From 5d06ed1e5e1a551dd87bd14a08e2c78b2c015cb7 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sun, 1 Sep 2024 22:27:24 +0100 Subject: [PATCH 1/7] Add livedns resources --- terraform/jakehoward.tech.tf | 6 ++++++ terraform/theorangeone.net.tf | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/terraform/jakehoward.tech.tf b/terraform/jakehoward.tech.tf index f2196d0..1c52edb 100644 --- a/terraform/jakehoward.tech.tf +++ b/terraform/jakehoward.tech.tf @@ -1,3 +1,9 @@ +resource "gandi_livedns_domain" "jakehowardtech" { + name = "jakehoward.tech" +} + +### + resource "cloudflare_zone" "jakehowardtech" { zone = "jakehoward.tech" } diff --git a/terraform/theorangeone.net.tf b/terraform/theorangeone.net.tf index 427bb41..4defa9a 100644 --- a/terraform/theorangeone.net.tf +++ b/terraform/theorangeone.net.tf @@ -1,3 +1,9 @@ +resource "gandi_livedns_domain" "theorangeonenet" { + name = "theorangeone.net" +} + +### + resource "cloudflare_zone" "theorangeonenet" { zone = "theorangeone.net" } -- 2.45.2 From b125d8422bc22a97c7289a980d9227a2376d25cf Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Thu, 5 Sep 2024 21:23:53 +0100 Subject: [PATCH 2/7] Add Fastmail records for jakehoward.tech --- terraform/jakehoward.tech.tf | 61 ++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/terraform/jakehoward.tech.tf b/terraform/jakehoward.tech.tf index 1c52edb..aad522e 100644 --- a/terraform/jakehoward.tech.tf +++ b/terraform/jakehoward.tech.tf @@ -2,6 +2,67 @@ resource "gandi_livedns_domain" "jakehowardtech" { name = "jakehoward.tech" } +resource "gandi_livedns_record" "jakehowardtech_mx" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "@" + type = "MX" + ttl = 3600 + values = [ + "10 in1-smtp.messagingengine.com", + "20 in2-smtp.messagingengine.com", + ] +} + +resource "gandi_livedns_record" "jakehowardtech_spf" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "@" + type = "TXT" + ttl = 3600 + values = [ + "\"v=spf1 include:spf.messagingengine.com -all\"" + ] +} + +resource "gandi_livedns_record" "jakehowardtech_dkim_fm1" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "fm1._domainkey" + type = "CNAME" + ttl = 3600 + values = [ + "fm1.jakehoward.tech.dkim.fmhosted.com" + ] +} + +resource "gandi_livedns_record" "jakehowardtech_dkim_fm2" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "fm2._domainkey" + type = "CNAME" + ttl = 3600 + values = [ + "fm2.jakehoward.tech.dkim.fmhosted.com" + ] +} + +resource "gandi_livedns_record" "jakehowardtech_dkim_fm3" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "fm3._domainkey" + type = "CNAME" + ttl = 3600 + values = [ + "fm3.jakehoward.tech.dkim.fmhosted.com" + ] +} + +resource "gandi_livedns_record" "jakehowardtech_dmarc" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "_dmarc" + type = "TXT" + ttl = 3600 + values = [ + "\"v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;\"" + ] +} + ### resource "cloudflare_zone" "jakehowardtech" { -- 2.45.2 From 07c53709c994f9174e513b2d072ec92a1e5ee2c8 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sat, 14 Sep 2024 21:24:12 +0100 Subject: [PATCH 3/7] Migrate theorangeone.net to Gandi --- terraform/0rng.one.tf | 2 +- terraform/casey_vps.tf | 4 +- terraform/jakehoward.tech.tf | 46 ++-- terraform/sys_domains.tf | 84 ++++---- terraform/theorangeone.net.tf | 389 ++++++++++++++++++---------------- terraform/walker_vps.tf | 4 +- 6 files changed, 281 insertions(+), 248 deletions(-) diff --git a/terraform/0rng.one.tf b/terraform/0rng.one.tf index 137496f..7a05a16 100644 --- a/terraform/0rng.one.tf +++ b/terraform/0rng.one.tf @@ -8,7 +8,7 @@ resource "gandi_livedns_record" "orngone_apex" { type = "ALIAS" # Gandi doesn't support CNAME-flattening ttl = 3600 values = [ - cloudflare_record.sys_domain_pve.hostname + gandi_livedns_record.sys_domain_pve.href ] } diff --git a/terraform/casey_vps.tf b/terraform/casey_vps.tf index a042b7b..1cb167a 100644 --- a/terraform/casey_vps.tf +++ b/terraform/casey_vps.tf @@ -96,10 +96,10 @@ resource "linode_firewall" "casey" { resource "linode_rdns" "casey_reverse_ipv4" { address = linode_instance.casey.ip_address - rdns = cloudflare_record.sys_domain_casey.hostname + rdns = gandi_livedns_record.sys_domain_casey.href } resource "linode_rdns" "casey_reverse_ipv6" { address = split("/", linode_instance.casey.ipv6)[0] - rdns = cloudflare_record.sys_domain_casey.hostname + rdns = gandi_livedns_record.sys_domain_casey.href } diff --git a/terraform/jakehoward.tech.tf b/terraform/jakehoward.tech.tf index aad522e..2469b30 100644 --- a/terraform/jakehoward.tech.tf +++ b/terraform/jakehoward.tech.tf @@ -130,7 +130,7 @@ resource "cloudflare_record" "jakehowardtech_dmarc" { resource "cloudflare_record" "jakehowardtech_wallabag" { zone_id = cloudflare_zone.jakehowardtech.id name = "wallabag" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } @@ -138,7 +138,7 @@ resource "cloudflare_record" "jakehowardtech_wallabag" { resource "cloudflare_record" "jakehowardtech_ttrss" { zone_id = cloudflare_zone.jakehowardtech.id name = "tt-rss" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } @@ -146,7 +146,7 @@ resource "cloudflare_record" "jakehowardtech_ttrss" { resource "cloudflare_record" "jakehowardtech_speed" { zone_id = cloudflare_zone.jakehowardtech.id name = "speed" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } @@ -154,7 +154,7 @@ resource "cloudflare_record" "jakehowardtech_speed" { resource "cloudflare_record" "jakehowardtech_quassel" { zone_id = cloudflare_zone.jakehowardtech.id name = "quassel" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } @@ -162,7 +162,7 @@ resource "cloudflare_record" "jakehowardtech_quassel" { resource "cloudflare_record" "jakehowardtech_media" { zone_id = cloudflare_zone.jakehowardtech.id name = "media" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } @@ -170,7 +170,7 @@ resource "cloudflare_record" "jakehowardtech_media" { resource "cloudflare_record" "jakehowardtech_matrix" { zone_id = cloudflare_zone.jakehowardtech.id name = "matrix" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } @@ -178,7 +178,7 @@ resource "cloudflare_record" "jakehowardtech_matrix" { resource "cloudflare_record" "jakehowardtech_intersect" { zone_id = cloudflare_zone.jakehowardtech.id name = "intersect" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } @@ -186,7 +186,7 @@ resource "cloudflare_record" "jakehowardtech_intersect" { resource "cloudflare_record" "jakehowardtech_calibre" { zone_id = cloudflare_zone.jakehowardtech.id name = "calibre" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } @@ -194,7 +194,7 @@ resource "cloudflare_record" "jakehowardtech_calibre" { resource "cloudflare_record" "jakehowardtech_homeassistant" { zone_id = cloudflare_zone.jakehowardtech.id name = "homeassistant" - value = cloudflare_record.sys_domain_pve_private.hostname + value = gandi_livedns_record.sys_domain_pve_private.href type = "CNAME" ttl = 1 } @@ -202,7 +202,7 @@ resource "cloudflare_record" "jakehowardtech_homeassistant" { resource "cloudflare_record" "jakehowardtech_grafana" { zone_id = cloudflare_zone.jakehowardtech.id name = "grafana" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } @@ -210,7 +210,7 @@ resource "cloudflare_record" "jakehowardtech_grafana" { resource "cloudflare_record" "jakehowardtech_vaultwarden" { zone_id = cloudflare_zone.jakehowardtech.id name = "vaultwarden" - value = cloudflare_record.sys_domain_pve_private.hostname + value = gandi_livedns_record.sys_domain_pve_private.href type = "CNAME" ttl = 1 } @@ -218,7 +218,7 @@ resource "cloudflare_record" "jakehowardtech_vaultwarden" { resource "cloudflare_record" "jakehowardtech_tandoor" { zone_id = cloudflare_zone.jakehowardtech.id name = "recipes" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } @@ -250,7 +250,7 @@ resource "cloudflare_record" "jakehowardtech_mailgun_dmarc" { resource "cloudflare_record" "jakehowardtech_matrix_admin" { zone_id = cloudflare_zone.jakehowardtech.id name = "synapse-admin" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } @@ -259,7 +259,7 @@ resource "cloudflare_record" "jakehowardtech_matrix_admin" { resource "cloudflare_record" "jakehowardtech_apex" { zone_id = cloudflare_zone.jakehowardtech.id name = "@" - value = cloudflare_record.sys_domain_walker.hostname + value = gandi_livedns_record.sys_domain_walker.href type = "CNAME" ttl = 1 } @@ -267,7 +267,7 @@ resource "cloudflare_record" "jakehowardtech_apex" { resource "cloudflare_record" "jakehowardtech_collabora" { zone_id = cloudflare_zone.jakehowardtech.id name = "collabora" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } @@ -275,7 +275,7 @@ resource "cloudflare_record" "jakehowardtech_collabora" { resource "cloudflare_record" "jakehowardtech_tasks" { zone_id = cloudflare_zone.jakehowardtech.id name = "tasks" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } @@ -283,7 +283,7 @@ resource "cloudflare_record" "jakehowardtech_tasks" { resource "cloudflare_record" "jakehowardtech_auth" { zone_id = cloudflare_zone.jakehowardtech.id name = "auth" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } @@ -291,7 +291,7 @@ resource "cloudflare_record" "jakehowardtech_auth" { resource "cloudflare_record" "jakehowardtech_minio" { zone_id = cloudflare_zone.jakehowardtech.id name = "minio" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } @@ -299,7 +299,7 @@ resource "cloudflare_record" "jakehowardtech_minio" { resource "cloudflare_record" "jakehowardtech_s3" { zone_id = cloudflare_zone.jakehowardtech.id name = "s3" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } @@ -307,7 +307,7 @@ resource "cloudflare_record" "jakehowardtech_s3" { resource "cloudflare_record" "jakehowardtech_ntfy" { zone_id = cloudflare_zone.jakehowardtech.id name = "ntfy" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } @@ -315,7 +315,7 @@ resource "cloudflare_record" "jakehowardtech_ntfy" { resource "cloudflare_record" "jakehowardtech_headscale" { zone_id = cloudflare_zone.jakehowardtech.id name = "headscale" - value = cloudflare_record.sys_domain_casey.hostname + value = gandi_livedns_record.sys_domain_casey.href type = "CNAME" ttl = 1 } @@ -323,7 +323,7 @@ resource "cloudflare_record" "jakehowardtech_headscale" { resource "cloudflare_record" "jakehowardtech_slides" { zone_id = cloudflare_zone.jakehowardtech.id name = "slides" - value = cloudflare_record.sys_domain_walker.hostname + value = gandi_livedns_record.sys_domain_walker.href type = "CNAME" ttl = 1 } @@ -331,7 +331,7 @@ resource "cloudflare_record" "jakehowardtech_slides" { resource "cloudflare_record" "jakehowardtech_uptime" { zone_id = cloudflare_zone.jakehowardtech.id name = "uptime" - value = cloudflare_record.sys_domain_pve.hostname + value = gandi_livedns_record.sys_domain_pve.href type = "CNAME" ttl = 1 } diff --git a/terraform/sys_domains.tf b/terraform/sys_domains.tf index 95570b0..d911cee 100644 --- a/terraform/sys_domains.tf +++ b/terraform/sys_domains.tf @@ -1,47 +1,59 @@ -resource "cloudflare_record" "sys_domain_casey" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "casey.sys" - value = linode_instance.casey.ip_address - type = "A" - ttl = 1 +resource "gandi_livedns_record" "sys_domain_casey" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "casey.sys" + type = "A" + ttl = 3600 + values = [ + linode_instance.casey.ip_address + ] } -resource "cloudflare_record" "sys_domain_walker" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "walker.sys" - value = hcloud_server.walker.ipv4_address - type = "A" - ttl = 1 +resource "gandi_livedns_record" "sys_domain_casey_v6" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "casey.sys" + type = "AAAA" + ttl = 3600 + values = [ + split("/", linode_instance.casey.ipv6)[0] + ] } -resource "cloudflare_record" "sys_domain_casey_v6" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "casey.sys" - value = split("/", linode_instance.casey.ipv6)[0] - type = "AAAA" - ttl = 1 +resource "gandi_livedns_record" "sys_domain_walker" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "walker.sys" + type = "A" + ttl = 3600 + values = [ + hcloud_server.walker.ipv4_address + ] } -resource "cloudflare_record" "sys_domain_walker_v6" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "walker.sys" - value = hcloud_server.walker.ipv6_address - type = "AAAA" - ttl = 1 +resource "gandi_livedns_record" "sys_domain_walker_v6" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "walker.sys" + type = "AAAA" + ttl = 3600 + values = [ + hcloud_server.walker.ipv6_address + ] } -resource "cloudflare_record" "sys_domain_pve" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "pve.sys" - value = linode_instance.casey.ip_address - type = "A" - ttl = 1 +resource "gandi_livedns_record" "sys_domain_pve" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "pve.sys" + type = "A" + ttl = 3600 + values = [ + linode_instance.casey.ip_address + ] } -resource "cloudflare_record" "sys_domain_pve_private" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "pve-private.sys" - value = local.private_ipv6_marker - type = "AAAA" - ttl = 1 +resource "gandi_livedns_record" "sys_domain_pve_private" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "pve-private.sys" + type = "AAAA" + ttl = 3600 + values = [ + local.private_ipv6_marker + ] } diff --git a/terraform/theorangeone.net.tf b/terraform/theorangeone.net.tf index 4defa9a..e7ef478 100644 --- a/terraform/theorangeone.net.tf +++ b/terraform/theorangeone.net.tf @@ -2,240 +2,261 @@ resource "gandi_livedns_domain" "theorangeonenet" { name = "theorangeone.net" } -### - -resource "cloudflare_zone" "theorangeonenet" { - zone = "theorangeone.net" +resource "gandi_livedns_record" "theorangeonenet_git" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "git" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "theorangeonenet_git" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "git" - value = cloudflare_record.sys_domain_pve.hostname - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_whoami" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "whoami" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "theorangeonenet_whoami" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "whoami" - value = cloudflare_record.sys_domain_pve.hostname - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_whoami_cdn" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "whoami-cdn" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "theorangeonenet_whoami_cdn" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "whoami-cdn" - value = cloudflare_record.sys_domain_casey.hostname - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_whoami_private" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "whoami-private" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "theorangeonenet_whoami_private" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "whoami-private" - value = cloudflare_record.sys_domain_pve_private.hostname - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_mx" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "@" + type = "MX" + ttl = 3600 + values = [ + "10 in1-smtp.messagingengine.com", + "20 in2-smtp.messagingengine.com", + ] } -resource "cloudflare_record" "theorangeonenet_mx1" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "@" - value = "in1-smtp.messagingengine.com" - type = "MX" - priority = 10 - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_spf" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "@" + type = "TXT" + ttl = 3600 + values = [ + "\"v=spf1 include:spf.messagingengine.com -all\"" + ] } -resource "cloudflare_record" "theorangeonenet_mx2" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "@" - value = "in2-smtp.messagingengine.com" - type = "MX" - priority = 20 - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_dkim_fm1" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "fm1._domainkey" + type = "CNAME" + ttl = 3600 + values = [ + "fm1.theorangeone.net.dkim.fmhosted.com" + ] } -resource "cloudflare_record" "theorangeonenet_spf" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "@" - value = "v=spf1 include:spf.messagingengine.com -all" - type = "TXT" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_dkim_fm2" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "fm2._domainkey" + type = "CNAME" + ttl = 3600 + values = [ + "fm2.theorangeone.net.dkim.fmhosted.com" + ] } -resource "cloudflare_record" "theorangeonenet_dkim_fm1" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "fm1._domainkey" - value = "fm1.theorangeone.net.dkim.fmhosted.com" - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_dkim_fm3" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "fm3._domainkey" + type = "CNAME" + ttl = 3600 + values = [ + "fm3.theorangeone.net.dkim.fmhosted.com" + ] } -resource "cloudflare_record" "theorangeonenet_dkim_fm2" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "fm2._domainkey" - value = "fm2.theorangeone.net.dkim.fmhosted.com" - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_dmarc" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "_dmarc" + type = "TXT" + ttl = 3600 + values = [ + "\"v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;\"" + ] } -resource "cloudflare_record" "theorangeonenet_dkim_fm3" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "fm3._domainkey" - value = "fm3.theorangeone.net.dkim.fmhosted.com" - type = "CNAME" - ttl = 1 -} - -resource "cloudflare_record" "theorangeonenet_dmarc" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "_dmarc" - value = "v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;" - type = "TXT" - ttl = 1 -} - -resource "cloudflare_record" "theorangeonenet_dmarc_report" { +resource "gandi_livedns_record" "theorangeonenet_dmarc_report" { for_each = toset([ - cloudflare_zone.theorangeonenet.zone, - cloudflare_zone.jakehowardtech.zone, - cloudflare_record.theorangeonenet_mailgun_spf.hostname, + gandi_livedns_domain.theorangeonenet.name, + gandi_livedns_domain.jakehowardtech.name, + gandi_livedns_record.theorangeonenet_mailgun_spf.href, cloudflare_record.jakehowardtech_mailgun_spf.hostname, ]) - zone_id = cloudflare_zone.theorangeonenet.id - name = "${each.value}._report._dmarc" - value = "v=DMARC1" - type = "TXT" - ttl = 1 + zone = gandi_livedns_domain.theorangeonenet.id + name = "${each.value}._report._dmarc" + type = "TXT" + ttl = 3600 + values = [ + "v=DMARC1" + ] } -# Cloudflare supports CNAME flattening - so this is ok -resource "cloudflare_record" "theorangeonenet_apex" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "@" - value = cloudflare_record.sys_domain_walker.hostname - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_apex" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "@" + type = "ALIAS" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_walker.href + ] } -resource "cloudflare_record" "theorangeonenet_srv_matrix" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "_matrix._tcp" - type = "SRV" - ttl = 1 - - data = { - service = "_matrix" - proto = "_tcp" - name = cloudflare_zone.theorangeonenet.zone - priority = 10 - weight = 0 - port = 8448 - target = cloudflare_record.theorangeonenet_matrix.hostname - } +resource "gandi_livedns_record" "theorangeonenet_srv_matrix" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "_matrix._tcp" + type = "SRV" + ttl = 3600 + values = [ + "10 0 8448 ${gandi_livedns_record.theorangeonenet_matrix.href}." + ] } -resource "cloudflare_record" "theorangeonenet_matrix" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "matrix" - value = cloudflare_record.sys_domain_pve.hostname - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_matrix" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "matrix" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "theorangeonenet_plausible" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "plausible" - value = cloudflare_record.sys_domain_walker.hostname - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_plausible" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "plausible" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_walker.href + ] } -resource "cloudflare_record" "theorangeonenet_plausible_bare" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "elbisualp" - value = cloudflare_record.sys_domain_walker.hostname - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_plausible_bare" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "elbisualp" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_walker.href + ] } -resource "cloudflare_record" "theorangeonenet_notes" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "notes" - value = "realorangeone.github.io" - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_notes" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "notes" + type = "CNAME" + ttl = 3600 + values = [ + "realorangeone.github.io" + ] } -resource "cloudflare_record" "theorangeonenet_privatebin" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "bin" - value = cloudflare_record.sys_domain_pve.hostname - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_bin" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "bin" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "theorangeonenet_google_site_verification" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "@" - value = "google-site-verification=IXY4iSBN_vOcM3cp_f-BgVvEI_shz1GzXuY_8dqY61o" - type = "TXT" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_google_site_verification" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "@" + type = "TXT" + ttl = 3600 + values = [ + "google-site-verification=IXY4iSBN_vOcM3cp_f-BgVvEI_shz1GzXuY_8dqY61o" + ] } -resource "cloudflare_record" "theorangeonenet_mailgun_spf" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "mg" - value = "v=spf1 include:mailgun.org -all" - type = "TXT" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_mailgun_spf" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "mg" + type = "TXT" + ttl = 3600 + values = [ + "\"v=spf1 include:mailgun.org -all\"" + ] } -resource "cloudflare_record" "theorangeonenet_mailgun_dkim" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "mta._domainkey.mg" - value = "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Z/MHEzpbWm5EgMkyWb+Xkz44Xrzr4SA5i2u8M2H5yZ1PSb4DpGk3IAX+I05UWax02+WBW3CBb5wU9rH9flgxezBoCf/hiMS1Wjb9hKGIBa2jMCzpF+wa5fyqLkLoAJZF4bc/BJKyi/ET2c7+DAA/2KlWv/nv4MEjcUR4hNGLPEC9+6PhUp8z2PnUQLzPRWHpKc1oLrnROWaX3XxdDekCzwyOw7ygzZdThVevE+0CqXVOt5SUSUCnd2tjVbvblGi6DBiQY5Tl6+xLqkQHCRqks9187+EN4FdJXkjQodkFzzyiBH5cXVGiZLOhal4koEvxGirr596qM97bIXiJWArdQIDAQAB" - type = "TXT" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_mailgun_dkim" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "mta._domainkey.mg" + type = "TXT" + ttl = 3600 + values = [ + "\"k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Z/MHEzpbWm5EgMkyWb+Xkz44Xrzr4SA5i2u8M2H5yZ1PSb4DpGk3IAX+I05UWax02+WBW3CBb5wU9rH9flgxezBoCf/hiMS1Wjb9hKGIBa2jMCzpF+wa5fyqLkLoAJZF4bc/BJKyi/ET2c7+DAA/2KlWv/nv4MEjcUR4hNGLPEC9+6PhUp8z2PnUQLzPRWHpKc1oLrnROWaX3XxdDekCzwyOw7ygzZdThVevE+0CqXVOt5SUSUCnd2tjVbvblGi6DBiQY5Tl6+xLqkQHCRqks9187+EN4FdJXkjQodkFzzyiBH5cXVGiZLOhal4koEvxGirr596qM97bIXiJWArdQIDAQAB\"" + ] } -resource "cloudflare_record" "theorangeonenet_mailgun_dmarc" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "_dmarc.mg" - value = "v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;" - type = "TXT" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_mailgun_dmarc" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "_dmarc.mg" + type = "TXT" + ttl = 3600 + values = [ + "\"v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;\"" + ] } -resource "cloudflare_record" "theorangeonenet_mastodon" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "mastodon" - value = cloudflare_record.sys_domain_pve.hostname - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_mastodon" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "mastodon" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "theorangeonenet_comentario" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "comentario" - value = cloudflare_record.sys_domain_walker.value - type = "A" - ttl = 1 +resource "gandi_livedns_record" "theorangeonenet_comentario" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "comentario" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_walker.href + ] } -resource "cloudflare_record" "theorangeonenet_caa" { - zone_id = cloudflare_zone.theorangeonenet.id - name = "@" - type = "CAA" - ttl = 1 - - data = { - tag = "issue" - flags = 0 - value = "letsencrypt.org" - } +resource "gandi_livedns_record" "theorangeonenet_caa" { + zone = gandi_livedns_domain.theorangeonenet.id + name = "@" + type = "CAA" + ttl = 3600 + values = [ + "0 issue \"letsencrypt.org\"", + "0 wildissue \"letsencrypt.org\"", + ] } diff --git a/terraform/walker_vps.tf b/terraform/walker_vps.tf index 3bf5fd0..14fe07a 100644 --- a/terraform/walker_vps.tf +++ b/terraform/walker_vps.tf @@ -16,11 +16,11 @@ resource "hcloud_server" "walker" { resource "hcloud_rdns" "walker_reverse_ipv4" { server_id = hcloud_server.walker.id ip_address = hcloud_server.walker.ipv4_address - dns_ptr = cloudflare_record.sys_domain_walker.hostname + dns_ptr = gandi_livedns_record.sys_domain_walker.href } resource "hcloud_rdns" "walker_reverse_ipv6" { server_id = hcloud_server.walker.id ip_address = hcloud_server.walker.ipv6_address - dns_ptr = cloudflare_record.sys_domain_walker.hostname + dns_ptr = gandi_livedns_record.sys_domain_walker.href } -- 2.45.2 From f1ba63818b93859dfb56c07d3d8cc0e5bbaad75f Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sat, 14 Sep 2024 22:00:24 +0100 Subject: [PATCH 4/7] Migrate jakehoward.tech to Gandi --- terraform/jakehoward.tech.tf | 449 ++++++++++++++++------------------ terraform/theorangeone.net.tf | 2 +- 2 files changed, 218 insertions(+), 233 deletions(-) diff --git a/terraform/jakehoward.tech.tf b/terraform/jakehoward.tech.tf index 2469b30..122faf3 100644 --- a/terraform/jakehoward.tech.tf +++ b/terraform/jakehoward.tech.tf @@ -63,288 +63,273 @@ resource "gandi_livedns_record" "jakehowardtech_dmarc" { ] } -### - -resource "cloudflare_zone" "jakehowardtech" { - zone = "jakehoward.tech" +resource "gandi_livedns_record" "jakehowardtech_wallabag" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "wallabag" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_mx1" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "@" - value = "in1-smtp.messagingengine.com" - type = "MX" - priority = 10 - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_ttrss" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "tt-rss" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_mx2" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "@" - value = "in2-smtp.messagingengine.com" - type = "MX" - priority = 20 - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_speed" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "speed" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_txt" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "@" - value = "v=spf1 include:spf.messagingengine.com -all" - type = "TXT" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_quassel" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "quassel" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_dkim_fm1" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "fm1._domainkey" - value = "fm1.jakehoward.tech.dkim.fmhosted.com" - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_media" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "media" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_dkim_fm2" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "fm2._domainkey" - value = "fm2.jakehoward.tech.dkim.fmhosted.com" - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_matrix" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "matrix" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_dkim_fm3" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "fm3._domainkey" - value = "fm3.jakehoward.tech.dkim.fmhosted.com" - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_intersect" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "intersect" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_dmarc" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "_dmarc" - value = "v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;" - type = "TXT" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_calibre" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "calibre" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_wallabag" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "wallabag" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_homeassistant" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "homeassistant" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve_private.href + ] } -resource "cloudflare_record" "jakehowardtech_ttrss" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "tt-rss" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_grafana" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "grafana" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_speed" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "speed" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_vaultwarden" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "vaultwarden" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve_private.href + ] } -resource "cloudflare_record" "jakehowardtech_quassel" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "quassel" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_recipes" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "recipes" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_media" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "media" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_mailgun_spf" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "mg" + type = "TXT" + ttl = 3600 + values = [ + "\"v=spf1 include:mailgun.org -all\"" + ] } -resource "cloudflare_record" "jakehowardtech_matrix" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "matrix" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_mailgun_dkim" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "s1._domainkey.mg" + type = "TXT" + ttl = 3600 + values = [ + "\"k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4E4cv86U+sFUjgLys26ZLccTghzGfHiFpitWdFg68lGXG63aoG2/+9bgKVT0ZBG7bjPvj6Kyj4N3TIe4oCJo2saVvtsNK1pvZkOadaBPgjzKeRvBaw48ZatUGKoV7q1NCa0kXAfiJleF7bMvbt8rYDmBljr/BG6TtZYPt6XgoZyh8HHXjv/1L6WT3JBVQ8q5UtqVRVujXNHf57FmJTOJpvs0bKn/6TUaXYZmt5z3jpDhc/HfmkzVV22AwRf9jn7kgKkgaKpkvfSL8gtYNn5oyfS0Y9W9x9ntqb4g72RCbynMppQb1uwxbIuWRVOp0un0koQDm3C8ZzhOOYAwe58BYQIDAQAB\"" + ] } -resource "cloudflare_record" "jakehowardtech_intersect" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "intersect" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_mailgun_dmarc" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "_dmarc.mg" + type = "TXT" + ttl = 3600 + values = [ + "\"v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;\"" + ] } -resource "cloudflare_record" "jakehowardtech_calibre" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "calibre" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_synapse_admin" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "synapse-admin" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_homeassistant" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "homeassistant" - value = gandi_livedns_record.sys_domain_pve_private.href - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_apex" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "@" + type = "ALIAS" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_walker.href + ] } -resource "cloudflare_record" "jakehowardtech_grafana" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "grafana" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_collabora" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "collabora" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_vaultwarden" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "vaultwarden" - value = gandi_livedns_record.sys_domain_pve_private.href - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_tasks" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "tasks" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_tandoor" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "recipes" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_auth" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "auth" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_mailgun_spf" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "mg" - value = "v=spf1 include:mailgun.org -all" - type = "TXT" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_minio" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "minio" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_mailgun_dkim" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "s1._domainkey.mg" - value = "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4E4cv86U+sFUjgLys26ZLccTghzGfHiFpitWdFg68lGXG63aoG2/+9bgKVT0ZBG7bjPvj6Kyj4N3TIe4oCJo2saVvtsNK1pvZkOadaBPgjzKeRvBaw48ZatUGKoV7q1NCa0kXAfiJleF7bMvbt8rYDmBljr/BG6TtZYPt6XgoZyh8HHXjv/1L6WT3JBVQ8q5UtqVRVujXNHf57FmJTOJpvs0bKn/6TUaXYZmt5z3jpDhc/HfmkzVV22AwRf9jn7kgKkgaKpkvfSL8gtYNn5oyfS0Y9W9x9ntqb4g72RCbynMppQb1uwxbIuWRVOp0un0koQDm3C8ZzhOOYAwe58BYQIDAQAB" - type = "TXT" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_s3" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "s3" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_mailgun_dmarc" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "_dmarc.mg" - value = "v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;" - type = "TXT" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_ntfy" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "ntfy" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_matrix_admin" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "synapse-admin" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_headscale" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "headscale" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_casey.href + ] } -# Cloudflare supports CNAME flattening - so this is ok -resource "cloudflare_record" "jakehowardtech_apex" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "@" - value = gandi_livedns_record.sys_domain_walker.href - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_slides" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "slides" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_walker.href + ] } -resource "cloudflare_record" "jakehowardtech_collabora" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "collabora" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 +resource "gandi_livedns_record" "jakehowardtech_uptime" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "uptime" + type = "CNAME" + ttl = 3600 + values = [ + gandi_livedns_record.sys_domain_pve.href + ] } -resource "cloudflare_record" "jakehowardtech_tasks" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "tasks" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 -} - -resource "cloudflare_record" "jakehowardtech_auth" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "auth" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 -} - -resource "cloudflare_record" "jakehowardtech_minio" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "minio" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 -} - -resource "cloudflare_record" "jakehowardtech_s3" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "s3" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 -} - -resource "cloudflare_record" "jakehowardtech_ntfy" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "ntfy" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 -} - -resource "cloudflare_record" "jakehowardtech_headscale" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "headscale" - value = gandi_livedns_record.sys_domain_casey.href - type = "CNAME" - ttl = 1 -} - -resource "cloudflare_record" "jakehowardtech_slides" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "slides" - value = gandi_livedns_record.sys_domain_walker.href - type = "CNAME" - ttl = 1 -} - -resource "cloudflare_record" "jakehowardtech_uptime" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "uptime" - value = gandi_livedns_record.sys_domain_pve.href - type = "CNAME" - ttl = 1 -} - -resource "cloudflare_record" "jakehowardtech_caa" { - zone_id = cloudflare_zone.jakehowardtech.id - name = "@" - type = "CAA" - ttl = 1 - - data = { - tag = "issue" - flags = 0 - value = "letsencrypt.org" - } +resource "gandi_livedns_record" "jakehowardtech_caa" { + zone = gandi_livedns_domain.jakehowardtech.id + name = "@" + type = "CAA" + ttl = 3600 + values = [ + "0 issue \"letsencrypt.org\"", + "0 wildissue \"letsencrypt.org\"", + ] } diff --git a/terraform/theorangeone.net.tf b/terraform/theorangeone.net.tf index e7ef478..5d12c80 100644 --- a/terraform/theorangeone.net.tf +++ b/terraform/theorangeone.net.tf @@ -108,7 +108,7 @@ resource "gandi_livedns_record" "theorangeonenet_dmarc_report" { gandi_livedns_domain.theorangeonenet.name, gandi_livedns_domain.jakehowardtech.name, gandi_livedns_record.theorangeonenet_mailgun_spf.href, - cloudflare_record.jakehowardtech_mailgun_spf.hostname, + gandi_livedns_record.jakehowardtech_mailgun_spf.href, ]) zone = gandi_livedns_domain.theorangeonenet.id -- 2.45.2 From acfd2af7eb4b5276f5a561c8c00b69f298518006 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sat, 14 Sep 2024 22:06:42 +0100 Subject: [PATCH 5/7] Use Gandi as cert provider for traefik --- .../roles/traefik/files/docker-compose.yml | 1 - ansible/roles/traefik/files/traefik.yml | 15 ++----------- ansible/roles/traefik/vars/vault.yml | 22 ++++++++----------- ansible/roles/yourls/files/docker-compose.yml | 1 - 4 files changed, 11 insertions(+), 28 deletions(-) diff --git a/ansible/roles/traefik/files/docker-compose.yml b/ansible/roles/traefik/files/docker-compose.yml index 3f8f15f..9504097 100644 --- a/ansible/roles/traefik/files/docker-compose.yml +++ b/ansible/roles/traefik/files/docker-compose.yml @@ -3,7 +3,6 @@ services: image: traefik:v2.11 user: "{{ docker_user.id }}" environment: - - CF_DNS_API_TOKEN={{ vault_cloudflare_api_token }} - GANDIV5_API_KEY={{ vault_gandi_api_key }} volumes: - ./traefik:/etc/traefik diff --git a/ansible/roles/traefik/files/traefik.yml b/ansible/roles/traefik/files/traefik.yml index 3697b4b..d64de87 100644 --- a/ansible/roles/traefik/files/traefik.yml +++ b/ansible/roles/traefik/files/traefik.yml @@ -50,17 +50,6 @@ api: certificatesResolvers: le: - acme: - email: "{{ vault_letsencrypt_email }}" - storage: /etc/traefik/acme.json - dnsChallenge: - provider: cloudflare - delayBeforeCheck: 0 - resolvers: - - 1.1.1.1:53 - - 1.0.0.1:53 - - gandi: acme: email: "{{ vault_letsencrypt_email }}" storage: /etc/traefik/acme.json @@ -68,8 +57,8 @@ certificatesResolvers: provider: gandiv5 delayBeforeCheck: 0 resolvers: - - 1.1.1.1:53 - - 1.0.0.1:53 + - 9.9.9.9:53 + - 149.112.112.112:53 serversTransport: insecureSkipVerify: true diff --git a/ansible/roles/traefik/vars/vault.yml b/ansible/roles/traefik/vars/vault.yml index 11e8196..f9f891e 100644 --- a/ansible/roles/traefik/vars/vault.yml +++ b/ansible/roles/traefik/vars/vault.yml @@ -1,14 +1,10 @@ $ANSIBLE_VAULT;1.1;AES256 -63373634636339343234383662613339643138346430336463613834363661376334303131656565 -6439633136396264356263663961383565636138333135660a366239313136663331386139386566 -61653432613237656635316336313064396433393939306330353739343439336165653866343030 -6432366565396639640a636662356238636130326237613632643738643639313664393639323561 -39633939353663386566396534366166646631353461643062373363393566306538653730306362 -36306532343933643830643564313166366530363139623564633061623238303866633037383032 -31313765393134326561626264323336356539376263333765366162613363313138633932396136 -35663737366132613133376431643333663466363737386664663036623839616333653231366536 -38356566653933316462333462616362623535643866636332356563326136356563616632323034 -39303437363535636433353961353964313733333164396538643563343338633432343232346235 -39626331376163356466313435616362613334346132666461633566393662363039393363613366 -63613333643039626161653962353636366364353730383534336662336138643231333864633536 -3232 +36313832623761323139326337643566656138333936643938396363643338333962663735346335 +6332323166363035353965633238656461363234353732660a613130623164393866663265333363 +38336461396561313737326336643165633536373938633737356232613663386236346532643131 +3564663236306131660a653331396564613730626235333033376662633135343439343263323064 +38666665393063663436313932663233633038656661356664313935623130323732313164613632 +38383630373436356466366132326139326534316337326130653231373639343066656261343730 +62643734396261383035643934373964373836623032333963633830663538653733316334376462 +37646431323838626465303436643762636263396639646365303137663161613734323232383234 +37383762396438313262613233326163616463373365336566346336316334313439 diff --git a/ansible/roles/yourls/files/docker-compose.yml b/ansible/roles/yourls/files/docker-compose.yml index 8b1c23d..486e694 100644 --- a/ansible/roles/yourls/files/docker-compose.yml +++ b/ansible/roles/yourls/files/docker-compose.yml @@ -16,7 +16,6 @@ services: labels: - traefik.enable=true - traefik.http.routers.yourls.rule=Host(`0rng.one`) - - traefik.http.routers.yourls.tls.certresolver=gandi networks: - default - traefik -- 2.45.2 From d554dabdc55cf4fbc2a1103ae7572f92d1b922d9 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sun, 15 Sep 2024 14:21:20 +0100 Subject: [PATCH 6/7] Use personal access token for traefik --- .../roles/traefik/files/docker-compose.yml | 2 +- ansible/roles/traefik/vars/vault.yml | 19 ++++++++++--------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/ansible/roles/traefik/files/docker-compose.yml b/ansible/roles/traefik/files/docker-compose.yml index 9504097..ad10c4e 100644 --- a/ansible/roles/traefik/files/docker-compose.yml +++ b/ansible/roles/traefik/files/docker-compose.yml @@ -3,7 +3,7 @@ services: image: traefik:v2.11 user: "{{ docker_user.id }}" environment: - - GANDIV5_API_KEY={{ vault_gandi_api_key }} + - GANDIV5_PERSONAL_ACCESS_TOKEN={{ vault_gandi_personal_access_token }} volumes: - ./traefik:/etc/traefik restart: unless-stopped diff --git a/ansible/roles/traefik/vars/vault.yml b/ansible/roles/traefik/vars/vault.yml index f9f891e..8e641ff 100644 --- a/ansible/roles/traefik/vars/vault.yml +++ b/ansible/roles/traefik/vars/vault.yml @@ -1,10 +1,11 @@ $ANSIBLE_VAULT;1.1;AES256 -36313832623761323139326337643566656138333936643938396363643338333962663735346335 -6332323166363035353965633238656461363234353732660a613130623164393866663265333363 -38336461396561313737326336643165633536373938633737356232613663386236346532643131 -3564663236306131660a653331396564613730626235333033376662633135343439343263323064 -38666665393063663436313932663233633038656661356664313935623130323732313164613632 -38383630373436356466366132326139326534316337326130653231373639343066656261343730 -62643734396261383035643934373964373836623032333963633830663538653733316334376462 -37646431323838626465303436643762636263396639646365303137663161613734323232383234 -37383762396438313262613233326163616463373365336566346336316334313439 +30393461663462666434333462386264383831333936633961636237616338303335393861626336 +3566306338633735613431393736653061636536353335620a366335623630643137343863636161 +37383436323439393965623436393465626362633134346239356463633936396236666164333762 +3565623930353964620a303965626164396536646336313438346464663236633465353036303935 +30373230393432643330663434313637396234306563336137653861333839623530636465653532 +37363239663939303834633332656365363437356236633933313339656563343130383262626539 +61363762663630366430326635386163613936653938303366636363363334643035396233646430 +32636431616335326264343931343064646363393736303263633038623562623965393763636562 +35316264636264366161326463343730613232663539306532303838656338343535376439343834 +3234663334333866376233336538343264623930653662303835 -- 2.45.2 From 43ad69e1188404982544292aadc416e587055742 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sun, 22 Sep 2024 15:27:05 +0100 Subject: [PATCH 7/7] Ensure CNAME values are absolute --- terraform/jakehoward.tech.tf | 56 +++++++++++++++++------------------ terraform/theorangeone.net.tf | 34 ++++++++++----------- 2 files changed, 45 insertions(+), 45 deletions(-) diff --git a/terraform/jakehoward.tech.tf b/terraform/jakehoward.tech.tf index 122faf3..1f159c3 100644 --- a/terraform/jakehoward.tech.tf +++ b/terraform/jakehoward.tech.tf @@ -8,8 +8,8 @@ resource "gandi_livedns_record" "jakehowardtech_mx" { type = "MX" ttl = 3600 values = [ - "10 in1-smtp.messagingengine.com", - "20 in2-smtp.messagingengine.com", + "10 in1-smtp.messagingengine.com.", + "20 in2-smtp.messagingengine.com.", ] } @@ -29,7 +29,7 @@ resource "gandi_livedns_record" "jakehowardtech_dkim_fm1" { type = "CNAME" ttl = 3600 values = [ - "fm1.jakehoward.tech.dkim.fmhosted.com" + "fm1.jakehoward.tech.dkim.fmhosted.com." ] } @@ -39,7 +39,7 @@ resource "gandi_livedns_record" "jakehowardtech_dkim_fm2" { type = "CNAME" ttl = 3600 values = [ - "fm2.jakehoward.tech.dkim.fmhosted.com" + "fm2.jakehoward.tech.dkim.fmhosted.com." ] } @@ -49,7 +49,7 @@ resource "gandi_livedns_record" "jakehowardtech_dkim_fm3" { type = "CNAME" ttl = 3600 values = [ - "fm3.jakehoward.tech.dkim.fmhosted.com" + "fm3.jakehoward.tech.dkim.fmhosted.com." ] } @@ -69,7 +69,7 @@ resource "gandi_livedns_record" "jakehowardtech_wallabag" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -79,7 +79,7 @@ resource "gandi_livedns_record" "jakehowardtech_ttrss" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -89,7 +89,7 @@ resource "gandi_livedns_record" "jakehowardtech_speed" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -99,7 +99,7 @@ resource "gandi_livedns_record" "jakehowardtech_quassel" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -109,7 +109,7 @@ resource "gandi_livedns_record" "jakehowardtech_media" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -119,7 +119,7 @@ resource "gandi_livedns_record" "jakehowardtech_matrix" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -129,7 +129,7 @@ resource "gandi_livedns_record" "jakehowardtech_intersect" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -139,7 +139,7 @@ resource "gandi_livedns_record" "jakehowardtech_calibre" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -149,7 +149,7 @@ resource "gandi_livedns_record" "jakehowardtech_homeassistant" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve_private.href + "${gandi_livedns_record.sys_domain_pve_private.href}." ] } @@ -159,7 +159,7 @@ resource "gandi_livedns_record" "jakehowardtech_grafana" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -169,7 +169,7 @@ resource "gandi_livedns_record" "jakehowardtech_vaultwarden" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve_private.href + "${gandi_livedns_record.sys_domain_pve_private.href}." ] } @@ -179,7 +179,7 @@ resource "gandi_livedns_record" "jakehowardtech_recipes" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -219,7 +219,7 @@ resource "gandi_livedns_record" "jakehowardtech_synapse_admin" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -229,7 +229,7 @@ resource "gandi_livedns_record" "jakehowardtech_apex" { type = "ALIAS" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_walker.href + "${gandi_livedns_record.sys_domain_walker.href}." ] } @@ -239,7 +239,7 @@ resource "gandi_livedns_record" "jakehowardtech_collabora" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -249,7 +249,7 @@ resource "gandi_livedns_record" "jakehowardtech_tasks" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -259,7 +259,7 @@ resource "gandi_livedns_record" "jakehowardtech_auth" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -269,7 +269,7 @@ resource "gandi_livedns_record" "jakehowardtech_minio" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -279,7 +279,7 @@ resource "gandi_livedns_record" "jakehowardtech_s3" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -289,7 +289,7 @@ resource "gandi_livedns_record" "jakehowardtech_ntfy" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -299,7 +299,7 @@ resource "gandi_livedns_record" "jakehowardtech_headscale" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_casey.href + "${gandi_livedns_record.sys_domain_casey.href}." ] } @@ -309,7 +309,7 @@ resource "gandi_livedns_record" "jakehowardtech_slides" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_walker.href + "${gandi_livedns_record.sys_domain_walker.href}." ] } @@ -319,7 +319,7 @@ resource "gandi_livedns_record" "jakehowardtech_uptime" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } diff --git a/terraform/theorangeone.net.tf b/terraform/theorangeone.net.tf index 5d12c80..e6190b8 100644 --- a/terraform/theorangeone.net.tf +++ b/terraform/theorangeone.net.tf @@ -8,7 +8,7 @@ resource "gandi_livedns_record" "theorangeonenet_git" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -18,7 +18,7 @@ resource "gandi_livedns_record" "theorangeonenet_whoami" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -28,7 +28,7 @@ resource "gandi_livedns_record" "theorangeonenet_whoami_cdn" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -38,7 +38,7 @@ resource "gandi_livedns_record" "theorangeonenet_whoami_private" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -48,8 +48,8 @@ resource "gandi_livedns_record" "theorangeonenet_mx" { type = "MX" ttl = 3600 values = [ - "10 in1-smtp.messagingengine.com", - "20 in2-smtp.messagingengine.com", + "10 in1-smtp.messagingengine.com.", + "20 in2-smtp.messagingengine.com.", ] } @@ -69,7 +69,7 @@ resource "gandi_livedns_record" "theorangeonenet_dkim_fm1" { type = "CNAME" ttl = 3600 values = [ - "fm1.theorangeone.net.dkim.fmhosted.com" + "fm1.theorangeone.net.dkim.fmhosted.com." ] } @@ -79,7 +79,7 @@ resource "gandi_livedns_record" "theorangeonenet_dkim_fm2" { type = "CNAME" ttl = 3600 values = [ - "fm2.theorangeone.net.dkim.fmhosted.com" + "fm2.theorangeone.net.dkim.fmhosted.com." ] } @@ -89,7 +89,7 @@ resource "gandi_livedns_record" "theorangeonenet_dkim_fm3" { type = "CNAME" ttl = 3600 values = [ - "fm3.theorangeone.net.dkim.fmhosted.com" + "fm3.theorangeone.net.dkim.fmhosted.com." ] } @@ -126,7 +126,7 @@ resource "gandi_livedns_record" "theorangeonenet_apex" { type = "ALIAS" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_walker.href + "${gandi_livedns_record.sys_domain_walker.href}." ] } @@ -146,7 +146,7 @@ resource "gandi_livedns_record" "theorangeonenet_matrix" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -156,7 +156,7 @@ resource "gandi_livedns_record" "theorangeonenet_plausible" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_walker.href + "${gandi_livedns_record.sys_domain_walker.href}." ] } @@ -166,7 +166,7 @@ resource "gandi_livedns_record" "theorangeonenet_plausible_bare" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_walker.href + "${gandi_livedns_record.sys_domain_walker.href}." ] } @@ -176,7 +176,7 @@ resource "gandi_livedns_record" "theorangeonenet_notes" { type = "CNAME" ttl = 3600 values = [ - "realorangeone.github.io" + "realorangeone.github.io." ] } @@ -186,7 +186,7 @@ resource "gandi_livedns_record" "theorangeonenet_bin" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -236,7 +236,7 @@ resource "gandi_livedns_record" "theorangeonenet_mastodon" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_pve.href + "${gandi_livedns_record.sys_domain_pve.href}." ] } @@ -246,7 +246,7 @@ resource "gandi_livedns_record" "theorangeonenet_comentario" { type = "CNAME" ttl = 3600 values = [ - gandi_livedns_record.sys_domain_walker.href + "${gandi_livedns_record.sys_domain_walker.href}." ] } -- 2.45.2