From 2d765994f3ff1981ebae47dc2058f72b59e52f4f Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Wed, 7 Dec 2022 16:54:38 +0100 Subject: Write an example DNS layout --- README.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/README.md b/README.md index dcf6ed9..d22e853 100644 --- a/README.md +++ b/README.md @@ -65,3 +65,28 @@ Here is the relevant Nix configuration snippet that sets up these metadata value ### ... later ... services.consul.extraConfig.node_meta = node_meta; ``` + +### Example DNS layout for a Deuxfleurs cluster (see nixcfg repo for global setup) + +- All IPv4 and IPv6 addresses of running Tricot nodes are registered using D53 + for the root domain, e.g. `deuxfleurs.fr` + +- The IPv6 and IPv6 addresses of running Tricot nodes in each site are + registered using D53 for the subdomain `.site.`, e.g. + `neptune.site.deuxfleurs.fr` + +- For subdomains of global HTTP services (e.g. Garage), a CNAME entry is made + by hand to the root domain , e.g. `garage.deuxfleurs.fr IN CNAME + deuxfleurs.fr` + +- For subdomains of HTTP services that run only at one place at once (e.g. + Guichet, Grafana, Synapse, ...), a CNAME entry is registered automatically + using D53 to the subdomain of the site on where it is running. + In this case, users will be routed to any Tricot daemon running on one of + the nodes of the site, which will then proxy the request to the final + destination node through Wireguard. + +- For non-HTTP services such as e-mail, a specific subdomain such as + `smtp.deuxfleurs.fr` is created and populated with the correct IPv4 and IPv6 + addresses by D53 tags on the SMTP server's Consul service. Then, the `MX` + entry is made to point to this dedicated subdomain. -- cgit v1.2.3