terraform/tf/monotremata-xyz.tf

# todo:
# I am also creating the subdomain `wg.monotremata.xyz` manually
# I decided to manage that subdomain outside of terraform because it has a
# dynamic IP that I update with a cron job

locals {
  domain = "monotremata.xyz"

  // Alpine VPS hosted on Linode
  caladan = {
    ipv4 = "139.162.137.29"
    ipv6 = "2a01:7e01::f03c:92ff:fea2:5d7c"
    // These are subdomains for services hosted on the host named `caladan`.
    // Both A and AAAA records should be made for them pointing to caladan's ipv4
    // and ipv6 respectively
    domains = toset([
      local.domain,
      "git",
      "gts",
      "kb",
      "keyoxide",
      "matrix",
      "mx2",
      "pleroma",
      "pg.caladan",
      "xmpp",
      "proxy.xmpp",
      "upload.xmpp",
      "groups.xmpp",
    ])
  }

  // OpenBSD VPS hosted on Vultr
  fugu = {
    ipv4 = "217.69.5.52"
    ipv6 = "2001:19f0:6801:1d34:5400:03ff:fe18:7588"
  }

  dkim_pub_key = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3dRTQXNdRNKjM/hnTIQ9d6h4qr7hDkoo3D8ySrV4tEcOC9cCD5fWiUzc560GuWPW5nm/VCDt6gHTGbkwsU/ULO+mjKJtvhZtEJnO4WqVG9Hr2whypODkGM9FSwh0yaWV96OJd51upsNRD/S5fKDMRcl09aBYe2rsn/877re/M0wIDAQAB"

}

resource "namecheap_domain_records" "namecheap-monotremata-xyz" {
  domain = "monotremata.xyz"
  mode   = "OVERWRITE"
  nameservers = [
    "ns1.linode.com",
    "ns2.linode.com",
    "ns3.linode.com",
    "ns4.linode.com",
    "ns5.linode.com"
  ]
}

resource "linode_domain" "monotremata_xyz" {
  type      = "master"
  domain    = local.domain
  soa_email = format("admin@%s", local.domain)
}

resource "linode_domain_record" "caladan_a" {
  domain_id   = linode_domain.monotremata_xyz.id
  name        = each.key
  record_type = "A"
  target      = local.caladan.ipv4
  for_each    = local.caladan.domains
}

resource "linode_domain_record" "caladan_aaaa" {
  domain_id   = linode_domain.monotremata_xyz.id
  name        = each.key
  record_type = "AAAA"
  target      = local.caladan.ipv6
  for_each    = local.caladan.domains
}

resource "linode_domain_record" "mx" {
  domain_id   = linode_domain.monotremata_xyz.id
  name        = each.value.name
  target      = each.value.target
  record_type = each.key
  priority    = each.value.priority
  for_each = {
    A = {
      name     = "mail"
      target   = local.fugu.ipv4
      priority = null
    }
    AAAA = {
      name     = "mail"
      target   = local.fugu.ipv6
      priority = null
    }
    MX = {
      name     = local.domain,
      target   = format("mail.%s", local.domain)
      priority = 0
    }
  }
}

resource "linode_domain_record" "mx2" {
  domain_id   = linode_domain.monotremata_xyz.id
  name        = each.value.name
  target      = each.value.target
  record_type = each.key
  priority    = each.value.priority
  for_each = {
    A = {
      name     = "mx2"
      target   = local.caladan.ipv4
      priority = null
    }
    AAAA = {
      name     = "mx2"
      target   = local.caladan.ipv6
      priority = null
    }
    MX = {
      name     = local.domain
      target   = format("mx2.%s", local.domain)
      priority = 5
    }
  }
}

resource "linode_domain_record" "mail_txt" {
  domain_id   = linode_domain.monotremata_xyz.id
  record_type = "TXT"
  name        = each.value.name
  target      = each.value.target
  for_each = {
    spf = {
      name   = local.domain
      target = "v=spf1 mx -all"
    }
    dmarc = {
      name   = "_dmarc"
      target = format("v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@%s;;", local.domain)
    }
    dkim = {
      name   = "20201210._domainkey"
      target = format("v=DKIM1;k=rsa;p=%s;", local.dkim_pub_key)
    }
  }
}

resource "linode_domain_record" "matrix_srv" {
  domain_id   = linode_domain.monotremata_xyz.id
  record_type = "SRV"
  service     = "matrix"
  protocol    = "tcp"
  priority    = 0
  weight      = 10
  port        = 443
  target      = format("matrix.%s", local.domain)
  ttl_sec     = 1800 // 30 min
}

resource "linode_domain_record" "xmpp_srv" {
  domain_id   = linode_domain.monotremata_xyz.id
  record_type = "SRV"
  service     = each.key
  protocol    = "tcp"
  port        = each.value.port
  priority    = 5
  weight      = 0
  target      = format("xmpp.%s", local.domain)
  ttl_sec     = 1800 // 30 min
  for_each = {
    xmpp-client = {
      port = 5222
    }
    xmpp-server = {
      port = 5269
    }
  }
}
migrated to linode dns 2022-09-14 15:52:46 +02:00			`# todo:`
			# I am also creating the subdomain `wg.monotremata.xyz` manually
			`# I decided to manage that subdomain outside of terraform because it has a`
			`# dynamic IP that I update with a cron job`

			`locals {`
			`domain = "monotremata.xyz"`

			`// Alpine VPS hosted on Linode`
			`caladan = {`
			`ipv4 = "139.162.137.29"`
			`ipv6 = "2a01:7e01::f03c:92ff:fea2:5d7c"`
			// These are subdomains for services hosted on the host named `caladan`.
			`// Both A and AAAA records should be made for them pointing to caladan's ipv4`
			`// and ipv6 respectively`
			`domains = toset([`
			`local.domain,`
			`"git",`
			`"gts",`
			`"kb",`
			`"keyoxide",`
			`"matrix",`
			`"mx2",`
			`"pleroma",`
			`"pg.caladan",`
			`"xmpp",`
			`"proxy.xmpp",`
			`"upload.xmpp",`
			`"groups.xmpp",`
			`])`
			`}`

			`// OpenBSD VPS hosted on Vultr`
			`fugu = {`
			`ipv4 = "217.69.5.52"`
			`ipv6 = "2001:19f0:6801:1d34:5400:03ff:fe18:7588"`
			`}`

			`dkim_pub_key = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3dRTQXNdRNKjM/hnTIQ9d6h4qr7hDkoo3D8ySrV4tEcOC9cCD5fWiUzc560GuWPW5nm/VCDt6gHTGbkwsU/ULO+mjKJtvhZtEJnO4WqVG9Hr2whypODkGM9FSwh0yaWV96OJd51upsNRD/S5fKDMRcl09aBYe2rsn/877re/M0wIDAQAB"`

added mail-related domains 2022-08-23 18:14:36 +02:00			`}`

migrated to linode dns 2022-09-14 15:52:46 +02:00			`resource "namecheap_domain_records" "namecheap-monotremata-xyz" {`
			`domain = "monotremata.xyz"`
			`mode = "OVERWRITE"`
			`nameservers = [`
			`"ns1.linode.com",`
			`"ns2.linode.com",`
			`"ns3.linode.com",`
			`"ns4.linode.com",`
			`"ns5.linode.com"`
add the rest of caladan domains 2022-08-23 17:40:16 +02:00			`]`
namecheap: make records a dynamic block 2022-08-23 17:07:05 +02:00			`}`

migrated to linode dns 2022-09-14 15:52:46 +02:00			`resource "linode_domain" "monotremata_xyz" {`
			`type = "master"`
			`domain = local.domain`
			`soa_email = format("admin@%s", local.domain)`
namecheap: handle narwhal subdomains 2022-08-23 17:24:21 +02:00			`}`

migrated to linode dns 2022-09-14 15:52:46 +02:00			`resource "linode_domain_record" "caladan_a" {`
			`domain_id = linode_domain.monotremata_xyz.id`
			`name = each.key`
			`record_type = "A"`
			`target = local.caladan.ipv4`
			`for_each = local.caladan.domains`
add sloth domains 2022-08-23 17:50:21 +02:00			`}`

migrated to linode dns 2022-09-14 15:52:46 +02:00			`resource "linode_domain_record" "caladan_aaaa" {`
			`domain_id = linode_domain.monotremata_xyz.id`
			`name = each.key`
			`record_type = "AAAA"`
			`target = local.caladan.ipv6`
			`for_each = local.caladan.domains`
			`}`
namecheap: add ipv6 records 2022-08-23 17:16:47 +02:00
migrated to linode dns 2022-09-14 15:52:46 +02:00			`resource "linode_domain_record" "mx" {`
			`domain_id = linode_domain.monotremata_xyz.id`
			`name = each.value.name`
			`target = each.value.target`
			`record_type = each.key`
			`priority = each.value.priority`
			`for_each = {`
			`A = {`
			`name = "mail"`
			`target = local.fugu.ipv4`
			`priority = null`
			`}`
			`AAAA = {`
			`name = "mail"`
			`target = local.fugu.ipv6`
			`priority = null`
			`}`
			`MX = {`
			`name = local.domain,`
			`target = format("mail.%s", local.domain)`
			`priority = 0`
namecheap: add ipv6 records 2022-08-23 17:16:47 +02:00			`}`
			`}`
migrated to linode dns 2022-09-14 15:52:46 +02:00			`}`
namecheap: add ipv6 records 2022-08-23 17:16:47 +02:00
migrated to linode dns 2022-09-14 15:52:46 +02:00			`resource "linode_domain_record" "mx2" {`
			`domain_id = linode_domain.monotremata_xyz.id`
			`name = each.value.name`
			`target = each.value.target`
			`record_type = each.key`
			`priority = each.value.priority`
			`for_each = {`
			`A = {`
			`name = "mx2"`
			`target = local.caladan.ipv4`
			`priority = null`
			`}`
			`AAAA = {`
			`name = "mx2"`
			`target = local.caladan.ipv6`
			`priority = null`
			`}`
			`MX = {`
			`name = local.domain`
			`target = format("mx2.%s", local.domain)`
			`priority = 5`
			`}`
added mail-related domains 2022-08-23 18:14:36 +02:00			`}`
migrated to linode dns 2022-09-14 15:52:46 +02:00			`}`
added mail-related domains 2022-08-23 18:14:36 +02:00
migrated to linode dns 2022-09-14 15:52:46 +02:00			`resource "linode_domain_record" "mail_txt" {`
			`domain_id = linode_domain.monotremata_xyz.id`
			`record_type = "TXT"`
			`name = each.value.name`
			`target = each.value.target`
			`for_each = {`
			`spf = {`
			`name = local.domain`
			`target = "v=spf1 mx -all"`
			`}`
			`dmarc = {`
			`name = "_dmarc"`
			`target = format("v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@%s;;", local.domain)`
			`}`
			`dkim = {`
			`name = "20201210._domainkey"`
			`target = format("v=DKIM1;k=rsa;p=%s;", local.dkim_pub_key)`
			`}`
added mail-related domains 2022-08-23 18:14:36 +02:00			`}`
migrated to linode dns 2022-09-14 15:52:46 +02:00			`}`
added mail-related domains 2022-08-23 18:14:36 +02:00
migrated to linode dns 2022-09-14 15:52:46 +02:00			`resource "linode_domain_record" "matrix_srv" {`
			`domain_id = linode_domain.monotremata_xyz.id`
			`record_type = "SRV"`
			`service = "matrix"`
			`protocol = "tcp"`
			`priority = 0`
			`weight = 10`
			`port = 443`
			`target = format("matrix.%s", local.domain)`
			`ttl_sec = 1800 // 30 min`
			`}`
added mail-related domains 2022-08-23 18:14:36 +02:00
migrated to linode dns 2022-09-14 15:52:46 +02:00			`resource "linode_domain_record" "xmpp_srv" {`
			`domain_id = linode_domain.monotremata_xyz.id`
			`record_type = "SRV"`
			`service = each.key`
			`protocol = "tcp"`
			`port = each.value.port`
			`priority = 5`
			`weight = 0`
			`target = format("xmpp.%s", local.domain)`
			`ttl_sec = 1800 // 30 min`
			`for_each = {`
			`xmpp-client = {`
			`port = 5222`
			`}`
			`xmpp-server = {`
			`port = 5269`
			`}`
added mail-related domains 2022-08-23 18:14:36 +02:00			`}`
first namecheap domain added 2022-08-18 18:16:44 +02:00			`}`