aboutsummaryrefslogtreecommitdiff
path: root/terraform/dns
diff options
context:
space:
mode:
Diffstat (limited to 'terraform/dns')
-rw-r--r--terraform/dns/main.tf21
l---------terraform/dns/terraform.d1
-rw-r--r--terraform/dns/trygvis.tf119
-rw-r--r--terraform/dns/versions.tf11
-rw-r--r--terraform/dns/vpn.tf66
5 files changed, 218 insertions, 0 deletions
diff --git a/terraform/dns/main.tf b/terraform/dns/main.tf
new file mode 100644
index 0000000..d80fb70
--- /dev/null
+++ b/terraform/dns/main.tf
@@ -0,0 +1,21 @@
+terraform {
+ backend "local" {
+ path = "../state/dns"
+ }
+}
+
+provider "linode" {
+ version = "~> 1.13"
+
+ token = data.ansiblevault_path.linode_token.value
+}
+
+provider "ansiblevault" {
+ version = "~> 2.2"
+ root_folder = "../../ansible"
+}
+
+data "ansiblevault_path" "linode_token" {
+ path = "group_vars/all/linode-dns.yml"
+ key = "linode_token_v4"
+}
diff --git a/terraform/dns/terraform.d b/terraform/dns/terraform.d
new file mode 120000
index 0000000..11a3f4b
--- /dev/null
+++ b/terraform/dns/terraform.d
@@ -0,0 +1 @@
+../terraform.d \ No newline at end of file
diff --git a/terraform/dns/trygvis.tf b/terraform/dns/trygvis.tf
new file mode 100644
index 0000000..659d56a
--- /dev/null
+++ b/terraform/dns/trygvis.tf
@@ -0,0 +1,119 @@
+resource "linode_domain" "root" {
+ type = "master"
+ domain = "trygvis.io"
+
+ refresh_sec = 300
+ retry_sec = 300
+ soa_email = "root@trygvis.io"
+ status = "active"
+ tags = []
+ ttl_sec = 300
+}
+
+resource "linode_domain_record" "root-a" {
+ domain_id = linode_domain.root.id
+ name = ""
+ record_type = "A"
+ target = "176.58.112.84"
+}
+
+resource "linode_domain_record" "root-txt-google" {
+ domain_id = linode_domain.root.id
+ name = ""
+ record_type = "TXT"
+ target = "google-site-verification=fuNmCULxODJMSSlfa8w0SF-DLt2oTWCAGBvSNsUEB8k"
+ ttl_sec = 300
+}
+
+resource "linode_domain_record" "root-txt-amazon-ses" {
+ domain_id = linode_domain.root.id
+ name = "_amazonses"
+ record_type = "TXT"
+ target = "c3k5WNcOHhgLn27ed1s7YBq6xB4C/OoWuyKfqyeG31E="
+}
+
+resource "linode_domain_record" "root-txt-keybase" {
+ domain_id = linode_domain.root.id
+ name = "_keybase"
+ record_type = "TXT"
+ target = "keybase-site-verification=gcoO7zav4G2IK5KQdrWOgz_PD9wpZhz-0afIb1Kodrk"
+}
+
+resource "linode_domain_record" "root-cname-ses-1" {
+ domain_id = linode_domain.root.id
+ name = "k5o5gjadej2kkfncu36i3ef5gt473sxy._domainkey"
+ record_type = "CNAME"
+ target = "k5o5gjadej2kkfncu36i3ef5gt473sxy.dkim.amazonses.com"
+}
+
+resource "linode_domain_record" "root-cname-ses-2" {
+ domain_id = linode_domain.root.id
+ name = "imtuzw2lnfktlc7uongw433qbwjxxatg._domainkey"
+ record_type = "CNAME"
+ target = "imtuzw2lnfktlc7uongw433qbwjxxatg.dkim.amazonses.com"
+}
+
+resource "linode_domain_record" "dlock" {
+ domain_id = linode_domain.root.id
+ name = "dlock"
+ record_type = "A"
+ target = "35.205.192.14"
+}
+
+resource "linode_domain_record" "hash" {
+ domain_id = linode_domain.root.id
+ name = "hash"
+ record_type = "A"
+ target = "138.201.33.16"
+}
+
+resource "linode_domain_record" "hash-aaaa" {
+ domain_id = linode_domain.root.id
+ name = "hash"
+ record_type = "AAAA"
+ target = "2a01:4f8:171:34ad::2"
+}
+
+resource "linode_domain_record" "numquam" {
+ domain_id = linode_domain.root.id
+ name = "numquam"
+ record_type = "A"
+ target = "163.172.160.56"
+}
+
+# Aliases for trygvis.io
+resource "linode_domain_record" "mw" {
+ domain_id = linode_domain.root.id
+ name = "mw"
+ record_type = "CNAME"
+ target = "trygvis.io"
+}
+
+# Aliases for vs.trygvis.io
+resource "linode_domain_record" "nextcloud" {
+ domain_id = linode_domain.root.id
+ name = "nextcloud"
+ record_type = "CNAME"
+ target = "vs.trygvis.io"
+}
+
+resource "linode_domain_record" "grafana" {
+ domain_id = linode_domain.root.id
+ name = "grafana"
+ record_type = "CNAME"
+ target = "vs.trygvis.io"
+}
+
+resource "linode_domain_record" "owncloud" {
+ domain_id = linode_domain.root.id
+ name = "owncloud"
+ record_type = "CNAME"
+ target = "vs.trygvis.io"
+}
+
+resource "linode_domain_record" "unifi" {
+ domain_id = linode_domain.root.id
+ name = "unifi"
+ record_type = "CNAME"
+ target = "vs.trygvis.io"
+}
diff --git a/terraform/dns/versions.tf b/terraform/dns/versions.tf
new file mode 100644
index 0000000..f98850f
--- /dev/null
+++ b/terraform/dns/versions.tf
@@ -0,0 +1,11 @@
+terraform {
+ required_providers {
+ linode = {
+ source = "linode/linode"
+ }
+ ansiblevault = {
+ source = "MeilleursAgents/ansiblevault"
+ }
+ }
+ required_version = ">= 0.13"
+}
diff --git a/terraform/dns/vpn.tf b/terraform/dns/vpn.tf
new file mode 100644
index 0000000..1fb8cdd
--- /dev/null
+++ b/terraform/dns/vpn.tf
@@ -0,0 +1,66 @@
+resource "linode_domain_record" "vpn-knot" { # 7590078
+ domain_id = linode_domain.root.id
+ name = "knot.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::1"
+}
+resource "linode_domain_record" "vpn-birgitte" { # 7212930
+ domain_id = linode_domain.root.id
+ name = "birgitte.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::2"
+}
+resource "linode_domain_record" "vpn-conflatorio" { # 7212931
+ domain_id = linode_domain.root.id
+ name = "conflatorio.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::3"
+}
+resource "linode_domain_record" "vpn-arius" { # 11907869
+ domain_id = linode_domain.root.id
+ name = "arius.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::6"
+}
+resource "linode_domain_record" "vpn-akili" { # 7212932
+ domain_id = linode_domain.root.id
+ name = "akili.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::7"
+}
+resource "linode_domain_record" "vpn-malabaricus" { # 11506469
+ domain_id = linode_domain.root.id
+ name = "malabaricus.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::8"
+}
+resource "linode_domain_record" "vpn-sweetzpot-mobile" { # 15103674
+ domain_id = linode_domain.root.id
+ name = "sweetzpot-mobile.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::9"
+}
+resource "linode_domain_record" "vpn-astyanax" { # 15103679
+ domain_id = linode_domain.root.id
+ name = "astyanax.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::10"
+}
+resource "linode_domain_record" "vpn-sweetzpot-macos" {
+ domain_id = linode_domain.root.id
+ name = "sweetzpot-macos.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::11"
+}
+resource "linode_domain_record" "vpn-android-trygvis" {
+ domain_id = linode_domain.root.id
+ name = "android-trygvis.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::12"
+}
+resource "linode_domain_record" "vpn-hash" { # 16341443
+ domain_id = linode_domain.root.id
+ name = "hash.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::13"
+}