WIP: Migrate DNS to Gandi #175

Draft
jake wants to merge 8 commits from gandi-dns into master
10 changed files with 570 additions and 465 deletions

View file

@ -3,8 +3,7 @@ services:
image: traefik:v2.11 image: traefik:v2.11
user: "{{ docker_user.id }}" user: "{{ docker_user.id }}"
environment: environment:
- CF_DNS_API_TOKEN={{ vault_cloudflare_api_token }} - GANDIV5_PERSONAL_ACCESS_TOKEN={{ vault_gandi_personal_access_token }}
- GANDIV5_API_KEY={{ vault_gandi_api_key }}
volumes: volumes:
- ./traefik:/etc/traefik - ./traefik:/etc/traefik
restart: unless-stopped restart: unless-stopped

View file

@ -50,17 +50,6 @@ api:
certificatesResolvers: certificatesResolvers:
le: le:
acme:
email: "{{ vault_letsencrypt_email }}"
storage: /etc/traefik/acme.json
dnsChallenge:
provider: cloudflare
delayBeforeCheck: 0
resolvers:
- 1.1.1.1:53
- 1.0.0.1:53
gandi:
acme: acme:
email: "{{ vault_letsencrypt_email }}" email: "{{ vault_letsencrypt_email }}"
storage: /etc/traefik/acme.json storage: /etc/traefik/acme.json
@ -68,8 +57,8 @@ certificatesResolvers:
provider: gandiv5 provider: gandiv5
delayBeforeCheck: 0 delayBeforeCheck: 0
resolvers: resolvers:
- 1.1.1.1:53 - 9.9.9.9:53
- 1.0.0.1:53 - 149.112.112.112:53
serversTransport: serversTransport:
insecureSkipVerify: true insecureSkipVerify: true

View file

@ -1,14 +1,11 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
63373634636339343234383662613339643138346430336463613834363661376334303131656565 30393461663462666434333462386264383831333936633961636237616338303335393861626336
6439633136396264356263663961383565636138333135660a366239313136663331386139386566 3566306338633735613431393736653061636536353335620a366335623630643137343863636161
61653432613237656635316336313064396433393939306330353739343439336165653866343030 37383436323439393965623436393465626362633134346239356463633936396236666164333762
6432366565396639640a636662356238636130326237613632643738643639313664393639323561 3565623930353964620a303965626164396536646336313438346464663236633465353036303935
39633939353663386566396534366166646631353461643062373363393566306538653730306362 30373230393432643330663434313637396234306563336137653861333839623530636465653532
36306532343933643830643564313166366530363139623564633061623238303866633037383032 37363239663939303834633332656365363437356236633933313339656563343130383262626539
31313765393134326561626264323336356539376263333765366162613363313138633932396136 61363762663630366430326635386163613936653938303366636363363334643035396233646430
35663737366132613133376431643333663466363737386664663036623839616333653231366536 32636431616335326264343931343064646363393736303263633038623562623965393763636562
38356566653933316462333462616362623535643866636332356563326136356563616632323034 35316264636264366161326463343730613232663539306532303838656338343535376439343834
39303437363535636433353961353964313733333164396538643563343338633432343232346235 3234663334333866376233336538343264623930653662303835
39626331376163356466313435616362613334346132666461633566393662363039393363613366
63613333643039626161653962353636366364353730383534336662336138643231333864633536
3232

View file

@ -16,7 +16,6 @@ services:
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.yourls.rule=Host(`0rng.one`) - traefik.http.routers.yourls.rule=Host(`0rng.one`)
- traefik.http.routers.yourls.tls.certresolver=gandi
networks: networks:
- default - default
- traefik - traefik

View file

@ -8,7 +8,7 @@ resource "gandi_livedns_record" "orngone_apex" {
type = "ALIAS" # Gandi doesn't support CNAME-flattening type = "ALIAS" # Gandi doesn't support CNAME-flattening
ttl = 3600 ttl = 3600
values = [ values = [
cloudflare_record.sys_domain_pve.hostname gandi_livedns_record.sys_domain_pve.href
] ]
} }

View file

@ -96,10 +96,10 @@ resource "linode_firewall" "casey" {
resource "linode_rdns" "casey_reverse_ipv4" { resource "linode_rdns" "casey_reverse_ipv4" {
address = linode_instance.casey.ip_address address = linode_instance.casey.ip_address
rdns = cloudflare_record.sys_domain_casey.hostname rdns = gandi_livedns_record.sys_domain_casey.href
} }
resource "linode_rdns" "casey_reverse_ipv6" { resource "linode_rdns" "casey_reverse_ipv6" {
address = split("/", linode_instance.casey.ipv6)[0] address = split("/", linode_instance.casey.ipv6)[0]
rdns = cloudflare_record.sys_domain_casey.hostname rdns = gandi_livedns_record.sys_domain_casey.href
} }

View file

@ -1,283 +1,345 @@
resource "cloudflare_zone" "jakehowardtech" { resource "gandi_livedns_domain" "jakehowardtech" {
zone = "jakehoward.tech" name = "jakehoward.tech"
} }
resource "cloudflare_record" "jakehowardtech_mx1" { resource "gandi_livedns_record" "jakehowardtech_mx" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "@" name = "@"
value = "in1-smtp.messagingengine.com"
type = "MX" type = "MX"
priority = 10 ttl = 3600
ttl = 1 values = [
"10 in1-smtp.messagingengine.com.",
"20 in2-smtp.messagingengine.com.",
]
} }
resource "cloudflare_record" "jakehowardtech_mx2" { resource "gandi_livedns_record" "jakehowardtech_spf" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "@" name = "@"
value = "in2-smtp.messagingengine.com"
type = "MX"
priority = 20
ttl = 1
}
resource "cloudflare_record" "jakehowardtech_txt" {
zone_id = cloudflare_zone.jakehowardtech.id
name = "@"
value = "v=spf1 include:spf.messagingengine.com -all"
type = "TXT" type = "TXT"
ttl = 1 ttl = 3600
values = [
"\"v=spf1 include:spf.messagingengine.com -all\""
]
} }
resource "cloudflare_record" "jakehowardtech_dkim_fm1" { resource "gandi_livedns_record" "jakehowardtech_dkim_fm1" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "fm1._domainkey" name = "fm1._domainkey"
value = "fm1.jakehoward.tech.dkim.fmhosted.com"
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"fm1.jakehoward.tech.dkim.fmhosted.com."
]
} }
resource "cloudflare_record" "jakehowardtech_dkim_fm2" { resource "gandi_livedns_record" "jakehowardtech_dkim_fm2" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "fm2._domainkey" name = "fm2._domainkey"
value = "fm2.jakehoward.tech.dkim.fmhosted.com"
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"fm2.jakehoward.tech.dkim.fmhosted.com."
]
} }
resource "cloudflare_record" "jakehowardtech_dkim_fm3" { resource "gandi_livedns_record" "jakehowardtech_dkim_fm3" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "fm3._domainkey" name = "fm3._domainkey"
value = "fm3.jakehoward.tech.dkim.fmhosted.com"
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"fm3.jakehoward.tech.dkim.fmhosted.com."
]
} }
resource "cloudflare_record" "jakehowardtech_dmarc" { resource "gandi_livedns_record" "jakehowardtech_dmarc" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "_dmarc" name = "_dmarc"
value = "v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;"
type = "TXT" type = "TXT"
ttl = 1 ttl = 3600
values = [
"\"v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;\""
]
} }
resource "cloudflare_record" "jakehowardtech_wallabag" { resource "gandi_livedns_record" "jakehowardtech_wallabag" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "wallabag" name = "wallabag"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_ttrss" { resource "gandi_livedns_record" "jakehowardtech_ttrss" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "tt-rss" name = "tt-rss"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_speed" { resource "gandi_livedns_record" "jakehowardtech_speed" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "speed" name = "speed"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_quassel" { resource "gandi_livedns_record" "jakehowardtech_quassel" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "quassel" name = "quassel"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_media" { resource "gandi_livedns_record" "jakehowardtech_media" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "media" name = "media"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_matrix" { resource "gandi_livedns_record" "jakehowardtech_matrix" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "matrix" name = "matrix"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_intersect" { resource "gandi_livedns_record" "jakehowardtech_intersect" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "intersect" name = "intersect"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_calibre" { resource "gandi_livedns_record" "jakehowardtech_calibre" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "calibre" name = "calibre"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_homeassistant" { resource "gandi_livedns_record" "jakehowardtech_homeassistant" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "homeassistant" name = "homeassistant"
value = cloudflare_record.sys_domain_pve_private.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve_private.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_grafana" { resource "gandi_livedns_record" "jakehowardtech_grafana" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "grafana" name = "grafana"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_vaultwarden" { resource "gandi_livedns_record" "jakehowardtech_vaultwarden" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "vaultwarden" name = "vaultwarden"
value = cloudflare_record.sys_domain_pve_private.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve_private.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_tandoor" { resource "gandi_livedns_record" "jakehowardtech_recipes" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "recipes" name = "recipes"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_mailgun_spf" { resource "gandi_livedns_record" "jakehowardtech_mailgun_spf" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "mg" name = "mg"
value = "v=spf1 include:mailgun.org -all"
type = "TXT" type = "TXT"
ttl = 1 ttl = 3600
values = [
"\"v=spf1 include:mailgun.org -all\""
]
} }
resource "cloudflare_record" "jakehowardtech_mailgun_dkim" { resource "gandi_livedns_record" "jakehowardtech_mailgun_dkim" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "s1._domainkey.mg" name = "s1._domainkey.mg"
value = "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4E4cv86U+sFUjgLys26ZLccTghzGfHiFpitWdFg68lGXG63aoG2/+9bgKVT0ZBG7bjPvj6Kyj4N3TIe4oCJo2saVvtsNK1pvZkOadaBPgjzKeRvBaw48ZatUGKoV7q1NCa0kXAfiJleF7bMvbt8rYDmBljr/BG6TtZYPt6XgoZyh8HHXjv/1L6WT3JBVQ8q5UtqVRVujXNHf57FmJTOJpvs0bKn/6TUaXYZmt5z3jpDhc/HfmkzVV22AwRf9jn7kgKkgaKpkvfSL8gtYNn5oyfS0Y9W9x9ntqb4g72RCbynMppQb1uwxbIuWRVOp0un0koQDm3C8ZzhOOYAwe58BYQIDAQAB"
type = "TXT" type = "TXT"
ttl = 1 ttl = 3600
values = [
"\"k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4E4cv86U+sFUjgLys26ZLccTghzGfHiFpitWdFg68lGXG63aoG2/+9bgKVT0ZBG7bjPvj6Kyj4N3TIe4oCJo2saVvtsNK1pvZkOadaBPgjzKeRvBaw48ZatUGKoV7q1NCa0kXAfiJleF7bMvbt8rYDmBljr/BG6TtZYPt6XgoZyh8HHXjv/1L6WT3JBVQ8q5UtqVRVujXNHf57FmJTOJpvs0bKn/6TUaXYZmt5z3jpDhc/HfmkzVV22AwRf9jn7kgKkgaKpkvfSL8gtYNn5oyfS0Y9W9x9ntqb4g72RCbynMppQb1uwxbIuWRVOp0un0koQDm3C8ZzhOOYAwe58BYQIDAQAB\""
]
} }
resource "cloudflare_record" "jakehowardtech_mailgun_dmarc" { resource "gandi_livedns_record" "jakehowardtech_mailgun_dmarc" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "_dmarc.mg" name = "_dmarc.mg"
value = "v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;"
type = "TXT" type = "TXT"
ttl = 1 ttl = 3600
values = [
"\"v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;\""
]
} }
resource "cloudflare_record" "jakehowardtech_matrix_admin" { resource "gandi_livedns_record" "jakehowardtech_synapse_admin" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "synapse-admin" name = "synapse-admin"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
# Cloudflare supports CNAME flattening - so this is ok resource "gandi_livedns_record" "jakehowardtech_apex" {
resource "cloudflare_record" "jakehowardtech_apex" { zone = gandi_livedns_domain.jakehowardtech.id
zone_id = cloudflare_zone.jakehowardtech.id
name = "@" name = "@"
value = cloudflare_record.sys_domain_walker.hostname type = "ALIAS"
type = "CNAME" ttl = 3600
ttl = 1 values = [
"${gandi_livedns_record.sys_domain_walker.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_collabora" { resource "gandi_livedns_record" "jakehowardtech_collabora" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "collabora" name = "collabora"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_tasks" { resource "gandi_livedns_record" "jakehowardtech_tasks" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "tasks" name = "tasks"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_auth" { resource "gandi_livedns_record" "jakehowardtech_auth" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "auth" name = "auth"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_minio" { resource "gandi_livedns_record" "jakehowardtech_minio" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "minio" name = "minio"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_s3" { resource "gandi_livedns_record" "jakehowardtech_s3" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "s3" name = "s3"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_ntfy" { resource "gandi_livedns_record" "jakehowardtech_ntfy" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "ntfy" name = "ntfy"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_headscale" { resource "gandi_livedns_record" "jakehowardtech_headscale" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "headscale" name = "headscale"
value = cloudflare_record.sys_domain_casey.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_casey.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_slides" { resource "gandi_livedns_record" "jakehowardtech_slides" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "slides" name = "slides"
value = cloudflare_record.sys_domain_walker.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_walker.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_uptime" { resource "gandi_livedns_record" "jakehowardtech_uptime" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "uptime" name = "uptime"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "jakehowardtech_caa" { resource "gandi_livedns_record" "jakehowardtech_baby-buddy" {
zone_id = cloudflare_zone.jakehowardtech.id zone = gandi_livedns_domain.jakehowardtech.id
name = "baby-buddy"
type = "CNAME"
ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve_private.href}."
]
}
resource "gandi_livedns_record" "jakehowardtech_caa" {
zone = gandi_livedns_domain.jakehowardtech.id
name = "@" name = "@"
type = "CAA" type = "CAA"
ttl = 1 ttl = 3600
values = [
data = { "0 issue \"letsencrypt.org\"",
tag = "issue" "0 wildissue \"letsencrypt.org\"",
flags = 0 ]
value = "letsencrypt.org"
}
} }

View file

@ -1,47 +1,59 @@
resource "cloudflare_record" "sys_domain_casey" { resource "gandi_livedns_record" "sys_domain_casey" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "casey.sys" name = "casey.sys"
value = linode_instance.casey.ip_address
type = "A" type = "A"
ttl = 1 ttl = 3600
values = [
linode_instance.casey.ip_address
]
} }
resource "cloudflare_record" "sys_domain_walker" { resource "gandi_livedns_record" "sys_domain_casey_v6" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "walker.sys"
value = hcloud_server.walker.ipv4_address
type = "A"
ttl = 1
}
resource "cloudflare_record" "sys_domain_casey_v6" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "casey.sys" name = "casey.sys"
value = split("/", linode_instance.casey.ipv6)[0]
type = "AAAA" type = "AAAA"
ttl = 1 ttl = 3600
values = [
split("/", linode_instance.casey.ipv6)[0]
]
} }
resource "cloudflare_record" "sys_domain_walker_v6" { resource "gandi_livedns_record" "sys_domain_walker" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "walker.sys" name = "walker.sys"
value = hcloud_server.walker.ipv6_address type = "A"
type = "AAAA" ttl = 3600
ttl = 1 values = [
hcloud_server.walker.ipv4_address
]
} }
resource "cloudflare_record" "sys_domain_pve" { resource "gandi_livedns_record" "sys_domain_walker_v6" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "walker.sys"
type = "AAAA"
ttl = 3600
values = [
hcloud_server.walker.ipv6_address
]
}
resource "gandi_livedns_record" "sys_domain_pve" {
zone = gandi_livedns_domain.theorangeonenet.id
name = "pve.sys" name = "pve.sys"
value = linode_instance.casey.ip_address
type = "A" type = "A"
ttl = 1 ttl = 3600
values = [
linode_instance.casey.ip_address
]
} }
resource "cloudflare_record" "sys_domain_pve_private" { resource "gandi_livedns_record" "sys_domain_pve_private" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "pve-private.sys" name = "pve-private.sys"
value = local.private_ipv6_marker
type = "AAAA" type = "AAAA"
ttl = 1 ttl = 3600
values = [
local.private_ipv6_marker
]
} }

View file

@ -1,235 +1,282 @@
resource "cloudflare_zone" "theorangeonenet" { resource "gandi_livedns_domain" "theorangeonenet" {
zone = "theorangeone.net" name = "theorangeone.net"
} }
resource "cloudflare_record" "theorangeonenet_git" { resource "gandi_livedns_record" "theorangeonenet_git" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "git" name = "git"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "theorangeonenet_whoami" { resource "gandi_livedns_record" "theorangeonenet_whoami" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "whoami" name = "whoami"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "theorangeonenet_whoami_cdn" { resource "gandi_livedns_record" "theorangeonenet_whoami_cdn" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "whoami-cdn" name = "whoami-cdn"
value = cloudflare_record.sys_domain_casey.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "theorangeonenet_whoami_private" { resource "gandi_livedns_record" "theorangeonenet_whoami_private" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "whoami-private" name = "whoami-private"
value = cloudflare_record.sys_domain_pve_private.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "theorangeonenet_mx1" { resource "gandi_livedns_record" "theorangeonenet_mx" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "@" name = "@"
value = "in1-smtp.messagingengine.com"
type = "MX" type = "MX"
priority = 10 ttl = 3600
ttl = 1 values = [
"10 in1-smtp.messagingengine.com.",
"20 in2-smtp.messagingengine.com.",
]
} }
resource "cloudflare_record" "theorangeonenet_mx2" { resource "gandi_livedns_record" "theorangeonenet_spf" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "@" name = "@"
value = "in2-smtp.messagingengine.com"
type = "MX"
priority = 20
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_spf" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "@"
value = "v=spf1 include:spf.messagingengine.com -all"
type = "TXT" type = "TXT"
ttl = 1 ttl = 3600
values = [
"\"v=spf1 include:spf.messagingengine.com -all\""
]
} }
resource "cloudflare_record" "theorangeonenet_dkim_fm1" { resource "gandi_livedns_record" "theorangeonenet_dkim_fm1" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "fm1._domainkey" name = "fm1._domainkey"
value = "fm1.theorangeone.net.dkim.fmhosted.com"
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"fm1.theorangeone.net.dkim.fmhosted.com."
]
} }
resource "cloudflare_record" "theorangeonenet_dkim_fm2" { resource "gandi_livedns_record" "theorangeonenet_dkim_fm2" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "fm2._domainkey" name = "fm2._domainkey"
value = "fm2.theorangeone.net.dkim.fmhosted.com"
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"fm2.theorangeone.net.dkim.fmhosted.com."
]
} }
resource "cloudflare_record" "theorangeonenet_dkim_fm3" { resource "gandi_livedns_record" "theorangeonenet_dkim_fm3" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "fm3._domainkey" name = "fm3._domainkey"
value = "fm3.theorangeone.net.dkim.fmhosted.com"
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"fm3.theorangeone.net.dkim.fmhosted.com."
]
} }
resource "cloudflare_record" "theorangeonenet_dmarc" { resource "gandi_livedns_record" "theorangeonenet_dmarc" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "_dmarc" name = "_dmarc"
value = "v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;"
type = "TXT" type = "TXT"
ttl = 1 ttl = 3600
values = [
"\"v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;\""
]
} }
resource "cloudflare_record" "theorangeonenet_dmarc_report" { resource "gandi_livedns_record" "theorangeonenet_dmarc_report" {
for_each = toset([ for_each = toset([
cloudflare_zone.theorangeonenet.zone, gandi_livedns_domain.theorangeonenet.name,
cloudflare_zone.jakehowardtech.zone, gandi_livedns_domain.jakehowardtech.name,
cloudflare_record.theorangeonenet_mailgun_spf.hostname, gandi_livedns_record.theorangeonenet_mailgun_spf.href,
cloudflare_record.jakehowardtech_mailgun_spf.hostname, gandi_livedns_record.jakehowardtech_mailgun_spf.href,
]) ])
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "${each.value}._report._dmarc" name = "${each.value}._report._dmarc"
value = "v=DMARC1"
type = "TXT" type = "TXT"
ttl = 1 ttl = 3600
values = [
"v=DMARC1"
]
} }
# Cloudflare supports CNAME flattening - so this is ok resource "gandi_livedns_record" "theorangeonenet_apex" {
resource "cloudflare_record" "theorangeonenet_apex" { zone = gandi_livedns_domain.theorangeonenet.id
zone_id = cloudflare_zone.theorangeonenet.id
name = "@" name = "@"
value = cloudflare_record.sys_domain_walker.hostname type = "ALIAS"
type = "CNAME" ttl = 3600
ttl = 1 values = [
"${gandi_livedns_record.sys_domain_walker.href}."
]
} }
resource "cloudflare_record" "theorangeonenet_srv_matrix" { resource "gandi_livedns_record" "theorangeonenet_srv_matrix" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "_matrix._tcp" name = "_matrix._tcp"
type = "SRV" type = "SRV"
ttl = 1 ttl = 3600
values = [
data = { "10 0 8448 ${gandi_livedns_record.theorangeonenet_matrix.href}."
service = "_matrix" ]
proto = "_tcp"
name = cloudflare_zone.theorangeonenet.zone
priority = 10
weight = 0
port = 8448
target = cloudflare_record.theorangeonenet_matrix.hostname
}
} }
resource "cloudflare_record" "theorangeonenet_matrix" { resource "gandi_livedns_record" "theorangeonenet_matrix" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "matrix" name = "matrix"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "theorangeonenet_plausible" { resource "gandi_livedns_record" "theorangeonenet_plausible" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "plausible" name = "plausible"
value = cloudflare_record.sys_domain_walker.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_walker.href}."
]
} }
resource "cloudflare_record" "theorangeonenet_plausible_bare" { resource "gandi_livedns_record" "theorangeonenet_plausible_bare" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "elbisualp" name = "elbisualp"
value = cloudflare_record.sys_domain_walker.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_walker.href}."
]
} }
resource "cloudflare_record" "theorangeonenet_notes" { resource "gandi_livedns_record" "theorangeonenet_notes" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "notes" name = "notes"
value = "realorangeone.github.io"
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"realorangeone.github.io."
]
} }
resource "cloudflare_record" "theorangeonenet_privatebin" { resource "gandi_livedns_record" "theorangeonenet_bin" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "bin" name = "bin"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "theorangeonenet_google_site_verification" { resource "gandi_livedns_record" "theorangeonenet_google_site_verification" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "@" name = "@"
value = "google-site-verification=IXY4iSBN_vOcM3cp_f-BgVvEI_shz1GzXuY_8dqY61o"
type = "TXT" type = "TXT"
ttl = 1 ttl = 3600
values = [
"google-site-verification=IXY4iSBN_vOcM3cp_f-BgVvEI_shz1GzXuY_8dqY61o"
]
} }
resource "cloudflare_record" "theorangeonenet_mailgun_spf" { resource "gandi_livedns_record" "theorangeonenet_mailgun_spf" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "mg" name = "mg"
value = "v=spf1 include:mailgun.org -all"
type = "TXT" type = "TXT"
ttl = 1 ttl = 3600
values = [
"\"v=spf1 include:mailgun.org -all\""
]
} }
resource "cloudflare_record" "theorangeonenet_mailgun_dkim" { resource "gandi_livedns_record" "theorangeonenet_mailgun_dkim" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "mta._domainkey.mg" name = "mta._domainkey.mg"
value = "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Z/MHEzpbWm5EgMkyWb+Xkz44Xrzr4SA5i2u8M2H5yZ1PSb4DpGk3IAX+I05UWax02+WBW3CBb5wU9rH9flgxezBoCf/hiMS1Wjb9hKGIBa2jMCzpF+wa5fyqLkLoAJZF4bc/BJKyi/ET2c7+DAA/2KlWv/nv4MEjcUR4hNGLPEC9+6PhUp8z2PnUQLzPRWHpKc1oLrnROWaX3XxdDekCzwyOw7ygzZdThVevE+0CqXVOt5SUSUCnd2tjVbvblGi6DBiQY5Tl6+xLqkQHCRqks9187+EN4FdJXkjQodkFzzyiBH5cXVGiZLOhal4koEvxGirr596qM97bIXiJWArdQIDAQAB"
type = "TXT" type = "TXT"
ttl = 1 ttl = 3600
values = [
"\"k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Z/MHEzpbWm5EgMkyWb+Xkz44Xrzr4SA5i2u8M2H5yZ1PSb4DpGk3IAX+I05UWax02+WBW3CBb5wU9rH9flgxezBoCf/hiMS1Wjb9hKGIBa2jMCzpF+wa5fyqLkLoAJZF4bc/BJKyi/ET2c7+DAA/2KlWv/nv4MEjcUR4hNGLPEC9+6PhUp8z2PnUQLzPRWHpKc1oLrnROWaX3XxdDekCzwyOw7ygzZdThVevE+0CqXVOt5SUSUCnd2tjVbvblGi6DBiQY5Tl6+xLqkQHCRqks9187+EN4FdJXkjQodkFzzyiBH5cXVGiZLOhal4koEvxGirr596qM97bIXiJWArdQIDAQAB\""
]
} }
resource "cloudflare_record" "theorangeonenet_mailgun_dmarc" { resource "gandi_livedns_record" "theorangeonenet_mailgun_dmarc" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "_dmarc.mg" name = "_dmarc.mg"
value = "v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;"
type = "TXT" type = "TXT"
ttl = 1 ttl = 3600
values = [
"\"v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;\""
]
} }
resource "cloudflare_record" "theorangeonenet_mastodon" { resource "gandi_livedns_record" "theorangeonenet_mastodon" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "mastodon" name = "mastodon"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME" type = "CNAME"
ttl = 1 ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
} }
resource "cloudflare_record" "theorangeonenet_comentario" { resource "gandi_livedns_record" "theorangeonenet_comentario" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "comentario" name = "comentario"
value = cloudflare_record.sys_domain_walker.value type = "CNAME"
type = "A" ttl = 3600
ttl = 1 values = [
"${gandi_livedns_record.sys_domain_walker.href}."
]
} }
resource "cloudflare_record" "theorangeonenet_caa" { resource "gandi_livedns_record" "theorangeonenet_bsky" {
zone_id = cloudflare_zone.theorangeonenet.id zone = gandi_livedns_domain.theorangeonenet.id
name = "bsky"
type = "CNAME"
ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.href}."
]
}
resource "gandi_livedns_record" "theorangeonenet_atproto" {
zone = gandi_livedns_domain.theorangeonenet.id
name = "_atproto"
type = "TXT"
ttl = 3600
values = [
"did=did:plc:pgyg4ih7zsqkwdon34jqkbuz"
]
}
resource "gandi_livedns_record" "theorangeonenet_caa" {
zone = gandi_livedns_domain.theorangeonenet.id
name = "@" name = "@"
type = "CAA" type = "CAA"
ttl = 1 ttl = 3600
values = [
data = { "0 issue \"letsencrypt.org\"",
tag = "issue" "0 wildissue \"letsencrypt.org\"",
flags = 0 ]
value = "letsencrypt.org"
}
} }

View file

@ -16,11 +16,11 @@ resource "hcloud_server" "walker" {
resource "hcloud_rdns" "walker_reverse_ipv4" { resource "hcloud_rdns" "walker_reverse_ipv4" {
server_id = hcloud_server.walker.id server_id = hcloud_server.walker.id
ip_address = hcloud_server.walker.ipv4_address ip_address = hcloud_server.walker.ipv4_address
dns_ptr = cloudflare_record.sys_domain_walker.hostname dns_ptr = gandi_livedns_record.sys_domain_walker.href
} }
resource "hcloud_rdns" "walker_reverse_ipv6" { resource "hcloud_rdns" "walker_reverse_ipv6" {
server_id = hcloud_server.walker.id server_id = hcloud_server.walker.id
ip_address = hcloud_server.walker.ipv6_address ip_address = hcloud_server.walker.ipv6_address
dns_ptr = cloudflare_record.sys_domain_walker.hostname dns_ptr = gandi_livedns_record.sys_domain_walker.href
} }