From 032a4eece0c72a8111efda04766770de93b34cf8 Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Wed, 28 Oct 2020 00:44:37 +0100 Subject: linode teraform <3. --- terraform/dns/main.tf | 21 ++++++++ terraform/dns/terraform.d | 1 + terraform/dns/trygvis.tf | 119 ++++++++++++++++++++++++++++++++++++++++++++++ terraform/dns/versions.tf | 11 +++++ terraform/dns/vpn.tf | 66 +++++++++++++++++++++++++ 5 files changed, 218 insertions(+) create mode 100644 terraform/dns/main.tf create mode 120000 terraform/dns/terraform.d create mode 100644 terraform/dns/trygvis.tf create mode 100644 terraform/dns/versions.tf create mode 100644 terraform/dns/vpn.tf (limited to 'terraform/dns') diff --git a/terraform/dns/main.tf b/terraform/dns/main.tf new file mode 100644 index 0000000..d80fb70 --- /dev/null +++ b/terraform/dns/main.tf @@ -0,0 +1,21 @@ +terraform { + backend "local" { + path = "../state/dns" + } +} + +provider "linode" { + version = "~> 1.13" + + token = data.ansiblevault_path.linode_token.value +} + +provider "ansiblevault" { + version = "~> 2.2" + root_folder = "../../ansible" +} + +data "ansiblevault_path" "linode_token" { + path = "group_vars/all/linode-dns.yml" + key = "linode_token_v4" +} diff --git a/terraform/dns/terraform.d b/terraform/dns/terraform.d new file mode 120000 index 0000000..11a3f4b --- /dev/null +++ b/terraform/dns/terraform.d @@ -0,0 +1 @@ +../terraform.d \ No newline at end of file diff --git a/terraform/dns/trygvis.tf b/terraform/dns/trygvis.tf new file mode 100644 index 0000000..659d56a --- /dev/null +++ b/terraform/dns/trygvis.tf @@ -0,0 +1,119 @@ +resource "linode_domain" "root" { + type = "master" + domain = "trygvis.io" + + refresh_sec = 300 + retry_sec = 300 + soa_email = "root@trygvis.io" + status = "active" + tags = [] + ttl_sec = 300 +} + +resource "linode_domain_record" "root-a" { + domain_id = linode_domain.root.id + name = "" + record_type = "A" + target = "176.58.112.84" +} + +resource "linode_domain_record" "root-txt-google" { + domain_id = linode_domain.root.id + name = "" + record_type = "TXT" + target = "google-site-verification=fuNmCULxODJMSSlfa8w0SF-DLt2oTWCAGBvSNsUEB8k" + ttl_sec = 300 +} + +resource "linode_domain_record" "root-txt-amazon-ses" { + domain_id = linode_domain.root.id + name = "_amazonses" + record_type = "TXT" + target = "c3k5WNcOHhgLn27ed1s7YBq6xB4C/OoWuyKfqyeG31E=" +} + +resource "linode_domain_record" "root-txt-keybase" { + domain_id = linode_domain.root.id + name = "_keybase" + record_type = "TXT" + target = "keybase-site-verification=gcoO7zav4G2IK5KQdrWOgz_PD9wpZhz-0afIb1Kodrk" +} + +resource "linode_domain_record" "root-cname-ses-1" { + domain_id = linode_domain.root.id + name = "k5o5gjadej2kkfncu36i3ef5gt473sxy._domainkey" + record_type = "CNAME" + target = "k5o5gjadej2kkfncu36i3ef5gt473sxy.dkim.amazonses.com" +} + +resource "linode_domain_record" "root-cname-ses-2" { + domain_id = linode_domain.root.id + name = "imtuzw2lnfktlc7uongw433qbwjxxatg._domainkey" + record_type = "CNAME" + target = "imtuzw2lnfktlc7uongw433qbwjxxatg.dkim.amazonses.com" +} + +resource "linode_domain_record" "dlock" { + domain_id = linode_domain.root.id + name = "dlock" + record_type = "A" + target = "35.205.192.14" +} + +resource "linode_domain_record" "hash" { + domain_id = linode_domain.root.id + name = "hash" + record_type = "A" + target = "138.201.33.16" +} + +resource "linode_domain_record" "hash-aaaa" { + domain_id = linode_domain.root.id + name = "hash" + record_type = "AAAA" + target = "2a01:4f8:171:34ad::2" +} + +resource "linode_domain_record" "numquam" { + domain_id = linode_domain.root.id + name = "numquam" + record_type = "A" + target = "163.172.160.56" +} + +# Aliases for trygvis.io +resource "linode_domain_record" "mw" { + domain_id = linode_domain.root.id + name = "mw" + record_type = "CNAME" + target = "trygvis.io" +} + +# Aliases for vs.trygvis.io +resource "linode_domain_record" "nextcloud" { + domain_id = linode_domain.root.id + name = "nextcloud" + record_type = "CNAME" + target = "vs.trygvis.io" +} + +resource "linode_domain_record" "grafana" { + domain_id = linode_domain.root.id + name = "grafana" + record_type = "CNAME" + target = "vs.trygvis.io" +} + +resource "linode_domain_record" "owncloud" { + domain_id = linode_domain.root.id + name = "owncloud" + record_type = "CNAME" + target = "vs.trygvis.io" +} + +resource "linode_domain_record" "unifi" { + domain_id = linode_domain.root.id + name = "unifi" + record_type = "CNAME" + target = "vs.trygvis.io" +} diff --git a/terraform/dns/versions.tf b/terraform/dns/versions.tf new file mode 100644 index 0000000..f98850f --- /dev/null +++ b/terraform/dns/versions.tf @@ -0,0 +1,11 @@ +terraform { + required_providers { + linode = { + source = "linode/linode" + } + ansiblevault = { + source = "MeilleursAgents/ansiblevault" + } + } + required_version = ">= 0.13" +} diff --git a/terraform/dns/vpn.tf b/terraform/dns/vpn.tf new file mode 100644 index 0000000..1fb8cdd --- /dev/null +++ b/terraform/dns/vpn.tf @@ -0,0 +1,66 @@ +resource "linode_domain_record" "vpn-knot" { # 7590078 + domain_id = linode_domain.root.id + name = "knot.vpn" + record_type = "AAAA" + target = "fdf3:aad9:a885:0b3a::1" +} +resource "linode_domain_record" "vpn-birgitte" { # 7212930 + domain_id = linode_domain.root.id + name = "birgitte.vpn" + record_type = "AAAA" + target = "fdf3:aad9:a885:0b3a::2" +} +resource "linode_domain_record" "vpn-conflatorio" { # 7212931 + domain_id = linode_domain.root.id + name = "conflatorio.vpn" + record_type = "AAAA" + target = "fdf3:aad9:a885:0b3a::3" +} +resource "linode_domain_record" "vpn-arius" { # 11907869 + domain_id = linode_domain.root.id + name = "arius.vpn" + record_type = "AAAA" + target = "fdf3:aad9:a885:0b3a::6" +} +resource "linode_domain_record" "vpn-akili" { # 7212932 + domain_id = linode_domain.root.id + name = "akili.vpn" + record_type = "AAAA" + target = "fdf3:aad9:a885:0b3a::7" +} +resource "linode_domain_record" "vpn-malabaricus" { # 11506469 + domain_id = linode_domain.root.id + name = "malabaricus.vpn" + record_type = "AAAA" + target = "fdf3:aad9:a885:0b3a::8" +} +resource "linode_domain_record" "vpn-sweetzpot-mobile" { # 15103674 + domain_id = linode_domain.root.id + name = "sweetzpot-mobile.vpn" + record_type = "AAAA" + target = "fdf3:aad9:a885:0b3a::9" +} +resource "linode_domain_record" "vpn-astyanax" { # 15103679 + domain_id = linode_domain.root.id + name = "astyanax.vpn" + record_type = "AAAA" + target = "fdf3:aad9:a885:0b3a::10" +} +resource "linode_domain_record" "vpn-sweetzpot-macos" { + domain_id = linode_domain.root.id + name = "sweetzpot-macos.vpn" + record_type = "AAAA" + target = "fdf3:aad9:a885:0b3a::11" +} +resource "linode_domain_record" "vpn-android-trygvis" { + domain_id = linode_domain.root.id + name = "android-trygvis.vpn" + record_type = "AAAA" + target = "fdf3:aad9:a885:0b3a::12" +} +resource "linode_domain_record" "vpn-hash" { # 16341443 + domain_id = linode_domain.root.id + name = "hash.vpn" + record_type = "AAAA" + target = "fdf3:aad9:a885:0b3a::13" +} -- cgit v1.2.3