From 0d02812bd1a10051c39ceea834fae0b83c54e934 Mon Sep 17 00:00:00 2001
From: Erik Stambaugh <erik@erikstambaugh.com>
Date: Sat, 20 Jan 2024 12:58:49 -0800
Subject: [PATCH] Add namecheap terraform provider

---
 .gitignore                           |  1 +
 config.mk.in                         | 13 +++++++++++++
 terraform/Makefile                   | 18 +++++++++++++++++-
 terraform/namecheap/dns_namecheap.tf | 26 ++++++++++++++++++++++++++
 4 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 terraform/namecheap/dns_namecheap.tf

diff --git a/.gitignore b/.gitignore
index 5f15658..0833856 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,3 +14,4 @@ pubkey
 .s3_id
 .s3_secret
 ansible/credentials
+terraform/dns_*.tf
diff --git a/config.mk.in b/config.mk.in
index 40227ea..2d6cb21 100644
--- a/config.mk.in
+++ b/config.mk.in
@@ -39,3 +39,16 @@ MASTODON_SIDEKIQ_COUNT = 2
 # How many threads in each sidekiq container?
 MASTODON_SIDEKIQ_THREADS = 100
 
+
+# Are we autoconfiguring Namecheap DNS via Terraform?  Leave at zero for "no"
+DNS_NAMECHEAP = 0
+
+# https://registry.terraform.io/providers/namecheap/namecheap/latest/docs
+# https://www.namecheap.com/support/knowledgebase/article.aspx/10502/2208/namecheap-terraform-provider/
+
+# This is the username you use to log into Namecheap
+DNS_NAMECHEAP_API_USERNAME =
+
+# This is an API key you create according to https://www.namecheap.com/support/knowledgebase/article.aspx/10502/2208/namecheap-terraform-provider/
+DNS_NAMECHEAP_API_KEY =
+
diff --git a/terraform/Makefile b/terraform/Makefile
index 1ae760d..b4ca062 100644
--- a/terraform/Makefile
+++ b/terraform/Makefile
@@ -4,7 +4,7 @@ include ../config.mk
 default: terraform
 
 # I hate sed too and I am so sorry for what I'm about to do
-terraform: terraform-check *.tf
+terraform: terraform-check *.tf terraform-options
 	terraform init || terraform init -upgrade
 	terraform apply
 	terraform output | sed \
@@ -69,6 +69,22 @@ pubkey:
 		ssh-keygen -t rsa -N "" -f privkey && mv privkey.pub pubkey; \
 	fi
 
+# optional components for terraform
+terraform-options: config.tf tf-namecheap
+
+tf-namecheap:
+	if test "$(DNS_NAMECHEAP)" -eq 1; then \
+		for FILE in namecheap/*; do \
+			sed $(SEDLINE) $${FILE} > $$(basename "$${FILE}"); \
+		done; \
+	else \
+		for FILE in namecheap/*; do \
+			echo rm -fv $$(basename "$${FILE}"); \
+		done; \
+	fi
+
+
+
 # clean doesn't touch tfstate because we're not insane
 clean:
 	rm -f privkey pubkey
diff --git a/terraform/namecheap/dns_namecheap.tf b/terraform/namecheap/dns_namecheap.tf
new file mode 100644
index 0000000..c5821b3
--- /dev/null
+++ b/terraform/namecheap/dns_namecheap.tf
@@ -0,0 +1,26 @@
+
+# configure a namecheap managed domain to use AWS Route53 nameservers
+
+terraform {
+  required_providers {
+    namecheap = {
+      source  = "namecheap/namecheap"
+      version = ">= 2.0.0"
+    }
+  }
+}
+
+provider "namecheap" {
+  user_name   = "{{DNS_NAMECHEAP_API_USERNAME}}"
+  api_user    = "{{DNS_NAMECHEAP_API_USERNAME}}"
+  api_key     = "{{DNS_NAMECHEAP_API_KEY}}"
+  use_sandbox = false
+}
+
+resource "namecheap_domain_records" "mastodon" {
+  domain = "{{DOMAIN_NAME}}"
+  mode   = "OVERWRITE"
+
+  nameservers = module.zone.route53_zone_name_servers["{{DOMAIN_NAME}}"]
+}
+