod_2" {
+  zone = "home.clcreative.de."
+  name = "prx-prod-2"
+  addresses = [
+    "10.20.0.5"
+  ]
+  ttl = 3600
+}
+
+resource "dns_a_record_set" "nas_prod_1" {
+  zone = "home.clcreative.de."
+  name = "nas-prod-1"
+  addresses = [
+    "10.20.0.6"
+  ]
+  ttl = 3600
+}
+
+resource "dns_a_record_set" "sw_prod_1" {
+  zone = "home.clcreative.de."
+  name = "sw-prod-1"
+  addresses = [
+    "10.50.0.14"
+  ]
+  ttl = 3600
+}