diff --git a/.gitignore b/.gitignore index ce0c1ef..47dc103 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,5 @@ playbooks/testing.yml .venv/ .ansible/ .tox/ +.terraform/ +.terraform.lock.* diff --git a/terra/domain.allaroundhere.tf b/terra/domain.allaroundhere.tf new file mode 100644 index 0000000..9cbe813 --- /dev/null +++ b/terra/domain.allaroundhere.tf @@ -0,0 +1,57 @@ +resource "digitalocean_domain" "allaroundhere" { + name = "allaroundhere.org" +} + + +# ========================================================================== +# Standard hostname configuration +resource "digitalocean_record" "allaroundhere" { + domain = digitalocean_domain.allaroundhere.id + type = "A" + name = "@" + value = "24.2.156.189" + ttl = 3600 +} + +resource "digitalocean_record" "allaroundhere_www" { + domain = digitalocean_domain.allaroundhere.id + type = "CNAME" + name = "www" + value = "@" + ttl = 43200 +} + +resource "digitalocean_record" "allaroundhere_content" { + domain = digitalocean_domain.allaroundhere.id + type = "CNAME" + name = "content" + value = "en1.enp.one." + ttl = 10300 +} + +# ========================================================================== +# Standard DO configuration for all managed domains, includes +# NS records and SOA +resource "digitalocean_record" "allaroundhere_ns1" { + domain = digitalocean_domain.allaroundhere.id + type = "NS" + name = "@" + value = "ns1.digitalocean.com." + ttl = 1800 +} + +resource "digitalocean_record" "allaroundhere_ns2" { + domain = digitalocean_domain.allaroundhere.id + type = "NS" + name = "@" + value = "ns2.digitalocean.com." + ttl = 1800 +} + +resource "digitalocean_record" "allaroundhere_ns3" { + domain = digitalocean_domain.allaroundhere.id + type = "NS" + name = "@" + value = "ns3.digitalocean.com." + ttl = 1800 +} diff --git a/terra/domain.enp.tf b/terra/domain.enp.tf new file mode 100644 index 0000000..5f4a2f1 --- /dev/null +++ b/terra/domain.enp.tf @@ -0,0 +1,192 @@ +resource "digitalocean_domain" "enp" { + name = "enp.one" +} + + +# ========================================================================== +# Standard hostname configuration +resource "digitalocean_record" "enp" { + domain = digitalocean_domain.enp.id + type = "A" + name = "@" + value = "24.2.156.189" + ttl = 3600 +} + +resource "digitalocean_record" "enp_en1" { + domain = digitalocean_domain.enp.id + type = "A" + name = "en1" + value = "24.2.156.189" + ttl = 3600 +} + + +# ========================================================================== +# Service CNAME configuration +resource "digitalocean_record" "enp_vcs" { + domain = digitalocean_domain.enp.id + type = "CNAME" + name = "vcs" + value = "en1.enp.one." + ttl = 10600 +} + +resource "digitalocean_record" "enp_ssv" { + domain = digitalocean_domain.enp.id + type = "CNAME" + name = "ssv" + value = "en1.enp.one." + ttl = 10600 +} + +resource "digitalocean_record" "enp_pms" { + domain = digitalocean_domain.enp.id + type = "CNAME" + name = "pms" + value = "en1.enp.one." + ttl = 10600 +} + +resource "digitalocean_record" "enp_cdn" { + domain = digitalocean_domain.enp.id + type = "CNAME" + name = "cdn" + value = "en2-cdn.nyc3.cdn.digitaloceanspaces.com." + ttl = 3600 +} + +resource "digitalocean_record" "enp_vpn" { + domain = digitalocean_domain.enp.id + type = "CNAME" + name = "vpn" + value = "en1.enp.one." + ttl = 10600 +} + +resource "digitalocean_record" "enp_web" { + domain = digitalocean_domain.enp.id + type = "CNAME" + name = "web" + value = "en1.enp.one." + ttl = 10600 +} + +resource "digitalocean_record" "enp_sso" { + domain = digitalocean_domain.enp.id + type = "CNAME" + name = "sso" + value = "en1.enp.one." + ttl = 10600 +} + + +# ========================================================================== +# Standard DO configuration for all managed domains, includes +# NS records and SOA +resource "digitalocean_record" "enp_ns1" { + domain = digitalocean_domain.enp.id + type = "NS" + name = "@" + value = "ns1.digitalocean.com." + ttl = 1800 +} + +resource "digitalocean_record" "enp_ns2" { + domain = digitalocean_domain.enp.id + type = "NS" + name = "@" + value = "ns2.digitalocean.com." + ttl = 1800 +} + +resource "digitalocean_record" "enp_ns3" { + domain = digitalocean_domain.enp.id + type = "NS" + name = "@" + value = "ns3.digitalocean.com." + ttl = 1800 +} + + +# ========================================================================== +# DMARC and HTTPS security configuration +resource "digitalocean_record" "enp_dmarc" { + domain = digitalocean_domain.enp.id + type = "TXT" + name = "_dmarc" + value = "v=DMARC1; p=quarantine; adkim=s" + ttl = 3600 +} + +resource "digitalocean_record" "enp_caa" { + domain = digitalocean_domain.enp.id + type = "CAA" + name = "@" + value = "letsencrypt.org." + ttl = 3600 + tag = "issue" + flags = 0 +} + +resource "digitalocean_record" "enp_iodef" { + domain = digitalocean_domain.enp.id + type = "CAA" + name = "@" + value = "mailto:admin@enp.one" + ttl = 3600 + tag = "iodef" + flags = 0 +} + + +# ========================================================================== +# Tutanota mailer integration configuration +resource "digitalocean_record" "enp_mx" { + domain = digitalocean_domain.enp.id + type = "MX" + name = "@" + value = "mail.tutanota.de." + ttl = 3600 + priority = 1010 +} + +resource "digitalocean_record" "enp_spf" { + domain = digitalocean_domain.enp.id + type = "TXT" + name = "@" + value = "v=spf1 include:spf.tutanota.de -all" + ttl = 3600 +} + +resource "digitalocean_record" "enp_domainkey1" { + domain = digitalocean_domain.enp.id + type = "CNAME" + name = "s1._domainkey" + value = "s1._domainkey.tutanota.de." + ttl = 10600 +} + +resource "digitalocean_record" "enp_domainkey2" { + domain = digitalocean_domain.enp.id + type = "CNAME" + name = "s2._domainkey" + value = "s2._domainkey.tutanota.de." + ttl = 10600 +} + +resource "digitalocean_record" "enp_mta1" { + domain = digitalocean_domain.enp.id + type = "CNAME" + name = "_mta-sts" + value = "_mta-sts.tutanota.com." + ttl = 10600 +} + +resource "digitalocean_record" "enp_mta2" { + domain = digitalocean_domain.enp.id + type = "CNAME" + name = "mta-sts" + value = "mta-sts.tutanota.com." + ttl = 10600 +} diff --git a/terra/domain.enpaul.tf b/terra/domain.enpaul.tf new file mode 100644 index 0000000..1d88fd9 --- /dev/null +++ b/terra/domain.enpaul.tf @@ -0,0 +1,123 @@ +resource "digitalocean_domain" "enpaul" { + name = "enpaul.net" +} + + +# ========================================================================== +# Standard hostname configuration +resource "digitalocean_record" "enpaul" { + domain = digitalocean_domain.enpaul.id + type = "A" + name = "@" + value = "24.2.156.189" + ttl = 3600 +} + +resource "digitalocean_record" "enpaul_www" { + domain = digitalocean_domain.enpaul.id + type = "CNAME" + name = "www" + value = "@" + ttl = 10800 +} + + +# ========================================================================== +# Standard DO configuration for all managed domains, includes +# NS records and SOA +resource "digitalocean_record" "enpaul_ns1" { + domain = digitalocean_domain.enpaul.id + type = "NS" + name = "@" + value = "ns1.digitalocean.com." + ttl = 1800 +} + +resource "digitalocean_record" "enpaul_ns2" { + domain = digitalocean_domain.enpaul.id + type = "NS" + name = "@" + value = "ns2.digitalocean.com." + ttl = 1800 +} + +resource "digitalocean_record" "enpaul_ns3" { + domain = digitalocean_domain.enpaul.id + type = "NS" + name = "@" + value = "ns3.digitalocean.com." + ttl = 1800 +} + + +# ========================================================================== +# DMARC and HTTPS security configuration +resource "digitalocean_record" "enpaul_dmarc" { + domain = digitalocean_domain.enpaul.id + type = "TXT" + name = "_dmarc" + value = "v=DMARC1; p=quarantine; adkim=s" + ttl = 3600 +} + +resource "digitalocean_record" "enpaul_caa" { + domain = digitalocean_domain.enpaul.id + type = "CAA" + name = "@" + value = "letsencrypt.org." + ttl = 3600 + tag = "issue" + flags = 0 +} + + +# ========================================================================== +# Tutanota mailer integration configuration +resource "digitalocean_record" "enpaul_mx" { + domain = digitalocean_domain.enpaul.id + type = "MX" + name = "@" + value = "mail.tutanota.de." + ttl = 3600 + priority = 10 +} + +resource "digitalocean_record" "enpaul_spf" { + domain = digitalocean_domain.enpaul.id + type = "TXT" + name = "@" + value = "v=spf1 include:spf.tutanota.de -all" + ttl = 3600 +} + +resource "digitalocean_record" "enpaul_domainkey1" { + domain = digitalocean_domain.enpaul.id + type = "CNAME" + name = "s1._domainkey" + value = "s1._domainkey.tutanota.de." + ttl = 10600 +} + +resource "digitalocean_record" "enpaul_domainkey2" { + domain = digitalocean_domain.enpaul.id + type = "CNAME" + name = "s2._domainkey" + value = "s2._domainkey.tutanota.de." + ttl = 10600 +} + +resource "digitalocean_record" "enpaul_mta1" { + domain = digitalocean_domain.enpaul.id + type = "CNAME" + name = "_mta-sts" + value = "_mta-sts.tutanota.com." + ttl = 10600 +} + +resource "digitalocean_record" "enpaul_mta2" { + domain = digitalocean_domain.enpaul.id + type = "CNAME" + name = "mta-sts" + value = "mta-sts.tutanota.com." + ttl = 10600 +} diff --git a/terra/main.tf b/terra/main.tf new file mode 100644 index 0000000..0c71024 --- /dev/null +++ b/terra/main.tf @@ -0,0 +1,12 @@ +terraform { + backend "pg" { + conn_str = "postgres://terraform@cluster.lab.enp.one:32421/terraform" + } + + required_providers { + digitalocean = { + source = "digitalocean/digitalocean" + version = "~> 2.0" + } + } +}