From 233c898530b6d8754d847971ddb3903064fb08d9 Mon Sep 17 00:00:00 2001
From: Romain Paquet <rpqt@rpqt.fr>
Date: Tue, 16 Sep 2025 20:38:42 +0200
Subject: [PATCH] add dns config for verbena

---
 infra/.terraform.lock.hcl        | 58 ++++++++++++++++----------------
 infra/dns.tf                     | 30 +++++++++++++++++
 infra/main.tf                    |  3 ++
 infra/templates/turifer.dev.zone |  5 +++
 4 files changed, 67 insertions(+), 29 deletions(-)

diff --git a/infra/.terraform.lock.hcl b/infra/.terraform.lock.hcl
index 43613ee..770c91a 100644
--- a/infra/.terraform.lock.hcl
+++ b/infra/.terraform.lock.hcl
@@ -21,42 +21,42 @@ provider "registry.opentofu.org/go-gandi/gandi" {
   ]
 }
 
-provider "registry.opentofu.org/hashicorp/local" {
-  version = "2.5.3"
+provider "registry.opentofu.org/hashicorp/assert" {
+  version = "0.16.0"
   hashes = [
-    "h1:mC9+u1eaUILTjxey6Ivyf/3djm//RNNze9kBVX/trng=",
-    "zh:32e1d4b0595cea6cda4ca256195c162772ddff25594ab4008731a2ec7be230bf",
-    "zh:48c390af0c87df994ec9796f04ec2582bcac581fb81ed6bb58e0671da1c17991",
-    "zh:4be7289c969218a57b40902e2f359914f8d35a7f97b439140cb711aa21e494bd",
-    "zh:4cf958e631e99ed6c8b522c9b22e1f1b568c0bdadb01dd002ca7dffb1c927764",
-    "zh:7a0132c0faca4c4c96aa70808effd6817e28712bf5a39881666ac377b4250acf",
-    "zh:7d60de08fac427fb045e4590d1b921b6778498eee9eb16f78c64d4c577bde096",
-    "zh:91003bee5981e99ec3925ce2f452a5f743827f9d0e131a86613549c1464796f0",
-    "zh:9fe2fe75977c8149e2515fb30c6cc6cfd57b225d4ce592c570d81a3831d7ffa3",
-    "zh:e210e6be54933ce93e03d0994e520ba289aa01b2c1f70e77afb8f2ee796b0fe3",
-    "zh:e8793e5f9422f2b31a804e51806595f335b827c9a38db18766960464566f21d5",
+    "h1:2jeV46S9jN2rk0GXOa+HGNlVvyWzaB3wz0T65elbjOc=",
+    "zh:3c04d08d1bb4ae810b7972a219c8dd42a8ab901a9bc25197b250c38f3fa57033",
+    "zh:46119bcc47b545809c0ee873a72d44f4f875cca4d7228605f5c7a8956a5e7d55",
+    "zh:511949ee8a6ac8ff7296b4c9778deb2aec2783f5b85c4f27382a3b623fc50a4a",
+    "zh:b4ebb8b832bae26443880d2e17493f754495db2d6c3f02c6d0070cbf5ae21598",
+    "zh:bebed6c1873871eb824103f08e72055c077f01b10a40944760d19ffdd721d9ab",
+    "zh:e412855fd2fd81e0a847e45308bdbac99995315c503fdddf262ee59e1b7c5263",
+    "zh:ed47c4fe28c6f148f11fa4098516abea008c49fa670c3cedd2ff94596cac0831",
+    "zh:edee914b1d12ac6db241a1fecaa5186c47f361f4ceb2deb23ad45d67bf95c7b1",
+    "zh:eff5b2e1c2128217bdbc600eda4fe011831e5c655bf4acd84b6495fc20d128d3",
+    "zh:ff64424784171a3361b1ea95d8cef334ec1c4a395812edd0a77a1ed6b4119b0f",
   ]
 }
 
 provider "registry.opentofu.org/hetznercloud/hcloud" {
-  version     = "1.51.0"
+  version     = "1.52.0"
   constraints = "~> 1.45"
   hashes = [
-    "h1:yER+O3OKYfxBAO7KVYZzH+4EYrmorCO0J0hlnRUfH00=",
-    "zh:0e8e78084c12866e8e3873011bcac125780b62afeaa518d4749b9a063ae6e32b",
-    "zh:145738cee21bcdeea1cf82f0d44f7f239c27c2214249e5e5079668c479522a8a",
-    "zh:164406be8ee83952f58a449d514837cc6d9763b6d29e72262d5582d5d5b89315",
-    "zh:1a0e6ffab3196b35ca65eb445622615bb8dddd68d0bf350ed60d25e1e74f67dc",
-    "zh:3b7729d1bb5cc7a5af60b42a607f7b3fec690192b1efb55e2341cee88405ecb0",
-    "zh:3bcfc5c40d1b7702f39dac5d2dd9eef58c9c934effb4676e26fbe85fe2057e8f",
-    "zh:3ce193892dca025b804de6d99316c50a33462eb36336006a9db7ea44be439eba",
-    "zh:4f92437e1eba8eafe4417f8b61d557ed47f121622305ee2b3c13c31e45c69ca4",
-    "zh:554c308bf64b603a075a8f13a151a136b68ba382c2d83977a0df26de7dea2d3d",
-    "zh:8c57aa6032fed5da43a0102a4f26262c0496803b99f2f92e5ceb02c80161e291",
-    "zh:99cd4d246d0ad3a3529176df22a47f254700f8c4fc33f62c14464259284945b7",
-    "zh:af38a4d1e93f2392a296970ba4ecea341204e888d579cd74642e9f23a94b3b06",
-    "zh:f0766d42dd97b3eac6fa614fa5809ff2511c9104f3834d0d4b6e84674f13f092",
-    "zh:f20f7379876ede225f3b6f0719826706a171ea4c1dd438a8a3103dee8fe43ccc",
+    "h1:LTjrLuC+4F1Kv4TxS9e7LVVkG8/S4QQ7X4ORblvKTbc=",
+    "zh:1e9bb6b6a2ea5f441638dbae2d60fbe04ff455f58a18c740b8b7913e2197d875",
+    "zh:29c122e404ba331cfbadacc7f1294de5a31c9dfd60bdfe3e1b402271fc8e419c",
+    "zh:2bd0ae2f0bb9f16b7753f59a08e57ac7230f9c471278d7882f81406b9426c8c7",
+    "zh:4383206971873f6b5d81580a9a36e0158924f5816ebb6206b0cf2430e4e6a609",
+    "zh:47e2ca1cfa18500e4952ab51dc357a0450d00a92da9ea03e452f1f3efe6bbf75",
+    "zh:8e9fe90e3cea29bb7892b64da737642fc22b0106402df76c228a3cbe99663278",
+    "zh:a2d69350a69c471ddb63bcc74e105e585319a0fc0f4d1b7f70569f6d2ece5824",
+    "zh:a97abcc254e21c294e2d6b0fc9068acfd63614b097dda365f1c56ea8b0fd5f6b",
+    "zh:aba8d72d4fe2e89c922d5446d329e5c23d00b28227b4666e6486ba18ea2ec278",
+    "zh:ad36c333978c2d9e4bc43dcadcbff42fe771a8c5ef53d028bcacec8287bf78a7",
+    "zh:cdb1e6903b9d2f0ad8845d4eb390fbe724ee2435fb045baeab38d4319e637682",
+    "zh:df77b08757f3f36b8aadb33d73362320174047044414325c56a87983f48b5186",
+    "zh:e07513d5ad387247092b5ae1c87e21a387fc51873b3f38eee616187e38b090a7",
+    "zh:e2be02bdc59343ff4b9e26c3b93db7680aaf3e6ed13c8c4c4b144c74c2689915",
   ]
 }
 
diff --git a/infra/dns.tf b/infra/dns.tf
index d028a5e..543a35f 100644
--- a/infra/dns.tf
+++ b/infra/dns.tf
@@ -22,6 +22,30 @@ resource "gandi_livedns_record" "rpqt_fr_radicle_aaaa" {
   ]
 }
 
+resource "gandi_livedns_record" "rpqt_fr_cloud_a" {
+  zone = data.gandi_livedns_domain.rpqt_fr.id
+  name = "cloud"
+  type = "A"
+  ttl  = 10800
+  values = [
+    hcloud_server.crocus_server.ipv4_address,
+  ]
+}
+
+resource "gandi_livedns_record" "rpqt_fr_cloud_aaaa" {
+  zone = data.gandi_livedns_domain.rpqt_fr.id
+  name = "cloud"
+  type = "AAAA"
+  ttl  = 10800
+  values = [
+    hcloud_server.crocus_server.ipv6_address,
+  ]
+}
+
+data "ovh_vps" "verbena_vps" {
+  service_name = "vps-7e78bac2.vps.ovh.net"
+}
+
 data "ovh_domain_zone" "turifer_dev" {
   name = "turifer.dev"
 }
@@ -32,9 +56,15 @@ resource "ovh_domain_zone_import" "turifer_dev_import" {
 }
 
 locals {
+  verbena_ipv4_addresses = [for ip in data.ovh_vps.verbena_vps.ips : ip if provider::assert::ipv4(ip)]
+  verbena_ipv6_addresses = [for ip in data.ovh_vps.verbena_vps.ips : ip if provider::assert::ipv6(ip)]
+
   turifer_dev_zone_file = templatefile("./templates/turifer.dev.zone", {
     crocus_ipv4_address = hcloud_server.crocus_server.ipv4_address
     crocus_ipv6_address = hcloud_server.crocus_server.ipv6_address
+
+    verbena_ipv4_addresses = local.verbena_ipv4_addresses
+    verbena_ipv6_addresses = local.verbena_ipv6_addresses
   })
 }
 
diff --git a/infra/main.tf b/infra/main.tf
index d8a499c..30d54e4 100644
--- a/infra/main.tf
+++ b/infra/main.tf
@@ -12,5 +12,8 @@ terraform {
       source  = "ovh/ovh"
       version = "2.5.0"
     }
+    assert = {
+      source = "hashicorp/assert"
+    }
   }
 }
diff --git a/infra/templates/turifer.dev.zone b/infra/templates/turifer.dev.zone
index a94a640..4a087d6 100644
--- a/infra/templates/turifer.dev.zone
+++ b/infra/templates/turifer.dev.zone
@@ -19,3 +19,8 @@ _pop3s._tcp.turifer.dev. 3000 IN SRV 0 1 995 pop.migadu.com.
 
 git.turifer.dev. 10800 IN A ${crocus_ipv4_address}
 git.turifer.dev. 10800 IN AAAA ${crocus_ipv6_address}
+
+%{ for addr in verbena_ipv4_addresses ~}
+%{ endfor ~}
+%{ for addr in verbena_ipv6_addresses ~}
+%{ endfor ~}