infrastructure/terraform/theorangeone.net.tf

235 lines
6.5 KiB
HCL

resource "cloudflare_zone" "theorangeonenet" {
zone = "theorangeone.net"
}
resource "cloudflare_record" "theorangeonenet_git" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "git"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_whoami" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "whoami"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_whoami_cdn" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "whoami-cdn"
value = cloudflare_record.sys_domain_casey.hostname
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_whoami_private" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "whoami-private"
value = cloudflare_record.sys_domain_pve_private.hostname
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_mx1" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "@"
value = "in1-smtp.messagingengine.com"
type = "MX"
priority = 10
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_mx2" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "@"
value = "in2-smtp.messagingengine.com"
type = "MX"
priority = 20
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_spf" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "@"
value = "v=spf1 include:spf.messagingengine.com -all"
type = "TXT"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_dkim_fm1" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "fm1._domainkey"
value = "fm1.theorangeone.net.dkim.fmhosted.com"
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_dkim_fm2" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "fm2._domainkey"
value = "fm2.theorangeone.net.dkim.fmhosted.com"
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_dkim_fm3" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "fm3._domainkey"
value = "fm3.theorangeone.net.dkim.fmhosted.com"
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_dmarc" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "_dmarc"
value = "v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;"
type = "TXT"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_dmarc_report" {
for_each = toset([
cloudflare_zone.theorangeonenet.zone,
cloudflare_zone.jakehowardtech.zone,
cloudflare_record.theorangeonenet_mailgun_spf.hostname,
cloudflare_record.jakehowardtech_mailgun_spf.hostname,
])
zone_id = cloudflare_zone.theorangeonenet.id
name = "${each.value}._report._dmarc"
value = "v=DMARC1"
type = "TXT"
ttl = 1
}
# Cloudflare supports CNAME flattening - so this is ok
resource "cloudflare_record" "theorangeonenet_apex" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "@"
value = cloudflare_record.sys_domain_walker.hostname
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_srv_matrix" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "_matrix._tcp"
type = "SRV"
ttl = 1
data = {
service = "_matrix"
proto = "_tcp"
name = cloudflare_zone.theorangeonenet.zone
priority = 10
weight = 0
port = 8448
target = cloudflare_record.jakehowardtech_matrix.hostname
}
}
resource "cloudflare_record" "theorangeonenet_matrix" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "matrix"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_plausible" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "plausible"
value = cloudflare_record.sys_domain_walker.hostname
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_plausible_bare" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "elbisualp"
value = cloudflare_record.sys_domain_walker.hostname
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_notes" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "notes"
value = "realorangeone.github.io"
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_privatebin" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "bin"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_google_site_verification" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "@"
value = "google-site-verification=IXY4iSBN_vOcM3cp_f-BgVvEI_shz1GzXuY_8dqY61o"
type = "TXT"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_mailgun_spf" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "mg"
value = "v=spf1 include:mailgun.org -all"
type = "TXT"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_mailgun_dkim" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "mta._domainkey.mg"
value = "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Z/MHEzpbWm5EgMkyWb+Xkz44Xrzr4SA5i2u8M2H5yZ1PSb4DpGk3IAX+I05UWax02+WBW3CBb5wU9rH9flgxezBoCf/hiMS1Wjb9hKGIBa2jMCzpF+wa5fyqLkLoAJZF4bc/BJKyi/ET2c7+DAA/2KlWv/nv4MEjcUR4hNGLPEC9+6PhUp8z2PnUQLzPRWHpKc1oLrnROWaX3XxdDekCzwyOw7ygzZdThVevE+0CqXVOt5SUSUCnd2tjVbvblGi6DBiQY5Tl6+xLqkQHCRqks9187+EN4FdJXkjQodkFzzyiBH5cXVGiZLOhal4koEvxGirr596qM97bIXiJWArdQIDAQAB"
type = "TXT"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_mailgun_dmarc" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "_dmarc.mg"
value = "v=DMARC1; p=quarantine; ruf=mailto:dmarc-report@jakehoward.tech;"
type = "TXT"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_mastodon" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "mastodon"
value = cloudflare_record.sys_domain_pve.hostname
type = "CNAME"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_comentario" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "comentario"
value = cloudflare_record.sys_domain_walker.value
type = "A"
ttl = 1
}
resource "cloudflare_record" "theorangeonenet_caa" {
zone_id = cloudflare_zone.theorangeonenet.id
name = "@"
type = "CAA"
ttl = 1
data = {
tag = "issue"
flags = 0
value = "letsencrypt.org"
}
}