migrated to linode dns
parent
443e5b2f77
commit
ca049cfd79
|
@ -1,66 +1,20 @@
|
||||||
// Important:
|
# todo:
|
||||||
// Due to API restrictions, SRV and Dynamic DNS Records can't be created with
|
# I am also creating the subdomain `wg.monotremata.xyz` manually
|
||||||
// terraform, so I need to use `MERGE` mode and set those manually on the
|
# I decided to manage that subdomain outside of terraform because it has a
|
||||||
// namecheap web UI
|
# dynamic IP that I update with a cron job
|
||||||
// https://registry.terraform.io/providers/namecheap/namecheap/latest/docs
|
|
||||||
//
|
|
||||||
// - SRV Record:
|
|
||||||
// service: _matrix
|
|
||||||
// protocol: _tcp
|
|
||||||
// priority: 0
|
|
||||||
// weight: 10
|
|
||||||
// port: 443
|
|
||||||
// target: matrix.monotremata.xyz
|
|
||||||
// TTL: 30 min
|
|
||||||
//
|
|
||||||
// - SRV Record:
|
|
||||||
// service: _xmpp-client
|
|
||||||
// protocol: _tcp
|
|
||||||
// priority: 5
|
|
||||||
// weight: 0
|
|
||||||
// port: 5222
|
|
||||||
// target: xmpp.monotremata.xyz
|
|
||||||
// TTL: 30 min
|
|
||||||
//
|
|
||||||
// - SRV Record:
|
|
||||||
// service: _xmpp-server
|
|
||||||
// protocol: _tcp
|
|
||||||
// priority: 5
|
|
||||||
// weight: 0
|
|
||||||
// port: 5269
|
|
||||||
// target: xmpp.monotremata.xyz
|
|
||||||
// TTL: 30 min
|
|
||||||
//
|
|
||||||
// - A + Dynamic DNS Record:
|
|
||||||
// host: wg
|
|
||||||
//
|
|
||||||
// I also enable DNSSEC from the web UI, because I can't do that with
|
|
||||||
// terraform...
|
|
||||||
|
|
||||||
|
locals {
|
||||||
|
domain = "monotremata.xyz"
|
||||||
|
|
||||||
|
|
||||||
variable "hosts" {
|
|
||||||
default = {
|
|
||||||
// Alpine VPS hosted on Linode
|
// Alpine VPS hosted on Linode
|
||||||
caladan = {
|
caladan = {
|
||||||
v4 = "139.162.137.29"
|
ipv4 = "139.162.137.29"
|
||||||
v6 = "2a01:7e01::f03c:92ff:fea2:5d7c"
|
ipv6 = "2a01:7e01::f03c:92ff:fea2:5d7c"
|
||||||
}
|
// These are subdomains for services hosted on the host named `caladan`.
|
||||||
// OpenBSD VPS hosted on Vultr
|
// Both A and AAAA records should be made for them pointing to caladan's ipv4
|
||||||
fugu = {
|
// and ipv6 respectively
|
||||||
v4 = "217.69.5.52"
|
domains = toset([
|
||||||
v6 = "2001:19f0:6801:1d34:5400:03ff:fe18:7588"
|
local.domain,
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// These are subdomains for services hosted on the host named `caladan`.
|
|
||||||
// Both A and AAAA records should be made for them pointing to caladan's ipv4
|
|
||||||
// and ipv6 respectively
|
|
||||||
variable "caladan-subdomains" {
|
|
||||||
type = set(string)
|
|
||||||
default = [
|
|
||||||
"@",
|
|
||||||
"git",
|
"git",
|
||||||
"gts",
|
"gts",
|
||||||
"kb",
|
"kb",
|
||||||
|
@ -73,17 +27,23 @@ variable "caladan-subdomains" {
|
||||||
"proxy.xmpp",
|
"proxy.xmpp",
|
||||||
"upload.xmpp",
|
"upload.xmpp",
|
||||||
"groups.xmpp",
|
"groups.xmpp",
|
||||||
]
|
])
|
||||||
}
|
}
|
||||||
|
|
||||||
// These are subdomains for services hosted on the host named `narwhal`.
|
// OpenBSD VPS hosted on Vultr
|
||||||
// They are only accessible from my internal network and my internal DNS server
|
fugu = {
|
||||||
// takes care of that.
|
ipv4 = "217.69.5.52"
|
||||||
// But I set the public A record to caladan's ipv4 just for renewing their
|
ipv6 = "2001:19f0:6801:1d34:5400:03ff:fe18:7588"
|
||||||
// letsencrypt certificates. No need to set the AAAA record.
|
}
|
||||||
variable "narwhal-subdomains" {
|
|
||||||
type = set(string)
|
// ODROID-HC4 serving as a NAS
|
||||||
default = [
|
narwhal = {
|
||||||
|
// These are subdomains for services hosted on the host named `narwhal`.
|
||||||
|
// They are only accessible from my internal network and my internal DNS server
|
||||||
|
// takes care of that.
|
||||||
|
// But I set the public A record to caladan's ipv4 just for renewing their
|
||||||
|
// letsencrypt certificates. No need to set the AAAA record.
|
||||||
|
domains = toset([
|
||||||
"authelia",
|
"authelia",
|
||||||
"calibre",
|
"calibre",
|
||||||
"dav",
|
"dav",
|
||||||
|
@ -111,106 +71,176 @@ variable "narwhal-subdomains" {
|
||||||
"transmission",
|
"transmission",
|
||||||
"wallabag",
|
"wallabag",
|
||||||
"woodpecker",
|
"woodpecker",
|
||||||
]
|
])
|
||||||
}
|
}
|
||||||
|
|
||||||
// These are subdomains for services hosted on the host named `sloth`.
|
// Raspberry Pi 4 serving as a media center
|
||||||
// They are only accessible from my internal network and my internal DNS server
|
sloth = {
|
||||||
// takes care of that.
|
// These are subdomains for services hosted on the host named `sloth`.
|
||||||
// But I set the public A record to caladan's ipv4 just for renewing their
|
// They are only accessible from my internal network and my internal DNS server
|
||||||
// letsencrypt certificates. No need to set the AAAA record.
|
// takes care of that.
|
||||||
variable "sloth-subdomains" {
|
// But I set the public A record to caladan's ipv4 just for renewing their
|
||||||
type = set(string)
|
// letsencrypt certificates. No need to set the AAAA record.
|
||||||
default = [
|
domains = toset([
|
||||||
"kodi",
|
"kodi",
|
||||||
"mympd",
|
"mympd",
|
||||||
"snapweb",
|
"snapweb",
|
||||||
|
])
|
||||||
|
}
|
||||||
|
|
||||||
|
dkim_pub_key = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3dRTQXNdRNKjM/hnTIQ9d6h4qr7hDkoo3D8ySrV4tEcOC9cCD5fWiUzc560GuWPW5nm/VCDt6gHTGbkwsU/ULO+mjKJtvhZtEJnO4WqVG9Hr2whypODkGM9FSwh0yaWV96OJd51upsNRD/S5fKDMRcl09aBYe2rsn/877re/M0wIDAQAB"
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "namecheap_domain_records" "namecheap-monotremata-xyz" {
|
||||||
|
domain = "monotremata.xyz"
|
||||||
|
mode = "OVERWRITE"
|
||||||
|
nameservers = [
|
||||||
|
"ns1.linode.com",
|
||||||
|
"ns2.linode.com",
|
||||||
|
"ns3.linode.com",
|
||||||
|
"ns4.linode.com",
|
||||||
|
"ns5.linode.com"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "namecheap_domain_records" "monotremata-xyz" {
|
resource "linode_domain" "monotremata_xyz" {
|
||||||
domain = "monotremata.xyz"
|
type = "master"
|
||||||
mode = "MERGE"
|
domain = local.domain
|
||||||
email_type = "MX"
|
soa_email = format("admin@%s", local.domain)
|
||||||
|
}
|
||||||
dynamic "record" {
|
|
||||||
for_each = var.caladan-subdomains
|
resource "linode_domain_record" "caladan_a" {
|
||||||
content {
|
domain_id = linode_domain.monotremata_xyz.id
|
||||||
hostname = record.value
|
name = each.key
|
||||||
type = "A"
|
record_type = "A"
|
||||||
address = var.hosts.caladan.v4
|
target = local.caladan.ipv4
|
||||||
}
|
for_each = local.caladan.domains
|
||||||
}
|
}
|
||||||
|
|
||||||
dynamic "record" {
|
resource "linode_domain_record" "caladan_aaaa" {
|
||||||
for_each = var.narwhal-subdomains
|
domain_id = linode_domain.monotremata_xyz.id
|
||||||
content {
|
name = each.key
|
||||||
hostname = record.value
|
record_type = "AAAA"
|
||||||
type = "A"
|
target = local.caladan.ipv6
|
||||||
address = var.hosts.caladan.v4
|
for_each = local.caladan.domains
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
resource "linode_domain_record" "narwhal_a" {
|
||||||
dynamic "record" {
|
domain_id = linode_domain.monotremata_xyz.id
|
||||||
for_each = var.sloth-subdomains
|
name = each.key
|
||||||
content {
|
record_type = "A"
|
||||||
hostname = record.value
|
target = local.caladan.ipv4
|
||||||
type = "A"
|
for_each = local.narwhal.domains
|
||||||
address = var.hosts.caladan.v4
|
}
|
||||||
}
|
|
||||||
}
|
resource "linode_domain_record" "sloth_a" {
|
||||||
|
domain_id = linode_domain.monotremata_xyz.id
|
||||||
dynamic "record" {
|
name = each.key
|
||||||
for_each = var.caladan-subdomains
|
record_type = "A"
|
||||||
content {
|
target = local.caladan.ipv4
|
||||||
hostname = record.value
|
for_each = local.sloth.domains
|
||||||
type = "AAAA"
|
}
|
||||||
address = var.hosts.caladan.v6
|
|
||||||
}
|
resource "linode_domain_record" "mx" {
|
||||||
}
|
domain_id = linode_domain.monotremata_xyz.id
|
||||||
|
name = each.value.name
|
||||||
record {
|
target = each.value.target
|
||||||
hostname = "mail"
|
record_type = each.key
|
||||||
type = "A"
|
priority = each.value.priority
|
||||||
address = var.hosts.fugu.v4
|
for_each = {
|
||||||
}
|
A = {
|
||||||
|
name = "mail"
|
||||||
record {
|
target = local.fugu.ipv4
|
||||||
hostname = "mail"
|
priority = null
|
||||||
type = "AAAA"
|
}
|
||||||
address = var.hosts.fugu.v6
|
AAAA = {
|
||||||
}
|
name = "mail"
|
||||||
|
target = local.fugu.ipv6
|
||||||
record {
|
priority = null
|
||||||
hostname = "@"
|
}
|
||||||
type = "MX"
|
MX = {
|
||||||
address = "mail.monotremata.xyz"
|
name = local.domain,
|
||||||
mx_pref = 0
|
target = format("mail.%s", local.domain)
|
||||||
}
|
priority = 0
|
||||||
|
}
|
||||||
record {
|
}
|
||||||
hostname = "@"
|
}
|
||||||
type = "MX"
|
|
||||||
address = "mx2.monotremata.xyz"
|
resource "linode_domain_record" "mx2" {
|
||||||
mx_pref = 5
|
domain_id = linode_domain.monotremata_xyz.id
|
||||||
}
|
name = each.value.name
|
||||||
|
target = each.value.target
|
||||||
record {
|
record_type = each.key
|
||||||
hostname = "@"
|
priority = each.value.priority
|
||||||
type = "TXT"
|
for_each = {
|
||||||
address = "v=spf1 mx -all"
|
A = {
|
||||||
}
|
name = "mx2"
|
||||||
|
target = local.caladan.ipv4
|
||||||
record {
|
priority = null
|
||||||
hostname = "_dmarc"
|
}
|
||||||
type = "TXT"
|
AAAA = {
|
||||||
address = "v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@monotremata.xyz;;"
|
name = "mx2"
|
||||||
}
|
target = local.caladan.ipv6
|
||||||
|
priority = null
|
||||||
record {
|
}
|
||||||
hostname = "20201210._domainkey"
|
MX = {
|
||||||
type = "TXT"
|
name = local.domain
|
||||||
address = "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3dRTQXNdRNKjM/hnTIQ9d6h4qr7hDkoo3D8ySrV4tEcOC9cCD5fWiUzc560GuWPW5nm/VCDt6gHTGbkwsU/ULO+mjKJtvhZtEJnO4WqVG9Hr2whypODkGM9FSwh0yaWV96OJd51upsNRD/S5fKDMRcl09aBYe2rsn/877re/M0wIDAQAB;"
|
target = format("mx2.%s", local.domain)
|
||||||
}
|
priority = 5
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "linode_domain_record" "mail_txt" {
|
||||||
|
domain_id = linode_domain.monotremata_xyz.id
|
||||||
|
record_type = "TXT"
|
||||||
|
name = each.value.name
|
||||||
|
target = each.value.target
|
||||||
|
for_each = {
|
||||||
|
spf = {
|
||||||
|
name = local.domain
|
||||||
|
target = "v=spf1 mx -all"
|
||||||
|
}
|
||||||
|
dmarc = {
|
||||||
|
name = "_dmarc"
|
||||||
|
target = format("v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@%s;;", local.domain)
|
||||||
|
}
|
||||||
|
dkim = {
|
||||||
|
name = "20201210._domainkey"
|
||||||
|
target = format("v=DKIM1;k=rsa;p=%s;", local.dkim_pub_key)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "linode_domain_record" "matrix_srv" {
|
||||||
|
domain_id = linode_domain.monotremata_xyz.id
|
||||||
|
record_type = "SRV"
|
||||||
|
service = "matrix"
|
||||||
|
protocol = "tcp"
|
||||||
|
priority = 0
|
||||||
|
weight = 10
|
||||||
|
port = 443
|
||||||
|
target = format("matrix.%s", local.domain)
|
||||||
|
ttl_sec = 1800 // 30 min
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "linode_domain_record" "xmpp_srv" {
|
||||||
|
domain_id = linode_domain.monotremata_xyz.id
|
||||||
|
record_type = "SRV"
|
||||||
|
service = each.key
|
||||||
|
protocol = "tcp"
|
||||||
|
port = each.value.port
|
||||||
|
priority = 5
|
||||||
|
weight = 0
|
||||||
|
target = format("xmpp.%s", local.domain)
|
||||||
|
ttl_sec = 1800 // 30 min
|
||||||
|
for_each = {
|
||||||
|
xmpp-client = {
|
||||||
|
port = 5222
|
||||||
|
}
|
||||||
|
xmpp-server = {
|
||||||
|
port = 5269
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue