208 lines
4.6 KiB
Terraform
208 lines
4.6 KiB
Terraform
|
terraform {
|
||
|
|
required_providers {
|
||
|
|
linode = {
|
||
|
|
source = "linode/linode"
|
||
|
|
version = "1.18.0"
|
||
|
|
}
|
||
|
|
cloudflare = {
|
||
|
|
source = "cloudflare/cloudflare"
|
||
|
|
version = "2.21.0"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
provider "linode" {
|
||
|
|
token = var.linode_token
|
||
|
|
}
|
||
|
|
|
||
|
|
provider "cloudflare" {
|
||
|
|
email = var.cloudflare_email
|
||
|
|
api_token = var.cloudflare_api_token
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "linode_instance" "mail" {
|
||
|
|
image = "linode/ubuntu20.04"
|
||
|
|
label = "mail"
|
||
|
|
group = "Terraform"
|
||
|
|
region = "eu-central"
|
||
|
|
type = "g6-standard-1"
|
||
|
|
authorized_keys = var.authorized_keys
|
||
|
|
root_pass = var.root_pass
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "dns_mail4" {
|
||
|
|
zone_id = var.cloudflare_zone_id
|
||
|
|
name = "mail"
|
||
|
|
value = linode_instance.mail.ip_address
|
||
|
|
type = "A"
|
||
|
|
ttl = 3600
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "dns_mail4_app" {
|
||
|
|
zone_id = var.cloudflare_zone_id
|
||
|
|
name = "app"
|
||
|
|
value = linode_instance.mail.ip_address
|
||
|
|
type = "A"
|
||
|
|
ttl = 3600
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "dns_mail6_app" {
|
||
|
|
zone_id = var.cloudflare_zone_id
|
||
|
|
name = "app"
|
||
|
|
value = trimsuffix(linode_instance.mail.ipv6, "/128")
|
||
|
|
type = "AAAA"
|
||
|
|
ttl = 3600
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "dns_mail4_wild" {
|
||
|
|
zone_id = var.cloudflare_zone_id
|
||
|
|
name = "*.mail"
|
||
|
|
value = linode_instance.mail.ip_address
|
||
|
|
type = "A"
|
||
|
|
ttl = 3600
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "dns_mail6" {
|
||
|
|
zone_id = var.cloudflare_zone_id
|
||
|
|
name = "mail"
|
||
|
|
value = trimsuffix(linode_instance.mail.ipv6, "/128")
|
||
|
|
type = "AAAA"
|
||
|
|
ttl = 3600
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "dns_mail6_wild" {
|
||
|
|
zone_id = var.cloudflare_zone_id
|
||
|
|
name = "*.mail"
|
||
|
|
value = trimsuffix(linode_instance.mail.ipv6, "/128")
|
||
|
|
type = "AAAA"
|
||
|
|
ttl = 3600
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "dns_mx" {
|
||
|
|
zone_id = var.cloudflare_zone_id
|
||
|
|
name = "@"
|
||
|
|
value = "mail.${var.domain}"
|
||
|
|
type = "MX"
|
||
|
|
priority = "1"
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "dns_mx_wild" {
|
||
|
|
zone_id = var.cloudflare_zone_id
|
||
|
|
name = "*"
|
||
|
|
value = "mail.${var.domain}"
|
||
|
|
type = "MX"
|
||
|
|
priority = "1"
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "spf" {
|
||
|
|
zone_id = var.cloudflare_zone_id
|
||
|
|
name = "@"
|
||
|
|
value = "v=spf1 mx -all"
|
||
|
|
type = "TXT"
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "dmarc" {
|
||
|
|
zone_id = var.cloudflare_zone_id
|
||
|
|
name = "_dmarc.${var.domain}"
|
||
|
|
value = "v=DMARC1; p=quarantine; adkim=r; aspf=r"
|
||
|
|
type = "TXT"
|
||
|
|
}
|
||
|
|
###
|
||
|
|
|
||
|
|
resource "cloudflare_record" "dns_alt4" {
|
||
|
|
zone_id = var.cloudflare_alt_zone_id
|
||
|
|
name = "mail"
|
||
|
|
value = linode_instance.mail.ip_address
|
||
|
|
type = "A"
|
||
|
|
ttl = 3600
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "dns_alt4_app" {
|
||
|
|
zone_id = var.cloudflare_alt_zone_id
|
||
|
|
name = "app"
|
||
|
|
value = linode_instance.mail.ip_address
|
||
|
|
type = "A"
|
||
|
|
ttl = 3600
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "dns_alt4_wild" {
|
||
|
|
zone_id = var.cloudflare_alt_zone_id
|
||
|
|
name = "*.mail"
|
||
|
|
value = linode_instance.mail.ip_address
|
||
|
|
type = "A"
|
||
|
|
ttl = 3600
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "dns_alt6" {
|
||
|
|
zone_id = var.cloudflare_alt_zone_id
|
||
|
|
name = "mail"
|
||
|
|
value = trimsuffix(linode_instance.mail.ipv6, "/128")
|
||
|
|
type = "AAAA"
|
||
|
|
ttl = 3600
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "dns_alt6_wild" {
|
||
|
|
zone_id = var.cloudflare_alt_zone_id
|
||
|
|
name = "*.mail"
|
||
|
|
value = trimsuffix(linode_instance.mail.ipv6, "/128")
|
||
|
|
type = "AAAA"
|
||
|
|
ttl = 3600
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "dns_alt_mx" {
|
||
|
|
zone_id = var.cloudflare_alt_zone_id
|
||
|
|
name = "@"
|
||
|
|
value = "mail.${var.alt_domain}"
|
||
|
|
type = "MX"
|
||
|
|
priority = "1"
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "dns_alt_mx_wild" {
|
||
|
|
zone_id = var.cloudflare_alt_zone_id
|
||
|
|
name = "*"
|
||
|
|
value = "mail.${var.alt_domain}"
|
||
|
|
type = "MX"
|
||
|
|
priority = "1"
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "spf_alt" {
|
||
|
|
zone_id = var.cloudflare_alt_zone_id
|
||
|
|
name = "@"
|
||
|
|
value = "v=spf1 include:mail.domain.com -all"
|
||
|
|
type = "TXT"
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "cloudflare_record" "dmarc_alt" {
|
||
|
|
zone_id = var.cloudflare_alt_zone_id
|
||
|
|
name = "_dmarc.${var.alt_domain}"
|
||
|
|
value = "v=DMARC1; p=quarantine; adkim=r; aspf=r"
|
||
|
|
type = "TXT"
|
||
|
|
}
|
||
|
|
|
||
|
|
###
|
||
|
|
resource "linode_rdns" "rdns4" {
|
||
|
|
address = linode_instance.mail.ip_address
|
||
|
|
rdns = "mail.${var.domain}"
|
||
|
|
}
|
||
|
|
|
||
|
|
resource "linode_rdns" "rdns6" {
|
||
|
|
address = trimsuffix(linode_instance.mail.ipv6, "/128")
|
||
|
|
rdns = "mail.${var.domain}"
|
||
|
|
}
|
||
|
|
|
||
|
|
variable "linode_token" {}
|
||
|
|
variable "cloudflare_email" {}
|
||
|
|
variable "cloudflare_api_token" {}
|
||
|
|
variable "authorized_keys" {}
|
||
|
|
variable "root_pass" {}
|
||
|
|
variable "cloudflare_zone_id" {}
|
||
|
|
variable "cloudflare_alt_zone_id" {}
|
||
|
|
variable "domain" {
|
||
|
|
type = string
|
||
|
|
default = "domain.com"
|
||
|
|
}
|
||
|
|
variable "alt_domain" {
|
||
|
|
type = string
|
||
|
|
default = "other_domain.com"
|
||
|
|
}
|