terraform {
  required_providers {
    linode = {
      source  = "linode/linode"
      version = "1.18.0"
    }
    cloudflare = {
      source  = "cloudflare/cloudflare"
      version = "2.21.0"
    }
  }
}

provider "linode" {
  token = var.linode_token
}

provider "cloudflare" {
  email     = var.cloudflare_email
  api_token = var.cloudflare_api_token
}

resource "linode_instance" "mail" {
  image           = "linode/ubuntu20.04"
  label           = "mail"
  group           = "Terraform"
  region          = "eu-central"
  type            = "g6-standard-1"
  authorized_keys = var.authorized_keys
  root_pass       = var.root_pass
}

resource "cloudflare_record" "dns_mail4" {
  zone_id = var.cloudflare_zone_id
  name    = "mail"
  value   = linode_instance.mail.ip_address
  type    = "A"
  ttl     = 3600
}

resource "cloudflare_record" "dns_mail4_app" {
  zone_id = var.cloudflare_zone_id
  name    = "app"
  value   = linode_instance.mail.ip_address
  type    = "A"
  ttl     = 3600
}

resource "cloudflare_record" "dns_mail6_app" {
  zone_id = var.cloudflare_zone_id
  name    = "app"
  value   = trimsuffix(linode_instance.mail.ipv6, "/128")
  type    = "AAAA"
  ttl     = 3600
}

resource "cloudflare_record" "dns_mail4_wild" {
  zone_id = var.cloudflare_zone_id
  name    = "*.mail"
  value   = linode_instance.mail.ip_address
  type    = "A"
  ttl     = 3600
}

resource "cloudflare_record" "dns_mail6" {
  zone_id = var.cloudflare_zone_id
  name    = "mail"
  value   = trimsuffix(linode_instance.mail.ipv6, "/128")
  type    = "AAAA"
  ttl     = 3600
}

resource "cloudflare_record" "dns_mail6_wild" {
  zone_id = var.cloudflare_zone_id
  name    = "*.mail"
  value   = trimsuffix(linode_instance.mail.ipv6, "/128")
  type    = "AAAA"
  ttl     = 3600
}

resource "cloudflare_record" "dns_mx" {
  zone_id  = var.cloudflare_zone_id
  name     = "@"
  value    = "mail.${var.domain}"
  type     = "MX"
  priority = "1"
}

resource "cloudflare_record" "dns_mx_wild" {
  zone_id  = var.cloudflare_zone_id
  name     = "*"
  value    = "mail.${var.domain}"
  type     = "MX"
  priority = "1"
}

resource "cloudflare_record" "spf" {
  zone_id = var.cloudflare_zone_id
  name    = "@"
  value   = "v=spf1 mx -all"
  type    = "TXT"
}

resource "cloudflare_record" "dmarc" {
  zone_id = var.cloudflare_zone_id
  name    = "_dmarc.${var.domain}"
  value   = "v=DMARC1; p=quarantine; adkim=r; aspf=r"
  type    = "TXT"
}
###

resource "cloudflare_record" "dns_alt4" {
  zone_id = var.cloudflare_alt_zone_id
  name    = "mail"
  value   = linode_instance.mail.ip_address
  type    = "A"
  ttl     = 3600
}

resource "cloudflare_record" "dns_alt4_app" {
  zone_id = var.cloudflare_alt_zone_id
  name    = "app"
  value   = linode_instance.mail.ip_address
  type    = "A"
  ttl     = 3600
}

resource "cloudflare_record" "dns_alt4_wild" {
  zone_id = var.cloudflare_alt_zone_id
  name    = "*.mail"
  value   = linode_instance.mail.ip_address
  type    = "A"
  ttl     = 3600
}

resource "cloudflare_record" "dns_alt6" {
  zone_id = var.cloudflare_alt_zone_id
  name    = "mail"
  value   = trimsuffix(linode_instance.mail.ipv6, "/128")
  type    = "AAAA"
  ttl     = 3600
}

resource "cloudflare_record" "dns_alt6_wild" {
  zone_id = var.cloudflare_alt_zone_id
  name    = "*.mail"
  value   = trimsuffix(linode_instance.mail.ipv6, "/128")
  type    = "AAAA"
  ttl     = 3600
}

resource "cloudflare_record" "dns_alt_mx" {
  zone_id  = var.cloudflare_alt_zone_id
  name     = "@"
  value    = "mail.${var.alt_domain}"
  type     = "MX"
  priority = "1"
}

resource "cloudflare_record" "dns_alt_mx_wild" {
  zone_id  = var.cloudflare_alt_zone_id
  name     = "*"
  value    = "mail.${var.alt_domain}"
  type     = "MX"
  priority = "1"
}

resource "cloudflare_record" "spf_alt" {
  zone_id = var.cloudflare_alt_zone_id
  name    = "@"
  value   = "v=spf1 include:mail.domain.com -all"
  type    = "TXT"
}

resource "cloudflare_record" "dmarc_alt" {
  zone_id = var.cloudflare_alt_zone_id
  name    = "_dmarc.${var.alt_domain}"
  value   = "v=DMARC1; p=quarantine; adkim=r; aspf=r"
  type    = "TXT"
}

###
resource "linode_rdns" "rdns4" {
  address = linode_instance.mail.ip_address
  rdns    = "mail.${var.domain}"
}

resource "linode_rdns" "rdns6" {
  address = trimsuffix(linode_instance.mail.ipv6, "/128")
  rdns    = "mail.${var.domain}"
}

variable "linode_token" {}
variable "cloudflare_email" {}
variable "cloudflare_api_token" {}
variable "authorized_keys" {}
variable "root_pass" {}
variable "cloudflare_zone_id" {}
variable "cloudflare_alt_zone_id" {}
variable "domain" {
  type    = string
  default = "domain.com"
}
variable "alt_domain" {
  type    = string
  default = "other_domain.com"
}