Manage second level DNS via terraform

.github/workflows/pull_request.yaml

@@ -0,0 +1,30 @@
+
+name: "Pull Request"
+
+on:
+  pull_request:
+    paths:
+      - 'sld/**'
+
+permissions: read-all
+
+defaults:
+  run:
+    working-directory: sld
+
+jobs:
+  terraform:
+    name: "Terraform"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # @v4
+
+      - name: Setup Terraform with specified version on the runner
+        uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # @v3
+        with:
+          terraform_version: 1.8.3
+
+      - name: Terraform format
+        id: fmt
+        run: terraform fmt -check

.github/workflows/sld_terraform.yaml

@@ -0,0 +1,60 @@
+
+name: "SLD Terraform"
+
+on:
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+    branches:
+      - master
+
+permissions: read-all
+
+defaults:
+  run:
+    working-directory: sld
+
+env:
+  # Credentials for name dot com
+  TF_VAR_name_dot_com_user: ${{ secrets.TF_VAR_name_dot_com_user }}
+  TF_VAR_name_dot_com_token: ${{ secrets.TF_VAR_name_dot_com_token }}
+  # Credentials for deployment to AWS
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  # S3 bucket for the Terraform state
+  BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE}}
+
+jobs:
+  terraform:
+    name: "Terraform"
+    environment: prod
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # @v4
+
+      - name: Setup Terraform with specified version on the runner
+        uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # @v3
+        with:
+          terraform_version: 1.8.3
+
+      - name: Terraform init
+        id: init
+        run: terraform init -backend-config="bucket=$BUCKET_TF_STATE"
+
+      - name: Terraform format
+        id: fmt
+        run: terraform fmt -check
+
+      - name: Terraform validate
+        id: validate
+        run: terraform validate
+
+      - name: Terraform plan
+        if: github.ref == 'refs/heads/master' && github.event_name == 'push'
+        run: terraform plan -no-color -input=false -parallelism=1
+
+      - name: Terraform Apply
+        if: github.ref == 'refs/heads/master' && github.event_name == 'push'
+        run: terraform apply -auto-approve -input=false -parallelism=1

README.md

@@ -1,10 +1,28 @@
 NYC Mesh DNS
 ---
 
+This repository manages the DNS zones for the various NYC Mesh domains including `nycmesh.net` and `mesh.nycmesh.net` domains.
+
+# mesh.nycmesh.net
+
 Edit the mesh.zone file to add a record, please format appropriately and place under the proper heading. 
 
 Please fork and make a pull request, don't push directly ( unless you have to )
 
+# Second Level Domains - nycmesh.net
+
+Uses [lexfrei/namedotcom](https://registry.terraform.io/providers/lexfrei/namedotcom/latest/docs) to manage the DNS zones for the following domains.
+
+1. [nycmesh.net](./sld/records.nycmesh.net.tf)
+2. [nycmeshconnect.com](./sld/records.nycmeshconnect.com.tf)
+3. [nycmeshconnect.net](./sld/records.nycmeshconnect.net.tf)
+4. [themesh.foundation](./sld/records.themesh.foundation.tf)
+5. [themesh.nyc](./sld/records.themesh.nyc.tf)
+
+# Hosting
+
+The following applies to the `mesh.nycmesh.net` zone, which is hosted inside of the mesh.
+
 ## Requirements
 
 Either:

sld/README.md

@@ -0,0 +1,27 @@
+# NYCMesh Second Level Domains
+
+1. [nycmesh.net](./records.nycmesh.net.tf)
+2. [nycmeshconnect.com](./records.nycmeshconnect.com.tf)
+3. [nycmeshconnect.net](./records.nycmeshconnect.net.tf)
+4. [themesh.foundation](./records.themesh.foundation.tf)
+5. [themesh.nyc](./records.themesh.nyc.tf)
+
+## Add DNS Record(s)
+
+1. Fork the repository if needed.
+2. Create a new branch.
+3. Add a new entry to the corresponding file `records.<DOMAIN>.tf`. Consult the [lexfrei/namedotcom documentation](https://registry.terraform.io/providers/lexfrei/namedotcom/latest/docs) as needed. The example below creates an `A` record pointed at `1.1.1.2`.
+4. Open a [pull request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request) to `master`.
+
+```
+resource "namedotcom_record" "record_test" {
+    domain_name = "nycmesh.net"
+    host = "test"
+    record_type = "A"
+    answer = "1.1.1.2"
+}
+```
+
+## Setup
+
+To use this repository as a template for managing other existing DNS zones hosted by [name.com](https://name.com), see [setup/README.md](./setup/README.md).

sld/provider.tf

@@ -0,0 +1,18 @@
+terraform {
+  backend "s3" {
+    # Chang to the path to use within your bucket
+    key    = "terraform/state/nycmesh-sld.tfstate"
+    region = "us-east-1"
+  }
+  required_providers {
+    namedotcom = {
+      source  = "lexfrei/namedotcom"
+      version = "1.3.1"
+    }
+  }
+}
+
+provider "namedotcom" {
+  username = var.name_dot_com_user
+  token    = var.name_dot_com_token
+}