Brain Phrye

code cooking diy fiction personal photos politics reviews tools


Terraforming Gandi

I use gandi for all my DNS needs and while I used to run my own dns it got tiresome after a while. So a long time ago I switched to using gandi to do it. Back then they had an api I was able to manipulate rather easily with python.

But a few years ago they changed to a new api and I put it on the long finger to migrate over. Happily in the meantime I learned terraform and discovered that there was a gandi terraform provider.

There are a number of nice things about managing DNS via terraform, but one nice bit is modules. I have a number of domains that use G Suite for email and collaboration. To make that work I made a module like so:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
resource "gandi_zonerecord" "spf" {
  zone = "${var.zone_id}"
  name = "@"
  type = "TXT"
  ttl  = 3600

  values = [
    "\"v=spf1 ip4:${local.isp_ip}/32 ip4:${local.aws1_ip}/32 ip4:${local.aws2_ip}/32 include:aspmx.googlemail.com ~all\"",
  ]
}

resource "gandi_zonerecord" "mx" {
  zone = "${var.zone_id}"
  name = "@"
  type = "MX"
  ttl  = 3600

  values = [
    "1 ASPMX.L.GOOGLE.com.",
    "5 ALT1.ASPMX.L.GOOGLE.com.",
    "5 ALT2.ASPMX.L.GOOGLE.com.",
    "10 ASPMX2.GOOGLEMAIL.com.",
    "10 ASPMX3.GOOGLEMAIL.com.",
    "10 ASPMX4.GOOGLEMAIL.com.",
    "10 ASPMX5.GOOGLEMAIL.com.",
  ]
}

To use this all I need to pass in is the zone id. If Google changes their MX records, I just chnage them here and all domains using G Suite are fixed. I have similar modules for github hosted sites, mailgun configs and so forth.

Now my “zone files” describe the services I’ve configured, but in a much more maintainable way.