2 changed files with 218 additions and 233 deletions
--- a/terraform/jakehoward.tech.tf
+++ b/terraform/jakehoward.tech.tf
@ -63,288 +63,273 @@ resource "gandi_livedns_record" "jakehowardtech_dmarc" {
  ]
 }
-###
+resource "gandi_livedns_record" "jakehowardtech_wallabag" {
-
+  zone = gandi_livedns_domain.jakehowardtech.id
-resource "cloudflare_zone" "jakehowardtech" {
+  name = "wallabag"
-  zone = "jakehoward.tech"
+  type = "CNAME"
  ttl  = 3600
  values = [
    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_mx1" {
+resource "gandi_livedns_record" "jakehowardtech_ttrss" {
-  zone_id  = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name     = "@"
+  name = "tt-rss"
-  value    = "in1-smtp.messagingengine.com"
+  type = "CNAME"
-  type     = "MX"
+  ttl  = 3600
-  priority = 10
+  values = [
-  ttl      = 1
+    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_mx2" {
+resource "gandi_livedns_record" "jakehowardtech_speed" {
-  zone_id  = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name     = "@"
+  name = "speed"
-  value    = "in2-smtp.messagingengine.com"
+  type = "CNAME"
-  type     = "MX"
+  ttl  = 3600
-  priority = 20
+  values = [
-  ttl      = 1
+    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_txt" {
+resource "gandi_livedns_record" "jakehowardtech_quassel" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "@"
+  name = "quassel"
-  value   = "v=spf1 include:spf.messagingengine.com -all"
+  type = "CNAME"
-  type    = "TXT"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_dkim_fm1" {
+resource "gandi_livedns_record" "jakehowardtech_media" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "fm1._domainkey"
+  name = "media"
-  value   = "fm1.jakehoward.tech.dkim.fmhosted.com"
+  type = "CNAME"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_dkim_fm2" {
+resource "gandi_livedns_record" "jakehowardtech_matrix" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "fm2._domainkey"
+  name = "matrix"
-  value   = "fm2.jakehoward.tech.dkim.fmhosted.com"
+  type = "CNAME"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_dkim_fm3" {
+resource "gandi_livedns_record" "jakehowardtech_intersect" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "fm3._domainkey"
+  name = "intersect"
-  value   = "fm3.jakehoward.tech.dkim.fmhosted.com"
+  type = "CNAME"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_dmarc" {
+resource "gandi_livedns_record" "jakehowardtech_calibre" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "_dmarc"
+  name = "calibre"
-  value   = "v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;"
+  type = "CNAME"
-  type    = "TXT"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_wallabag" {
+resource "gandi_livedns_record" "jakehowardtech_homeassistant" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "wallabag"
+  name = "homeassistant"
-  value   = gandi_livedns_record.sys_domain_pve.href
+  type = "CNAME"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_pve_private.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_ttrss" {
+resource "gandi_livedns_record" "jakehowardtech_grafana" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "tt-rss"
+  name = "grafana"
-  value   = gandi_livedns_record.sys_domain_pve.href
+  type = "CNAME"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_speed" {
+resource "gandi_livedns_record" "jakehowardtech_vaultwarden" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "speed"
+  name = "vaultwarden"
-  value   = gandi_livedns_record.sys_domain_pve.href
+  type = "CNAME"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_pve_private.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_quassel" {
+resource "gandi_livedns_record" "jakehowardtech_recipes" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "quassel"
+  name = "recipes"
-  value   = gandi_livedns_record.sys_domain_pve.href
+  type = "CNAME"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_media" {
+resource "gandi_livedns_record" "jakehowardtech_mailgun_spf" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "media"
+  name = "mg"
-  value   = gandi_livedns_record.sys_domain_pve.href
+  type = "TXT"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    "\"v=spf1 include:mailgun.org -all\""
  ]
 }
-resource "cloudflare_record" "jakehowardtech_matrix" {
+resource "gandi_livedns_record" "jakehowardtech_mailgun_dkim" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "matrix"
+  name = "s1._domainkey.mg"
-  value   = gandi_livedns_record.sys_domain_pve.href
+  type = "TXT"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    "\"k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4E4cv86U+sFUjgLys26ZLccTghzGfHiFpitWdFg68lGXG63aoG2/+9bgKVT0ZBG7bjPvj6Kyj4N3TIe4oCJo2saVvtsNK1pvZkOadaBPgjzKeRvBaw48ZatUGKoV7q1NCa0kXAfiJleF7bMvbt8rYDmBljr/BG6TtZYPt6XgoZyh8HHXjv/1L6WT3JBVQ8q5UtqVRVujXNHf57FmJTOJpvs0bKn/6TUaXYZmt5z3jpDhc/HfmkzVV22AwRf9jn7kgKkgaKpkvfSL8gtYNn5oyfS0Y9W9x9ntqb4g72RCbynMppQb1uwxbIuWRVOp0un0koQDm3C8ZzhOOYAwe58BYQIDAQAB\""
  ]
 }
-resource "cloudflare_record" "jakehowardtech_intersect" {
+resource "gandi_livedns_record" "jakehowardtech_mailgun_dmarc" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "intersect"
+  name = "_dmarc.mg"
-  value   = gandi_livedns_record.sys_domain_pve.href
+  type = "TXT"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    "\"v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;\""
  ]
 }
-resource "cloudflare_record" "jakehowardtech_calibre" {
+resource "gandi_livedns_record" "jakehowardtech_synapse_admin" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "calibre"
+  name = "synapse-admin"
-  value   = gandi_livedns_record.sys_domain_pve.href
+  type = "CNAME"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_homeassistant" {
+resource "gandi_livedns_record" "jakehowardtech_apex" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "homeassistant"
+  name = "@"
-  value   = gandi_livedns_record.sys_domain_pve_private.href
+  type = "ALIAS"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_walker.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_grafana" {
+resource "gandi_livedns_record" "jakehowardtech_collabora" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "grafana"
+  name = "collabora"
-  value   = gandi_livedns_record.sys_domain_pve.href
+  type = "CNAME"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_vaultwarden" {
+resource "gandi_livedns_record" "jakehowardtech_tasks" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "vaultwarden"
+  name = "tasks"
-  value   = gandi_livedns_record.sys_domain_pve_private.href
+  type = "CNAME"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_tandoor" {
+resource "gandi_livedns_record" "jakehowardtech_auth" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "recipes"
+  name = "auth"
-  value   = gandi_livedns_record.sys_domain_pve.href
+  type = "CNAME"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_mailgun_spf" {
+resource "gandi_livedns_record" "jakehowardtech_minio" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "mg"
+  name = "minio"
-  value   = "v=spf1 include:mailgun.org -all"
+  type = "CNAME"
-  type    = "TXT"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_mailgun_dkim" {
+resource "gandi_livedns_record" "jakehowardtech_s3" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "s1._domainkey.mg"
+  name = "s3"
-  value   = "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4E4cv86U+sFUjgLys26ZLccTghzGfHiFpitWdFg68lGXG63aoG2/+9bgKVT0ZBG7bjPvj6Kyj4N3TIe4oCJo2saVvtsNK1pvZkOadaBPgjzKeRvBaw48ZatUGKoV7q1NCa0kXAfiJleF7bMvbt8rYDmBljr/BG6TtZYPt6XgoZyh8HHXjv/1L6WT3JBVQ8q5UtqVRVujXNHf57FmJTOJpvs0bKn/6TUaXYZmt5z3jpDhc/HfmkzVV22AwRf9jn7kgKkgaKpkvfSL8gtYNn5oyfS0Y9W9x9ntqb4g72RCbynMppQb1uwxbIuWRVOp0un0koQDm3C8ZzhOOYAwe58BYQIDAQAB"
+  type = "CNAME"
-  type    = "TXT"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_mailgun_dmarc" {
+resource "gandi_livedns_record" "jakehowardtech_ntfy" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "_dmarc.mg"
+  name = "ntfy"
-  value   = "v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;"
+  type = "CNAME"
-  type    = "TXT"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_matrix_admin" {
+resource "gandi_livedns_record" "jakehowardtech_headscale" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "synapse-admin"
+  name = "headscale"
-  value   = gandi_livedns_record.sys_domain_pve.href
+  type = "CNAME"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_casey.href
  ]
 }
-# Cloudflare supports CNAME flattening - so this is ok
+resource "gandi_livedns_record" "jakehowardtech_slides" {
-resource "cloudflare_record" "jakehowardtech_apex" {
+  zone = gandi_livedns_domain.jakehowardtech.id
-  zone_id = cloudflare_zone.jakehowardtech.id
+  name = "slides"
-  name    = "@"
+  type = "CNAME"
-  value   = gandi_livedns_record.sys_domain_walker.href
+  ttl  = 3600
-  type    = "CNAME"
+  values = [
-  ttl     = 1
+    gandi_livedns_record.sys_domain_walker.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_collabora" {
+resource "gandi_livedns_record" "jakehowardtech_uptime" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "collabora"
+  name = "uptime"
-  value   = gandi_livedns_record.sys_domain_pve.href
+  type = "CNAME"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
    gandi_livedns_record.sys_domain_pve.href
  ]
 }
-resource "cloudflare_record" "jakehowardtech_tasks" {
+resource "gandi_livedns_record" "jakehowardtech_caa" {
-  zone_id = cloudflare_zone.jakehowardtech.id
+  zone = gandi_livedns_domain.jakehowardtech.id
-  name    = "tasks"
+  name = "@"
-  value   = gandi_livedns_record.sys_domain_pve.href
+  type = "CAA"
-  type    = "CNAME"
+  ttl  = 3600
-  ttl     = 1
+  values = [
-}
+    "0 issue \"letsencrypt.org\"",
-
+    "0 wildissue \"letsencrypt.org\"",
-resource "cloudflare_record" "jakehowardtech_auth" {
+  ]
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "auth"
  value   = gandi_livedns_record.sys_domain_pve.href
  type    = "CNAME"
  ttl     = 1
 }
 resource "cloudflare_record" "jakehowardtech_minio" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "minio"
  value   = gandi_livedns_record.sys_domain_pve.href
  type    = "CNAME"
  ttl     = 1
 }
 resource "cloudflare_record" "jakehowardtech_s3" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "s3"
  value   = gandi_livedns_record.sys_domain_pve.href
  type    = "CNAME"
  ttl     = 1
 }
 resource "cloudflare_record" "jakehowardtech_ntfy" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "ntfy"
  value   = gandi_livedns_record.sys_domain_pve.href
  type    = "CNAME"
  ttl     = 1
 }
 resource "cloudflare_record" "jakehowardtech_headscale" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "headscale"
  value   = gandi_livedns_record.sys_domain_casey.href
  type    = "CNAME"
  ttl     = 1
 }
 resource "cloudflare_record" "jakehowardtech_slides" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "slides"
  value   = gandi_livedns_record.sys_domain_walker.href
  type    = "CNAME"
  ttl     = 1
 }
 resource "cloudflare_record" "jakehowardtech_uptime" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "uptime"
  value   = gandi_livedns_record.sys_domain_pve.href
  type    = "CNAME"
  ttl     = 1
 }
 resource "cloudflare_record" "jakehowardtech_caa" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "@"
  type    = "CAA"
  ttl     = 1
  data = {
    tag   = "issue"
    flags = 0
    value = "letsencrypt.org"
  }
 }
--- a/terraform/theorangeone.net.tf
+++ b/terraform/theorangeone.net.tf
@ -108,7 +108,7 @@ resource "gandi_livedns_record" "theorangeonenet_dmarc_report" {
    gandi_livedns_domain.theorangeonenet.name,
    gandi_livedns_domain.jakehowardtech.name,
    gandi_livedns_record.theorangeonenet_mailgun_spf.href,
-    cloudflare_record.jakehowardtech_mailgun_spf.hostname,
+    gandi_livedns_record.jakehowardtech_mailgun_spf.href,
  ])
  zone = gandi_livedns_domain.theorangeonenet.id