[tahoe-lafs-trac-stream] [Tahoe-LAFS] #4162: Infrastructure as Code to manage DNS configurations

Thu May 1 20:24:39 UTC 2025

#4162: Infrastructure as Code to manage DNS configurations
------------------------------------+-----------------------
     Reporter:  btlogy              |      Owner:
         Type:  enhancement         |     Status:  new
     Priority:  normal              |  Milestone:  undecided
    Component:  dev-infrastructure  |    Version:  n/a
   Resolution:                      |   Keywords:  IaC
Launchpad Bug:                      |
------------------------------------+-----------------------

Comment (by btlogy):

 > Can we not use HTTP-01 challenge for certificates? This does not require
 DNS changes...

 Yes we can and that's the default approach indeed, but HTTP-01 challenges
 does rely on having the DNS records changed so Let's Encrypt can reach the
 server which needs a certificate.

 Alternatively, we may try DNS-01 challenge to get a valid certificate for
 https://tahoe-lafs.org/ w/o changing the related CNAME yet. But either
 way, both require some DNS records to be changed.

 > Adding self-hosting of email (and DNS?) seems like it goes the wrong way
 here

 As far as I remember, the outgoing email traffic from Trac is already
 self-hosted on the Linode server and a similar service will be required
 for the replacement of Trac (e.g.: email validation).
 And to make this work better than it actually is (see other tickets in the
 description), more DNS records will be required (e.g. DKIM).

 > much of the "problem" being solved is that maintenance of self-hosted
 systems hasn't gone well for Tahoe-LAFS. Self-hosted CI rotted a while ago
 (i.e. nobody updated BuildBot?, or its runners)...

 Then, let's try to make it easier for the nobodies who are willing to help
 here by managing the infrastructure as code.

 > getting rid of self-hosted wiki+issues is much of the current "ask"
 here.

 The ask here is to manage DNS configurations from code and I've prepared a
 PR to make a step in that direction:

 - [https://github.com/tahoe-lafs/infrastructure/pull/49 Manage tahoe-
 lafs.org zone and records with OpenTofu tahoe-lafs/infrastructure#49]

 Hopefully this would help to replace the self-hosted wiki+issues with a
 solution that should be easier to manage, starting with the related DNS
 records.

--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/4162#comment:18>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage