aboutsummaryrefslogtreecommitdiff
path: root/terraform/dns
diff options
context:
space:
mode:
Diffstat (limited to 'terraform/dns')
-rw-r--r--terraform/dns/backend.tf16
-rw-r--r--terraform/dns/dn42.tf71
-rw-r--r--terraform/dns/main.tf14
-rw-r--r--terraform/dns/terraform.tfstate52
-rw-r--r--terraform/dns/terragrunt.hcl3
-rw-r--r--terraform/dns/trygvis.tf63
-rw-r--r--terraform/dns/vpn-cname.tf22
-rw-r--r--terraform/dns/vpn.tf36
8 files changed, 224 insertions, 53 deletions
diff --git a/terraform/dns/backend.tf b/terraform/dns/backend.tf
new file mode 100644
index 0000000..4f05aaf
--- /dev/null
+++ b/terraform/dns/backend.tf
@@ -0,0 +1,16 @@
+# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
+terraform {
+ required_version = "~> 1.9.5"
+
+ backend "s3" {
+ bucket = "terraform-a6726272-73ff-11ed-8bdd-c79eb8376e05"
+ key = "dns/terraform.tfstate"
+ skip_region_validation = true
+ skip_credentials_validation = true
+ skip_metadata_api_check = true
+ skip_requesting_account_id = true
+ skip_s3_checksum = true
+ region = "eu-central-1"
+ endpoints = { s3 : "https://eu-central-1.linodeobjects.com" }
+ }
+}
diff --git a/terraform/dns/dn42.tf b/terraform/dns/dn42.tf
new file mode 100644
index 0000000..35bc26e
--- /dev/null
+++ b/terraform/dns/dn42.tf
@@ -0,0 +1,71 @@
+# Generated from ansible data
+
+resource "linode_domain_record" "dn42-conflatorio" {
+ domain_id = linode_domain.root.id
+ name = "conflatorio.dn42"
+ record_type = "AAAA"
+ target = "fdb1:4242:3538:2008:8042:32ff:fe0c:7161"
+}
+
+resource "linode_domain_record" "dn42-coregonus" {
+ domain_id = linode_domain.root.id
+ name = "coregonus.dn42"
+ record_type = "AAAA"
+ target = "fdb1:4242:3538:2005::ffff"
+}
+
+resource "linode_domain_record" "dn42-danneri" {
+ domain_id = linode_domain.root.id
+ name = "danneri.dn42"
+ record_type = "AAAA"
+ target = "fdb1:4242:3538:2008:9422:d355:95b7:f170"
+}
+
+resource "linode_domain_record" "dn42-hash" {
+ domain_id = linode_domain.root.id
+ name = "hash.dn42"
+ record_type = "AAAA"
+ target = "fdb1:4242:3538:2007::ffff"
+}
+
+resource "linode_domain_record" "dn42-knot" {
+ domain_id = linode_domain.root.id
+ name = "knot.dn42"
+ record_type = "AAAA"
+ target = "fdb1:4242:3538:2004::ffff"
+}
+
+resource "linode_domain_record" "dn42-kv24ix" {
+ domain_id = linode_domain.root.id
+ name = "kv24ix.dn42"
+ record_type = "AAAA"
+ target = "fdb1:4242:3538:2006::ffff"
+}
+
+resource "linode_domain_record" "dn42-lhn2pi" {
+ domain_id = linode_domain.root.id
+ name = "lhn2pi.dn42"
+ record_type = "AAAA"
+ target = "fdb1:4242:3538:2008::ffff"
+}
+
+resource "linode_domain_record" "dn42-node1" {
+ domain_id = linode_domain.root.id
+ name = "node1.dn42"
+ record_type = "AAAA"
+ target = "fdb1:4242:3538:2002::ffff"
+}
+
+resource "linode_domain_record" "dn42-node2" {
+ domain_id = linode_domain.root.id
+ name = "node2.dn42"
+ record_type = "AAAA"
+ target = "fdb1:4242:3538:2003::ffff"
+}
+
+resource "linode_domain_record" "dn42-unifi" {
+ domain_id = linode_domain.root.id
+ name = "unifi.dn42"
+ record_type = "AAAA"
+ target = "fdb1:4242:3538:2008:5054:ff:fe4d:96c"
+}
diff --git a/terraform/dns/main.tf b/terraform/dns/main.tf
index c67944e..812f3b2 100644
--- a/terraform/dns/main.tf
+++ b/terraform/dns/main.tf
@@ -1,20 +1,8 @@
terraform {
- required_version = "~> 1.3.6"
-
- backend "s3" {
- bucket = "terraform-a6726272-73ff-11ed-8bdd-c79eb8376e05"
- key = "dns/terraform.tfstate"
- region = "eu-central-1"
- skip_region_validation = true
- skip_credentials_validation = true
- skip_metadata_api_check = true
- endpoint = "eu-central-1.linodeobjects.com"
- }
-
required_providers {
linode = {
version = "2.7.1"
- source = "linode/linode"
+ source = "linode/linode"
}
}
}
diff --git a/terraform/dns/terraform.tfstate b/terraform/dns/terraform.tfstate
new file mode 100644
index 0000000..891db4d
--- /dev/null
+++ b/terraform/dns/terraform.tfstate
@@ -0,0 +1,52 @@
+{
+ "version": 3,
+ "serial": 1,
+ "lineage": "8244bd55-1992-3e9a-1072-28df4fb0d2f2",
+ "backend": {
+ "type": "s3",
+ "config": {
+ "access_key": null,
+ "acl": null,
+ "assume_role_duration_seconds": null,
+ "assume_role_policy": null,
+ "assume_role_policy_arns": null,
+ "assume_role_tags": null,
+ "assume_role_transitive_tag_keys": null,
+ "bucket": "terraform-a6726272-73ff-11ed-8bdd-c79eb8376e05",
+ "dynamodb_endpoint": null,
+ "dynamodb_table": null,
+ "encrypt": null,
+ "endpoint": "eu-central-1.linodeobjects.com",
+ "external_id": null,
+ "force_path_style": null,
+ "iam_endpoint": null,
+ "key": "dns/terraform.tfstate",
+ "kms_key_id": null,
+ "max_retries": null,
+ "profile": null,
+ "region": "eu-central-1",
+ "role_arn": null,
+ "secret_key": null,
+ "session_name": null,
+ "shared_credentials_file": null,
+ "skip_credentials_validation": true,
+ "skip_metadata_api_check": true,
+ "skip_region_validation": true,
+ "sse_customer_key": null,
+ "sts_endpoint": null,
+ "token": null,
+ "workspace_key_prefix": null
+ },
+ "hash": 1226279900
+ },
+ "modules": [
+ {
+ "path": [
+ "root"
+ ],
+ "outputs": {},
+ "resources": {},
+ "depends_on": []
+ }
+ ]
+}
diff --git a/terraform/dns/terragrunt.hcl b/terraform/dns/terragrunt.hcl
new file mode 100644
index 0000000..e147285
--- /dev/null
+++ b/terraform/dns/terragrunt.hcl
@@ -0,0 +1,3 @@
+include "root" {
+ path = find_in_parent_folders()
+}
diff --git a/terraform/dns/trygvis.tf b/terraform/dns/trygvis.tf
index 3b81b11..4dcec85 100644
--- a/terraform/dns/trygvis.tf
+++ b/terraform/dns/trygvis.tf
@@ -21,10 +21,18 @@ resource "linode_domain_record" "root-mx" {
domain_id = linode_domain.root.id
name = ""
record_type = "MX"
- target = "knot.inamo.no"
+ target = "in1-smtp.messagingengine.com"
priority = 10
}
+resource "linode_domain_record" "root-mx2" {
+ domain_id = linode_domain.root.id
+ name = ""
+ record_type = "MX"
+ target = "in2-smtp.messagingengine.com"
+ priority = 20
+}
+
resource "linode_domain_record" "root-txt-google" {
domain_id = linode_domain.root.id
name = ""
@@ -47,12 +55,51 @@ resource "linode_domain_record" "root-txt-keybase" {
target = "keybase-site-verification=gcoO7zav4G2IK5KQdrWOgz_PD9wpZhz-0afIb1Kodrk"
}
-# resource "linode_domain_record" "root-txt-protonmail" {
-# domain_id = linode_domain.root.id
-# name = "trygvis.io"
-# record_type = "TXT"
-# target = "protonmail-verification=040b9503f0fe071ec3dfbe5b1c588d384ebec74a"
-# }
+resource "linode_domain_record" "root-txt-fastmail-dkim" {
+ count = 3
+ domain_id = linode_domain.root.id
+ name = format("fm%d._domainkey", count.index + 1)
+ record_type = "CNAME"
+ target = format("fm%d.trygvis.io.dkim.fmhosted.com", count.index + 1)
+}
+
+resource "linode_domain_record" "root-txt-fastmail-spf" {
+ domain_id = linode_domain.root.id
+ name = ""
+ record_type = "TXT"
+ target = "v=spf1 include:spf.messagingengine.com ?all"
+}
+
+resource "linode_domain_record" "root-txt-fastmail-dmark" {
+ domain_id = linode_domain.root.id
+ name = "_dmarc"
+ record_type = "TXT"
+ target = "v=DMARC1; p=none;"
+}
+
+resource "linode_domain_record" "root-txt-fastmail-srv" {
+ domain_id = linode_domain.root.id
+ record_type = "SRV"
+ service = each.key
+ priority = each.value.priority
+ weight = each.value.weight
+ port = each.value.port
+ target = each.value.target
+
+ for_each = tomap({
+ submission = { priority = 0, weight = 0, port = 0, target = "." },
+ imap = { priority = 0, weight = 0, port = 0, target = "." },
+ submissions = { priority = 0, weight = 1, port = 465, target = "smtp.fastmail.com" },
+ imaps = { priority = 0, weight = 1, port = 993, target = "imap.fastmail.com" },
+ jmap = { priority = 0, weight = 1, port = 443, target = "api.fastmail.com" },
+ autodiscover = { priority = 0, weight = 1, port = 443, target = "autodiscover.fastmail.com" },
+ autodiscover = { priority = 0, weight = 1, port = 443, target = "autodiscover.fastmail.com" },
+ carddav = { priority = 0, weight = 0, port = 0, target = "." },
+ carddavs = { priority = 0, weight = 1, port = 443, target = "carddav.fastmail.com" },
+ caldav = { priority = 0, weight = 0, port = 0, target = "." },
+ caldavs = { priority = 0, weight = 1, port = 443, target = "caldav.fastmail.com" },
+ })
+}
resource "linode_domain_record" "root-cname-ses-1" {
domain_id = linode_domain.root.id
@@ -123,7 +170,7 @@ resource "linode_domain_record" "grafana" {
domain_id = linode_domain.root.id
name = "grafana"
record_type = "CNAME"
- target = "vs.trygvis.io"
+ target = "hash.trygvis.io"
}
resource "linode_domain_record" "owncloud" {
diff --git a/terraform/dns/vpn-cname.tf b/terraform/dns/vpn-cname.tf
index bbd411a..c03b2bb 100644
--- a/terraform/dns/vpn-cname.tf
+++ b/terraform/dns/vpn-cname.tf
@@ -1,22 +1,22 @@
-resource "linode_domain_record" "vpn-conflatorio" {
+#resource "linode_domain_record" "vpn-conflatorio" {
+# domain_id = linode_domain.root.id
+# name = "conflatorio.vpn"
+# record_type = "AAAA"
+# target = "fdf3:aad9:a885:77dd::2"
+#}
+
+resource "linode_domain_record" "net-conflatorio" {
domain_id = linode_domain.root.id
- name = "conflatorio.vpn"
+ name = "conflatorio.net"
record_type = "AAAA"
- target = "fdf3:aad9:a885:77dd::2"
+ target = "fdb1:4242:3538:2001::ffff"
}
resource "linode_domain_record" "vpn-unifi" {
domain_id = linode_domain.root.id
name = "unifi.vpn"
record_type = "CNAME"
- target = "${linode_domain_record.vpn-conflatorio.name}.trygvis.io"
-}
-
-resource "linode_domain_record" "vpn-grafana" {
- domain_id = linode_domain.root.id
- name = "grafana.vpn"
- record_type = "CNAME"
- target = "${linode_domain_record.vpn-conflatorio.name}.trygvis.io"
+ target = "${linode_domain_record.net-conflatorio.name}.trygvis.io"
}
resource "linode_domain_record" "vpn-influxdb" {
diff --git a/terraform/dns/vpn.tf b/terraform/dns/vpn.tf
index d73d01e..58efa5c 100644
--- a/terraform/dns/vpn.tf
+++ b/terraform/dns/vpn.tf
@@ -5,11 +5,11 @@ resource "linode_domain_record" "vpn-knot" {
record_type = "AAAA"
target = "fdf3:aad9:a885:0b3a::1"
}
-resource "linode_domain_record" "vpn-birgitte" {
+resource "linode_domain_record" "vpn-conflatorio" {
domain_id = linode_domain.root.id
- name = "birgitte.vpn"
+ name = "conflatorio.vpn"
record_type = "AAAA"
- target = "fdf3:aad9:a885:0b3a::2"
+ target = "fdf3:aad9:a885:0b3a::3"
}
resource "linode_domain_record" "vpn-arius" {
domain_id = linode_domain.root.id
@@ -23,36 +23,18 @@ resource "linode_domain_record" "vpn-akili" {
record_type = "AAAA"
target = "fdf3:aad9:a885:0b3a::7"
}
-resource "linode_domain_record" "vpn-malabaricus" {
- domain_id = linode_domain.root.id
- name = "malabaricus.vpn"
- record_type = "AAAA"
- target = "fdf3:aad9:a885:0b3a::8"
-}
resource "linode_domain_record" "vpn-sweetzpot-mobile" {
domain_id = linode_domain.root.id
name = "sweetzpot-mobile.vpn"
record_type = "AAAA"
target = "fdf3:aad9:a885:0b3a::9"
}
-resource "linode_domain_record" "vpn-astyanax" {
- domain_id = linode_domain.root.id
- name = "astyanax.vpn"
- record_type = "AAAA"
- target = "fdf3:aad9:a885:0b3a::10"
-}
resource "linode_domain_record" "vpn-sweetzpot-macos" {
domain_id = linode_domain.root.id
name = "sweetzpot-macos.vpn"
record_type = "AAAA"
target = "fdf3:aad9:a885:0b3a::11"
}
-resource "linode_domain_record" "vpn-android-trygvis" {
- domain_id = linode_domain.root.id
- name = "android-trygvis.vpn"
- record_type = "AAAA"
- target = "fdf3:aad9:a885:0b3a::12"
-}
resource "linode_domain_record" "vpn-hash" {
domain_id = linode_domain.root.id
name = "hash.vpn"
@@ -71,9 +53,21 @@ resource "linode_domain_record" "vpn-lhn2ix" {
record_type = "AAAA"
target = "fdf3:aad9:a885:0b3a::15"
}
+resource "linode_domain_record" "vpn-kv24ix" {
+ domain_id = linode_domain.root.id
+ name = "kv24ix.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::16"
+}
resource "linode_domain_record" "vpn-biwia" {
domain_id = linode_domain.root.id
name = "biwia.vpn"
record_type = "AAAA"
target = "fdf3:aad9:a885:0b3a::17"
}
+resource "linode_domain_record" "vpn-coregonus" {
+ domain_id = linode_domain.root.id
+ name = "coregonus.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::18"
+}
generated by cgit v1.2.3 (git 2.46.0) at 2024-11-09 16:59:54 +0000