Add Tailscale tailnet DNS configuration via Terranix

Configure global DNS nameservers for the Tailscale tailnet, setting trantor as the primary DNS server with Cloudflare as fallback. This enables custom DNS resolution across the entire tailnet. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-09 10:29:45 -03:00 · 2025-11-09 10:29:45 -03:00 · 808bccf0a2
commit 808bccf0a2
parent 92f5593611
3 changed files with 128 additions and 0 deletions
--- a/terranix/cloudflare/baduhai.dev.nix
+++ b/terranix/cloudflare/baduhai.dev.nix
@ -0,0 +1,77 @@
 # Required environment variables:
 #   CLOUDFLARE_API_TOKEN - API token with "Edit zone DNS" permissions
 #   TF_VAR_zone_id - Zone ID for baduhai.dev (find in Cloudflare dashboard)
 #   AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage
 #   AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage
 { config, ... }:
 {
  terraform.required_providers.cloudflare = {
    source = "cloudflare/cloudflare";
    version = "~> 5.0";
  };
  terraform.backend.s3 = {
    bucket = "terraform-state";
    key = "cloudflare/baduhai.dev.tfstate";
    region = "auto";
    endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com";
    skip_credentials_validation = true;
    skip_metadata_api_check = true;
    skip_region_validation = true;
    skip_requesting_account_id = true;
    use_path_style = true;
  };
  variable = {
    zone_id = {
      description = "Cloudflare zone ID for baduhai.dev";
      type = "string";
      sensitive = true;
    };
  };
  data = {
    terraform_remote_state.trantor = {
      backend = "s3";
      config = {
        bucket = "terraform-state";
        key = "oci/trantor.tfstate";
        region = "auto";
        endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com";
        skip_credentials_validation = true;
        skip_metadata_api_check = true;
        skip_region_validation = true;
        skip_requesting_account_id = true;
        use_path_style = true;
      };
    };
  };
  resource = {
    cloudflare_record.root = {
      zone_id = config.variable.zone_id;
      name = "@";
      type = "A";
      content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value";
      proxied = true;
    };
    cloudflare_record.www = {
      zone_id = config.variable.zone_id;
      name = "www";
      type = "A";
      content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value";
      proxied = true;
    };
    cloudflare_record.wildcard = {
      zone_id = config.variable.zone_id;
      name = "*";
      type = "A";
      content = config.data.terraform_remote_state.trantor "outputs.instance_public_ip.value";
      proxied = true;
    };
  };
 }
--- a/terranix/tailscale/tailnet.nix
+++ b/terranix/tailscale/tailnet.nix
@ -0,0 +1,43 @@
 # Required environment variables:
 #   TAILSCALE_API_KEY - Tailscale API key with appropriate permissions
 #   TAILSCALE_TAILNET - Your tailnet name (e.g., "user@example.com" or "example.org.github")
 #   AWS_ACCESS_KEY_ID - Cloudflare R2 access key for state storage
 #   AWS_SECRET_ACCESS_KEY - Cloudflare R2 secret key for state storage
 { config, ... }:
 {
  terraform.required_providers.tailscale = {
    source = "tailscale/tailscale";
    version = "~> 0.17";
  };
  terraform.backend.s3 = {
    bucket = "terraform-state";
    key = "tailscale/tailnet.tfstate";
    region = "auto";
    endpoint = "https://fcdf920bde00c3d013ee541f984da70e.r2.cloudflarestorage.com";
    skip_credentials_validation = true;
    skip_metadata_api_check = true;
    skip_region_validation = true;
    skip_requesting_account_id = true;
    use_path_style = true;
  };
  variable = {
    trantor_tailscale_ip = {
      default = "100.108.5.90";
      type = "string";
    };
  };
  resource = {
    tailscale_dns_nameservers.global = {
      nameservers = [
        config.variable.trantor_tailscale_ip.default
        "1.1.1.1"
        "1.0.0.1"
      ];
    };
  };
 }
--- a/terranixConfigurations.nix
+++ b/terranixConfigurations.nix
@ -14,6 +14,14 @@
          modules = [ ./terranix/oci/trantor.nix ];
          terraformWrapper.package = pkgs.opentofu;
        };
        cloudflare-baduhaidev = {
          modules = [ ./terranix/cloudflare/baduhai.dev.nix ];
          terraformWrapper.package = pkgs.opentofu;
        };
        tailscale-tailnet = {
          modules = [ ./terranix/tailscale/tailnet.nix ];
          terraformWrapper.package = pkgs.opentofu;
        };
      };
    };
 }