OctoDNS

.github/workflows/dns-deploy.yaml

@@ -0,0 +1,25 @@
+name: Deploy DNS to providers
+
+on:
+  push:
+    branches:
+      - main
+jobs:
+  octodns-sync:
+    environment: production
+    name: Sync latest changes to DNS providers
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install Python Dependencies
+        uses: HassanAbouelela/actions/setup-python@setup-python_v1.4.2
+        with:
+          python_version: '3.12'
+          install_args: --only dns
+      - uses: solvaholic/octodns-sync@main
+        with:
+          config_path: dns/production.yaml
+          doit: '--doit'
+        env:
+          CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}

.github/workflows/dns-dry-run.yaml

@@ -0,0 +1,48 @@
+name: Generate DNS change plan
+
+on:
+  pull_request:
+jobs:
+  octodns-sync:
+    name: Run `octodns-sync` with production.yaml
+    runs-on: ubuntu-latest
+    outputs:
+      plan: ${{ steps.generate-plan.outputs.plan }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install Python Dependencies
+        uses: HassanAbouelela/actions/setup-python@setup-python_v1.4.2
+        with:
+          python_version: '3.12'
+          install_args: --only dns
+      - uses: solvaholic/octodns-sync@main
+        id: generate-plan
+        with:
+          config_path: dns/production.yaml
+        env:
+          CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_RO_TOKEN }}
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+  add-pr-comment:
+    name: Add `octodns-sync` plan to comment
+    if: ${{ ! contains(needs.octodns-sync.outputs.plan, 'No changes were planned') }}
+    needs: [octodns-sync]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Find previous comment, if present
+        uses: peter-evans/find-comment@v3
+        id: fc
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-author: github-actions[bot]
+          body-includes: "OctoDNS Plan for "
+      - name: Create or update comment
+        id: prcomment
+        uses: peter-evans/create-or-update-comment@v4
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          comment-id: ${{ steps.fc.outputs.comment-id }}
+          body: |
+            # OctoDNS Plan for `${{ github.event.pull_request.head.ref }}`
+
+            ${{ needs.octodns-sync.outputs.plan }}
+          edit-mode: replace

.gitignore

@@ -3,3 +3,4 @@ venv
 .cache/
 .vscode/
 *.config
+.env

dns/README.md

@@ -0,0 +1,3 @@
+# DNS Management
+
+This folder manages DNS records across the zones we use. It uses [octodns](https://github.com/octodns/octodns) with the Cloudfare provider to push and synchronize zone records with the YAML files in the `zones` folder.

dns/production.yaml

@@ -0,0 +1,24 @@
+---
+manager:
+  plan_outputs:
+    html:
+      class: octodns.provider.plan.PlanMarkdown
+
+providers:
+  zone_config:
+    class: octodns.provider.yaml.YamlProvider
+    directory: dns/zones
+    default_ttl: 300
+    enforce_order: true
+  cloudflare:
+    class: octodns_cloudflare.CloudflareProvider
+    token: env/CLOUDFLARE_TOKEN
+    account_id: env/CLOUDFLARE_ACCOUNT_ID
+    pagerules: false
+
+zones:
+  '*':
+    sources:
+      - zone_config
+    targets:
+      - cloudflare

dns/zones/pydis.com.yaml

@@ -0,0 +1,43 @@
+---
+'':
+  - octodns:
+      cloudflare:
+        auto-ttl: true
+        proxied: true
+    ttl: 300
+    type: AAAA
+    value: '100::'
+  - octodns:
+      cloudflare:
+        auto-ttl: true
+    ttl: 300
+    type: MX
+    values:
+    - exchange: mxa.mailgun.org.
+      preference: 10
+    - exchange: mxb.mailgun.org.
+      preference: 10
+  - octodns:
+      cloudflare:
+        auto-ttl: true
+    ttl: 300
+    type: TXT
+    values:
+    - keybase-site-verification=nPFHPag1t4_lbDluRl2ey0GDyz8gdhucyWi5r3DsbzU
+    - v=spf1 include:mailgun.org ~all
+
+'*':
+  octodns:
+    cloudflare:
+      auto-ttl: true
+  ttl: 300
+  type: CNAME
+  value: pythondiscord.com.
+
+krs._domainkey:
+  octodns:
+    cloudflare:
+      auto-ttl: true
+  ttl: 300
+  type: TXT
+  value: k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVxMVxyTI2tCukkCwsTOJBWh2LReAekANQMA4DwbHSEZNVNI1pkIHASSA3Z4WheWz9dkGyrgxwlUX8MdWukckPj8FsGm/oENXd3+5hm8BYJUPym/xA7skqmRNiYHnstdCIE9u8+EnOrH2iYyGcAqSqkQtng4C6iYPkBLg8zSdcYQIDAQAB

dns/zones/pydis.org.yaml

@@ -0,0 +1,39 @@
+---
+'':
+  - octodns:
+      cloudflare:
+        auto-ttl: true
+    ttl: 300
+    type: ALIAS
+    value: pythondiscord.com.
+  - octodns:
+      cloudflare:
+        auto-ttl: true
+    ttl: 300
+    type: TXT
+    value: keybase-site-verification=cZ4S0PFxbk_QNaQ8uCQUhgAfODykPWOWpuMrUyBF9AQ
+
+'*':
+  octodns:
+    cloudflare:
+      auto-ttl: true
+  ttl: 300
+  type: CNAME
+  value: pythondiscord.com.
+
+_acme-challenge.forms:
+  octodns:
+    cloudflare:
+      auto-ttl: true
+  ttl: 300
+  type: TXT
+  value: vksE5-PftvlUnw71gBe7X1W14IZX-aTxDSwYMlJLkN0
+
+forms:
+  octodns:
+    cloudflare:
+      auto-ttl: true
+      proxied: true
+  ttl: 300
+  type: CNAME
+  value: forms-frontend.pages.dev.

dns/zones/pydis.wtf.yaml

@@ -0,0 +1,92 @@
+---
+'':
+  - octodns:
+      cloudflare:
+        proxied: true
+    ttl: 300
+    type: A
+    value: 1.2.3.4
+  - octodns:
+      cloudflare:
+        auto-ttl: true
+    ttl: 300
+    type: MX
+    values:
+    - exchange: amir.mx.cloudflare.net.
+      preference: 36
+    - exchange: isaac.mx.cloudflare.net.
+      preference: 60
+    - exchange: linda.mx.cloudflare.net.
+      preference: 85
+  - octodns:
+      cloudflare:
+        auto-ttl: true
+    ttl: 300
+    type: TXT
+    values:
+    - keybase-site-verification=mKEPFr6d5VSGgahHtzy0y7nPRmo7OWyOUQ7s9ds8OFs
+    - v=spf1 include:_spf.mx.cloudflare.net ~all
+
+20220929._domainkey:
+  octodns:
+    cloudflare:
+      auto-ttl: true
+  ttl: 300
+  type: TXT
+  value: v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDadFXuHEGxF9XCb8mUbYfoCrFm01rzFvnkuxtoJt2jwBLQwkx+CD9KfCjdq5vzFzb0nRFP8L9NY0h1m58ZOdFnf9n4ejbMLvDcfVvzxK7W95HiGdt0RzaQ2AUI5QCFeCedj7z/PlOeM772kKzkUcXTATwFTOOxeSoxVyhHYmdlZwIDAQAB
+
+_dmarc:
+  octodns:
+    cloudflare:
+      auto-ttl: true
+  ttl: 300
+  type: TXT
+  value: v=DMARC1\; p=reject\; adkim=s
+
+cloud.native.is.fun.and.easy:
+  octodns:
+    cloudflare:
+      auto-ttl: true
+  ttl: 300
+  type: A
+  value: 89.58.25.151
+
+files:
+  octodns:
+    cloudflare:
+      proxied: true
+  ttl: 300
+  type: A
+  value: 89.58.25.151
+
+lovelace.box:
+  octodns:
+    cloudflare:
+      auto-ttl: true
+  ttl: 300
+  type: A
+  value: 89.58.26.118
+
+pddc.devops:
+  octodns:
+    cloudflare:
+      auto-ttl: true
+  ttl: 300
+  type: A
+  value: 89.58.25.151
+
+turing.box:
+  octodns:
+    cloudflare:
+      auto-ttl: true
+  ttl: 300
+  type: A
+  value: 89.58.25.151
+
+www:
+  octodns:
+    cloudflare:
+      proxied: true
+  ttl: 300
+  type: A
+  value: 89.58.25.151