diff options
-rw-r--r-- | cmd/dnsupdate/README.org | 7 | ||||
-rw-r--r-- | docs/gcloud.org | 21 |
2 files changed, 28 insertions, 0 deletions
diff --git a/cmd/dnsupdate/README.org b/cmd/dnsupdate/README.org new file mode 100644 index 0000000..a80e407 --- /dev/null +++ b/cmd/dnsupdate/README.org @@ -0,0 +1,7 @@ +#+TITLE: dnsupdate + +Utility to update the managed zone for =fcuny.xyz= in Google Cloud. + +I use the domain =fcuny.xyz= to run a number of services on an IP provided by Tailscale. I don't want these domains to be visible on the web, but I also want to have a valid HTTPS certificate for them. By having a proper DNS I can use ACME to get the certificates, without making them available. + +Instead of updating the subdomains through the [[https://console.cloud.google.com/net-services/dns/zones/fcuny-xyz/details?project=fcuny-homelab][console]], I can now run this program. diff --git a/docs/gcloud.org b/docs/gcloud.org new file mode 100644 index 0000000..95e7531 --- /dev/null +++ b/docs/gcloud.org @@ -0,0 +1,21 @@ +#+TITLE: Gcloud + +* Initial setup +First we need to create a service account, with: +#+begin_src sh +gcloud --project fcuny-homelab iam service-accounts create world-nix +#+end_src + +Next we need to bind the new policy: +#+begin_src sh +gcloud projects add-iam-policy-binding fcuny-homelab --member="serviceAccount:world-nix@fcuny-homelab.iam.gserviceaccount.com" --role="roles/accessapproval.configEditor" +#+end_src + +Note: I had to add DNS administrator in the console, I don't know what I need to add to this command. + +Finally we need the key: +#+begin_src sh +gcloud iam service-accounts keys create world-nix.json --iam-account=world-nix@fcuny-homelab.iam.gserviceaccount.com +#+end_src + +This will create a file name =world-nix.json=. It's best to encrypt it with =age= and move it under the =secrets= directory for a host. |