diff --git a/modules/dns/linode.tf b/modules/dns/linode.tf new file mode 100644 index 0000000..f6c9065 --- /dev/null +++ b/modules/dns/linode.tf @@ -0,0 +1,129 @@ +# todo: +# I am also creating the subdomain `wg.monotremata.xyz` manually +# I decided to manage that subdomain outside of terraform because it has a +# dynamic IP that I update with a cron job + +resource "linode_domain" "monotremata_xyz" { + type = "master" + domain = var.domain + soa_email = format("admin@%s", var.domain) +} + +resource "linode_domain_record" "caladan_a" { + domain_id = linode_domain.monotremata_xyz.id + name = each.key + record_type = "A" + target = var.caladan.ipv4 + for_each = var.caladan.domains +} + +resource "linode_domain_record" "caladan_aaaa" { + domain_id = linode_domain.monotremata_xyz.id + name = each.key + record_type = "AAAA" + target = var.caladan.ipv6 + for_each = var.caladan.domains +} + +resource "linode_domain_record" "mx" { + domain_id = linode_domain.monotremata_xyz.id + name = each.value.name + target = each.value.target + record_type = each.key + priority = each.value.priority + for_each = { + A = { + name = "mail" + target = var.fugu.ipv4 + priority = null + } + AAAA = { + name = "mail" + target = var.fugu.ipv6 + priority = null + } + MX = { + name = var.domain, + target = format("mail.%s", var.domain) + priority = 0 + } + } +} + +resource "linode_domain_record" "mx2" { + domain_id = linode_domain.monotremata_xyz.id + name = each.value.name + target = each.value.target + record_type = each.key + priority = each.value.priority + for_each = { + A = { + name = "mx2" + target = var.caladan.ipv4 + priority = null + } + AAAA = { + name = "mx2" + target = var.caladan.ipv6 + priority = null + } + MX = { + name = var.domain + target = format("mx2.%s", var.domain) + priority = 5 + } + } +} + +resource "linode_domain_record" "mail_txt" { + domain_id = linode_domain.monotremata_xyz.id + record_type = "TXT" + name = each.value.name + target = each.value.target + for_each = { + spf = { + name = var.domain + target = "v=spf1 mx -all" + } + dmarc = { + name = "_dmarc" + target = format("v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@%s;;", var.domain) + } + dkim = { + name = "20201210._domainkey" + target = format("v=DKIM1;k=rsa;p=%s;", var.dkim_pub_key) + } + } +} + +resource "linode_domain_record" "matrix_srv" { + domain_id = linode_domain.monotremata_xyz.id + record_type = "SRV" + service = "matrix" + protocol = "tcp" + priority = 0 + weight = 10 + port = 443 + target = format("matrix.%s", var.domain) + ttl_sec = 1800 // 30 min +} + +resource "linode_domain_record" "xmpp_srv" { + domain_id = linode_domain.monotremata_xyz.id + record_type = "SRV" + service = each.key + protocol = "tcp" + port = each.value.port + priority = 5 + weight = 0 + target = format("xmpp.%s", var.domain) + ttl_sec = 1800 // 30 min + for_each = { + xmpp-client = { + port = 5222 + } + xmpp-server = { + port = 5269 + } + } +} diff --git a/modules/dns/main.tf b/modules/dns/main.tf index 59691f4..ae01065 100644 --- a/modules/dns/main.tf +++ b/modules/dns/main.tf @@ -1,161 +1,12 @@ -# todo: -# I am also creating the subdomain `wg.monotremata.xyz` manually -# I decided to manage that subdomain outside of terraform because it has a -# dynamic IP that I update with a cron job - terraform { required_providers { - namecheap = { - source = "namecheap/namecheap" - version = ">= 2.0.0" - } linode = { source = "linode/linode" version = ">= 1.29.0" } - } -} - -provider "namecheap" { - user_name = "gthar" - api_user = "gthar" - client_ip = "139.162.137.29" // caladan's public IP - use_sandbox = false -} - -resource "namecheap_domain_records" "namecheap-monotremata-xyz" { - domain = "monotremata.xyz" - mode = "OVERWRITE" - nameservers = [ - "ns1.linode.com", - "ns2.linode.com", - "ns3.linode.com", - "ns4.linode.com", - "ns5.linode.com" - ] -} - -resource "linode_domain" "monotremata_xyz" { - type = "master" - domain = var.domain - soa_email = format("admin@%s", var.domain) -} - -resource "linode_domain_record" "caladan_a" { - domain_id = linode_domain.monotremata_xyz.id - name = each.key - record_type = "A" - target = var.caladan.ipv4 - for_each = var.caladan.domains -} - -resource "linode_domain_record" "caladan_aaaa" { - domain_id = linode_domain.monotremata_xyz.id - name = each.key - record_type = "AAAA" - target = var.caladan.ipv6 - for_each = var.caladan.domains -} - -resource "linode_domain_record" "mx" { - domain_id = linode_domain.monotremata_xyz.id - name = each.value.name - target = each.value.target - record_type = each.key - priority = each.value.priority - for_each = { - A = { - name = "mail" - target = var.fugu.ipv4 - priority = null - } - AAAA = { - name = "mail" - target = var.fugu.ipv6 - priority = null - } - MX = { - name = var.domain, - target = format("mail.%s", var.domain) - priority = 0 - } - } -} - -resource "linode_domain_record" "mx2" { - domain_id = linode_domain.monotremata_xyz.id - name = each.value.name - target = each.value.target - record_type = each.key - priority = each.value.priority - for_each = { - A = { - name = "mx2" - target = var.caladan.ipv4 - priority = null - } - AAAA = { - name = "mx2" - target = var.caladan.ipv6 - priority = null - } - MX = { - name = var.domain - target = format("mx2.%s", var.domain) - priority = 5 - } - } -} - -resource "linode_domain_record" "mail_txt" { - domain_id = linode_domain.monotremata_xyz.id - record_type = "TXT" - name = each.value.name - target = each.value.target - for_each = { - spf = { - name = var.domain - target = "v=spf1 mx -all" - } - dmarc = { - name = "_dmarc" - target = format("v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@%s;;", var.domain) - } - dkim = { - name = "20201210._domainkey" - target = format("v=DKIM1;k=rsa;p=%s;", var.dkim_pub_key) - } - } -} - -resource "linode_domain_record" "matrix_srv" { - domain_id = linode_domain.monotremata_xyz.id - record_type = "SRV" - service = "matrix" - protocol = "tcp" - priority = 0 - weight = 10 - port = 443 - target = format("matrix.%s", var.domain) - ttl_sec = 1800 // 30 min -} - -resource "linode_domain_record" "xmpp_srv" { - domain_id = linode_domain.monotremata_xyz.id - record_type = "SRV" - service = each.key - protocol = "tcp" - port = each.value.port - priority = 5 - weight = 0 - target = format("xmpp.%s", var.domain) - ttl_sec = 1800 // 30 min - for_each = { - xmpp-client = { - port = 5222 - } - xmpp-server = { - port = 5269 + namecheap = { + source = "namecheap/namecheap" + version = ">= 2.0.0" } } } diff --git a/modules/dns/namecheap.tf b/modules/dns/namecheap.tf new file mode 100644 index 0000000..61548aa --- /dev/null +++ b/modules/dns/namecheap.tf @@ -0,0 +1,18 @@ +provider "namecheap" { + user_name = "gthar" + api_user = "gthar" + client_ip = "139.162.137.29" // caladan's public IP + use_sandbox = false +} + +resource "namecheap_domain_records" "namecheap-monotremata-xyz" { + domain = "monotremata.xyz" + mode = "OVERWRITE" + nameservers = [ + "ns1.linode.com", + "ns2.linode.com", + "ns3.linode.com", + "ns4.linode.com", + "ns5.linode.com" + ] +}