set up some delegated dns zones

dns-delegations-sudo.is.tf

@@ -0,0 +1,50 @@
+## DELEGATIONS
+# wg.sudo.is
+resource "cloudflare_record" "ns-wg-sudo-is" {
+  count   = 3
+  zone_id = cloudflare_zone.sudois.id
+  type    = "NS"
+  name    = "wg"
+  value   = "ns${count.index + 1}.digitalocean.com"
+  ttl     = 1
+}
+
+# htznr.sudo.is
+resource "cloudflare_record" "ns-htznr-sudo-is" {
+  count   = 3
+  zone_id = cloudflare_zone.sudois.id
+  type    = "NS"
+  name    = "htznr"
+  value   = "ns${count.index + 1}.digitalocean.com"
+  ttl     = 1
+}
+
+# do.sudo.is
+resource "cloudflare_record" "ns-do-sudo-is" {
+  count   = 3
+  zone_id = cloudflare_zone.sudois.id
+  type    = "NS"
+  name    = "do"
+  value   = "ns${count.index + 1}.digitalocean.com"
+  ttl     = 1
+}
+
+# oci.sudo.is
+resource "cloudflare_record" "ns-oci-sudo-is" {
+  count   = 3
+  zone_id = cloudflare_zone.sudois.id
+  type    = "NS"
+  name    = "oci"
+  value   = "ns${count.index + 1}.digitalocean.com"
+  ttl     = 1
+}
+
+# s21.sudo.is
+resource "cloudflare_record" "ns-s21-sudo-is" {
+  count   = 3
+  zone_id = cloudflare_zone.sudois.id
+  type    = "NS"
+  name    = "s21"
+  value   = "ns${count.index + 1}.digitalocean.com"
+  ttl     = 1
+}

dns-do.sudo.is.tf

@@ -0,0 +1,6 @@
+# will be a delegated zone .htznr.sudo.is
+
+resource "digitalocean_domain" "do-sudo-is" {
+  name       = "do.sudo.is"
+  ip_address = local.fsn_lb_ip
+}

dns-htznr-sudo-is.tf

@@ -1,31 +0,0 @@
-# currently just flat dotted dns records .hcloud.sudo.is
-# will be a delegated zone .htznr.sudo.is
-
-resource "cloudflare_record" "fra1-auth-g0-hcloud" {
-  zone_id = cloudflare_zone.sudois.id
-  type   = "A"
-  name   = "fra1-auth-g0.hcloud"
-  value  = "10.101.0.11"
-  ttl    = 60
-}
-resource "cloudflare_record" "fra3-weblate-g0-hcloud" {
-  zone_id = cloudflare_zone.sudois.id
-  type   = "A"
-  name   = "fra3-weblate-g0.hcloud"
-  value  = "10.101.0.3"
-  ttl    = 60
-}
-resource "cloudflare_record" "fsn-lb-g0-hcloud" {
-  zone_id = cloudflare_zone.sudois.id
-  type   = "A"
-  name   = "fsn-lb-g0.hcloud"
-  value  = "10.101.0.4"
-  ttl    = 60
-}
-resource "cloudflare_record" "fsn-lb-g1-hcloud" {
-  zone_id = cloudflare_zone.sudois.id
-  type   = "A"
-  name   = "fsn-lb-g1.hcloud"
-  value  = "10.101.0.5"
-  ttl    = 60
-}

dns-htznr.sudo.is.tf

@@ -0,0 +1,37 @@
+# will be a delegated zone .htznr.sudo.is
+
+resource "digitalocean_domain" "htznr-sudo-is" {
+  name       = "htznr.sudo.is"
+  ip_address = local.fsn_lb_ip
+}
+
+
+# currently just flat dotted dns records .hcloud.sudo.is
+resource "digitalocean_record" "fra1-auth-g0-hcloud" {
+  domain = digitalocean_domain.htznr-sudo-is.name
+  type   = "A"
+  name   = "fra1-auth-g0"
+  value  = "10.101.0.11"
+  ttl    = 60
+}
+resource "digitalocean_record" "fra3-weblate-g0-hcloud" {
+  domain = digitalocean_domain.htznr-sudo-is.name
+  type   = "A"
+  name   = "fra3-weblate-g0"
+  value  = "10.101.0.3"
+  ttl    = 60
+}
+resource "digitalocean_record" "fsn-lb-g0-hcloud" {
+  domain = digitalocean_domain.htznr-sudo-is.name
+  type   = "A"
+  name   = "fsn-lb-g0"
+  value  = "10.101.0.4"
+  ttl    = 60
+}
+resource "digitalocean_record" "fsn-lb-g1-hcloud" {
+  domain = digitalocean_domain.htznr-sudo-is.name
+  type   = "A"
+  name   = "fsn-lb-g1"
+  value  = "10.101.0.5"
+  ttl    = 60
+}

dns-oci.sudo.is.tf

@@ -1,7 +1,18 @@
-# these are currently flat dotted dns records .lon.sudo.is
-# but will become a delegated zone .oci.sudo.is
+# will become a delegated zone .oci.sudo.is
+resource "digitalocean_domain" "oci-sudo-is" {
+  name       = "oci.sudo.is"
+  ip_address = local.fsn_lb_ip
+}
+resource "digitalocean_record" "lon-matrix-bridges-g0" {
+  domain = digitalocean_domain.oci-sudo-is.name
+  type   = "A"
+  name   = "lon-matrix-bridges-g0"
+  value  = oci_core_instance.lon-matrix-bridges-g0.public_ip
+  ttl    = 60
+}
 
-resource "cloudflare_record" "lon-matrix-bridges-g0" {
+# these are currently flat dotted dns records .lon.sudo.is
+resource "cloudflare_record" "legacy-lon-matrix-bridges-g0" {
   zone_id = cloudflare_zone.sudois.id
   type   = "A"
   name   = "lon-matrix-bridges-g0.lon"

dns-s21-sudo-is.tf

@@ -1,118 +0,0 @@
-## hosts
-
-# currently this is flat dns with dots
-# will become a delegated zone
-
-resource "cloudflare_record" "s21-sudo-is" {
-  zone_id = cloudflare_zone.sudois.id
-  type   = "A"
-  name   = "s21"
-  value  = local.s21_vodafone_ip
-  ttl    = 60
-}
-resource "cloudflare_record" "bear-s21-sudo-is" {
-  zone_id = cloudflare_zone.sudois.id
-  type   = "A"
-  name   = "bear.s21"
-  value  = "192.168.21.10"
-  ttl    = 60
-}
-resource "cloudflare_record" "ber-jenkins-g0-s21-sudo-is" {
-  zone_id = cloudflare_zone.sudois.id
-  type   = "A"
-  name   = "ber-jenkins-g0.s21"
-  value  = "192.168.21.104"
-  ttl    = 60
-}
-resource "cloudflare_record" "benvm-s21-sudo-is" {
-  zone_id = cloudflare_zone.sudois.id
-  type   = "A"
-  name   = "benvm.s21"
-  value  = "192.168.21.140"
-  ttl    = 60
-}
-resource "cloudflare_record" "edge-s21-sudois" {
-  zone_id = cloudflare_zone.sudois.id
-  type     = "A"
-  name     = "edge.s21"
-  value    = "10.102.47.138"
-  proxied  = false
-  ttl      = 60
-}
-resource "cloudflare_record" "ber0-s21-sudois" {
-  zone_id = cloudflare_zone.sudois.id
-  type     = "A"
-  name     = "ber0.s21"
-  value    = "192.168.21.4"
-  proxied  = false
-  ttl      = 60
-}
-
-## sensor hosts
-resource "cloudflare_record" "sensor-bedroom-s21-sudois" {
-  zone_id = cloudflare_zone.sudois.id
-  type     = "A"
-  name     = "sensor-bedroom.s21"
-  value    = "192.168.21.200"
-  proxied  = false
-  ttl      = 60
-}
-resource "cloudflare_record" "sensor-livingroom-s21-sudois" {
-  zone_id = cloudflare_zone.sudois.id
-  type     = "A"
-  name     = "sensor-livingroom.s21"
-  value    = "192.168.21.201"
-  proxied  = false
-  ttl      = 60
-}
-resource "cloudflare_record" "eink-s21-sudois" {
-  zone_id = cloudflare_zone.sudois.id
-  type     = "A"
-  name     = "eink.s21"
-  value    = "192.168.21.202"
-  proxied  = false
-  ttl      = 60
-}
-resource "cloudflare_record" "sensor-bathroom-s21-sudois" {
-  zone_id = cloudflare_zone.sudois.id
-  type     = "A"
-  name     = "sensor-bathroom.s21"
-  value    = "192.168.21.203"
-  proxied  = false
-  ttl      = 60
-}
-resource "cloudflare_record" "sensor-study-s21-sudois" {
-  zone_id = cloudflare_zone.sudois.id
-  type     = "A"
-  name     = "sensor-study.s21"
-  value    = "192.168.21.204"
-  proxied  = false
-  ttl      = 60
-}
-resource "cloudflare_record" "sensor-testbed-s21-sudois" {
-  zone_id = cloudflare_zone.sudois.id
-  type     = "A"
-  name     = "sensor-testbed.s21"
-  value    = "192.168.21.205"
-  proxied  = false
-  ttl      = 60
-}
-
-
-## services
-resource "cloudflare_record" "broker-s21-sudois" {
-  zone_id = cloudflare_zone.sudois.id
-  type     = "CNAME"
-  name     = "broker.s21"
-  value    = "ber0.s21.sudo.is"
-  proxied  = false
-  ttl      = 60
-}
-resource "cloudflare_record" "unifi-s21-sudois" {
-  zone_id = cloudflare_zone.sudois.id
-  type     = "CNAME"
-  name     = "unifi.s21"
-  value    = "bear.s21.sudo.is"
-  proxied  = false
-  ttl      = 60
-}

dns-s21.sudo.is.tf

@@ -0,0 +1,106 @@
+### s21.sudo.is
+
+## delegated to digitalocean.com
+
+resource "digitalocean_domain" "s21-sudo-is" {
+  name       = "s21.sudo.is"
+  ip_address = local.fsn_lb_ip
+}
+
+## hosts
+resource "digitalocean_record" "bear-s21-sudo-is" {
+  domain   = digitalocean_domain.s21-sudo-is.name
+  type   = "A"
+  name   = "bear"
+  value  = "192.168.21.10"
+  ttl    = 60
+}
+resource "digitalocean_record" "ber-jenkins-g0-s21-sudo-is" {
+  domain   = digitalocean_domain.s21-sudo-is.name
+  type   = "A"
+  name   = "ber-jenkins-g0"
+  value  = "192.168.21.104"
+  ttl    = 60
+}
+resource "digitalocean_record" "benvm-s21-sudo-is" {
+  domain   = digitalocean_domain.s21-sudo-is.name
+  type   = "A"
+  name   = "benvm"
+  value  = "192.168.21.140"
+  ttl    = 60
+}
+resource "digitalocean_record" "edge-s21-sudois" {
+  domain   = digitalocean_domain.s21-sudo-is.name
+  type     = "A"
+  name     = "edge"
+  value    = "10.102.47.138"
+  ttl      = 60
+}
+resource "digitalocean_record" "ber0-s21-sudois" {
+  domain   = digitalocean_domain.s21-sudo-is.name
+  type     = "A"
+  name     = "ber0"
+  value    = "192.168.21.4"
+  ttl      = 60
+}
+
+## sensor hosts
+resource "digitalocean_record" "sensor-bedroom-s21-sudois" {
+  domain   = digitalocean_domain.s21-sudo-is.name
+  type     = "A"
+  name     = "sensor-bedroom"
+  value    = "192.168.21.200"
+  ttl      = 60
+}
+resource "digitalocean_record" "sensor-livingroom-s21-sudois" {
+  domain   = digitalocean_domain.s21-sudo-is.name
+  type     = "A"
+  name     = "sensor-livingroom"
+  value    = "192.168.21.201"
+  ttl      = 60
+}
+resource "digitalocean_record" "eink-s21-sudois" {
+  domain   = digitalocean_domain.s21-sudo-is.name
+  type     = "A"
+  name     = "eink"
+  value    = "192.168.21.202"
+  ttl      = 60
+}
+resource "digitalocean_record" "sensor-bathroom-s21-sudois" {
+  domain   = digitalocean_domain.s21-sudo-is.name
+  type     = "A"
+  name     = "sensor-bathroom"
+  value    = "192.168.21.203"
+  ttl      = 60
+}
+resource "digitalocean_record" "sensor-study-s21-sudois" {
+  domain   = digitalocean_domain.s21-sudo-is.name
+  type     = "A"
+  name     = "sensor-study"
+  value    = "192.168.21.204"
+  ttl      = 60
+}
+resource "digitalocean_record" "sensor-testbed-s21-sudois" {
+  domain   = digitalocean_domain.s21-sudo-is.name
+  type     = "A"
+  name     = "sensor-testbed"
+  value    = "192.168.21.205"
+  ttl      = 60
+}
+
+
+## services
+resource "digitalocean_record" "broker-s21-sudois" {
+  domain   = digitalocean_domain.s21-sudo-is.name
+  type     = "CNAME"
+  name     = "broker"
+  value    = "ber0.s21.sudo.is."
+  ttl      = 60
+}
+resource "digitalocean_record" "unifi-s21-sudois" {
+  domain   = digitalocean_domain.s21-sudo-is.name
+  type     = "CNAME"
+  name     = "unifi"
+  value    = "bear.s21.sudo.is."
+  ttl      = 60
+}

dns-sudo.is.tf

@@ -1,4 +1,4 @@
-## apex
+## APEX
 resource "cloudflare_record" "sudois" {
   zone_id = cloudflare_zone.sudois.id
   name    = ""
@@ -16,53 +16,54 @@ resource "cloudflare_record" "www" {
   proxied = false
 }
 
-## email
+## EMAIL
 resource "cloudflare_record" "mx" {
-  zone_id = cloudflare_zone.sudois.id
-  type     = "MX"
-  name     = "@"
-  priority = "10"
-  value    = "in${count.index + 1}-smtp.messagingengine.com"
-  ttl      = 60
-  count    = 2
+  count     = 2
+  zone_id   = cloudflare_zone.sudois.id
+  type      = "MX"
+  name      = "@"
+  priority  = "10"
+  value     = "in${count.index + 1}-smtp.messagingengine.com"
+  ttl       = 60
 }
 resource "cloudflare_record" "dkim" {
+  count   = 3
   zone_id = cloudflare_zone.sudois.id
-  type   = "CNAME"
-  name   = "fm${count.index + 1 }._domainkey"
-  value  = "fm${count.index + 1 }.sudo.is.dkim.fmhosted.com"
-  ttl    = 43200
-  count  = 3
+  type    = "CNAME"
+  name    = "fm${count.index + 1 }._domainkey"
+  value   = "fm${count.index + 1 }.sudo.is.dkim.fmhosted.com"
+  ttl     = 43200
 }
 resource "cloudflare_record" "sudo-is-txt" {
   zone_id = cloudflare_zone.sudois.id
   type    = "TXT"
   name    = "@"
   value   = "v=spf1 mx a ptr include:_spf.investici.org include:spf.messagingengine.com include:_spf.google.com ?all"
-  ttl    = 60
+  ttl     = 60
 }
 resource "cloudflare_record" "sudo-is-txt-google" {
   zone_id = cloudflare_zone.sudois.id
   type    = "TXT"
   name    = "@"
   value   = "google-site-verification=_wc8G-J9eElqihJ9G1MHhVYLfR154Rw1WeHPbOhzNrg"
-  ttl    = 60
+  ttl     = 60
 }
 
-resource "cloudflare_record" "fra0" {
-  zone_id = cloudflare_zone.sudois.id
-  type   = "A"
-  name   = "fra0"
-  value  = digitalocean_droplet.fra0.ipv4_address
-  ttl    = 60
-}
-resource "cloudflare_record" "ams0-sudo-is" {
+## DELEGATIONS
+# moved to dns-delegations-sudo.is.tf
+
+## LOAD BALANCERS
+resource "cloudflare_record" "fsn-lb" {
   zone_id = cloudflare_zone.sudois.id
   type   = "A"
-  name   = "ams0"
-  value  = local.ams0_ip
+  name   = "fsn-lb"
+  value  = hcloud_floating_ip.fsn-lb.ip_address
   ttl    = 60
 }
+
+## HOSTS
+
+# hetzner physical
 resource "cloudflare_record" "freespace-sudo-is" {
   zone_id = cloudflare_zone.sudois.id
   type   = "A"
@@ -98,21 +99,8 @@ resource "cloudflare_record" "fsn-g0-sudo-is" {
   value  = local.fsn_g0_ip
   ttl    = 60
 }
-resource "cloudflare_record" "rvk1-sudo-is" {
-  zone_id = cloudflare_zone.sudois.id
-  type   = "A"
-  name   = "rvk1"
-  value  = "185.112.146.244"
-  ttl    = 60
-}
-resource "cloudflare_record" "ber0-sudo-is" {
-  zone_id = cloudflare_zone.sudois.id
-  type   = "A"
-  name   = "ber0"
-  value  = "192.168.21.4"
-  ttl    = 60
-}
 
+# hetzner cloud
 resource "cloudflare_record" "fra1-auth-g0" {
   zone_id = cloudflare_zone.sudois.id
   type   = "A"
@@ -151,12 +139,35 @@ resource "cloudflare_record" "fsn-lb-g1" {
   ttl    = 60
 }
 
-## Load Balancers
-resource "cloudflare_record" "fsn-lb" {
+# digital ocean
+resource "cloudflare_record" "fra0" {
   zone_id = cloudflare_zone.sudois.id
   type   = "A"
-  name   = "fsn-lb"
-  value  = hcloud_floating_ip.fsn-lb.ip_address
+  name   = "fra0"
+  value  = digitalocean_droplet.fra0.ipv4_address
+  ttl    = 60
+}
+
+# other
+resource "cloudflare_record" "ams0-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type   = "A"
+  name   = "ams0"
+  value  = local.ams0_ip
+  ttl    = 60
+}
+resource "cloudflare_record" "rvk1-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type   = "A"
+  name   = "rvk1"
+  value  = "185.112.146.244"
+  ttl    = 60
+}
+resource "cloudflare_record" "ber0-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type   = "A"
+  name   = "ber0"
+  value  = "192.168.21.4"
   ttl    = 60
 }
 

dns-wg.sudo.is.tf

@@ -0,0 +1,17 @@
+### wg.sudo.is
+
+## delegated to digital ocean
+
+resource "digitalocean_domain" "wg-sudo-is" {
+  name       = "wg.sudo.is"
+  ip_address = local.fsn_lb_ip
+}
+
+# mainframe test record
+resource "digitalocean_record" "mainframe-wg-sudo-is" {
+  domain   = digitalocean_domain.wg-sudo-is.name
+  type     = "A"
+  name     = "mainframe"
+  value    = "10.102.47.128"
+  ttl      = 60
+}