You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

352 lines
8.1 KiB

## APEX
resource "cloudflare_record" "sudois" {
zone_id = cloudflare_zone.sudois.id
name = ""
value = local.fsn_lb_ip
type = "A"
ttl = 1
proxied = false
}
resource "cloudflare_record" "www" {
zone_id = cloudflare_zone.sudois.id
name = "www"
value = "sudo.is"
type = "CNAME"
ttl = 1
proxied = false
}
## EMAIL
resource "cloudflare_record" "mx" {
count = 2
zone_id = cloudflare_zone.sudois.id
type = "MX"
name = "@"
priority = "10"
value = "in${count.index + 1}-smtp.messagingengine.com"
ttl = 60
}
resource "cloudflare_record" "dkim" {
count = 3
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
name = "fm${count.index + 1 }._domainkey"
value = "fm${count.index + 1 }.sudo.is.dkim.fmhosted.com"
ttl = 43200
}
resource "cloudflare_record" "sudo-is-txt" {
zone_id = cloudflare_zone.sudois.id
type = "TXT"
name = "@"
value = "v=spf1 mx a ptr include:_spf.investici.org include:spf.messagingengine.com include:_spf.google.com ?all"
ttl = 60
}
resource "cloudflare_record" "sudo-is-txt-google" {
zone_id = cloudflare_zone.sudois.id
type = "TXT"
name = "@"
value = "google-site-verification=_wc8G-J9eElqihJ9G1MHhVYLfR154Rw1WeHPbOhzNrg"
ttl = 60
}
## DELEGATIONS
# moved to dns-delegations-sudo.is.tf
## LOAD BALANCERS
resource "cloudflare_record" "fsn-lb" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "fsn-lb"
value = hcloud_floating_ip.fsn-lb.ip_address
ttl = 60
}
## HOSTS
# hetzner physical
resource "cloudflare_record" "freespace-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "freespace"
value = local.freespace_ip
ttl = 60
}
resource "cloudflare_record" "mainframe-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "mainframe"
value = local.mainframe_ip
ttl = 60
}
resource "cloudflare_record" "fra2-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "fra2"
value = local.fra2_ip
ttl = 60
}
# resource "cloudflare_record" "fra2-sudo-is6" {
# zone_id = cloudflare_zone.sudois.id
# type = "AAAA"
# name = "fra2"
# value = local.fra2_ip6
# ttl = 60
# }
resource "cloudflare_record" "fsn-g0-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "fsn-g0"
value = local.fsn_g0_ip
ttl = 60
}
# hetzner cloud
resource "cloudflare_record" "fra1-auth-g0" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "fra1-auth-g0"
value = hcloud_server.fra1-auth-g0.ipv4_address
ttl = 60
}
# resource "cloudflare_record" "fra1-auth-g1" {
# zone_id = cloudflare_zone.sudois.id
# type = "A"
# name = "fra1-auth-g1"
# value = hcloud_server.fra1-auth-g1.ipv4_address
# ttl = 60
# }
resource "cloudflare_record" "fra3-weblate-g0" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "fra3-weblate-g0"
value = hcloud_server.fra3-weblate-g0.ipv4_address
ttl = 60
}
resource "cloudflare_record" "fsn-lb-g0" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "fsn-lb-g0"
value = hcloud_server.fsn-lb-g0.ipv4_address
ttl = 60
}
resource "cloudflare_record" "fsn-lb-g1" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "fsn-lb-g1"
value = hcloud_server.fsn-lb-g1.ipv4_address
ttl = 60
}
# digital ocean
resource "cloudflare_record" "fra0" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "fra0"
value = digitalocean_droplet.fra0.ipv4_address
ttl = 60
}
# other
resource "cloudflare_record" "ams0-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "ams0"
value = local.ams0_ip
ttl = 60
}
# resource "cloudflare_record" "rvk0-sudo-is" {
# zone_id = cloudflare_zone.sudois.id
# type = "A"
# name = "10.102.47.142"
# value = ""
# ttl = 60
# }
resource "cloudflare_record" "rvk1-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "rvk1"
value = "185.112.146.244"
ttl = 60
}
resource "cloudflare_record" "ber0-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "ber0"
value = "192.168.21.4"
ttl = 60
}
## services
# most of the service records are created from
# infra/group_vars/fsnlb.yml
# and point to fsn-lb.sudo.is.
#
# that means they are not listed here. manually adding
# records is only needed for things that are not in
# the lb
resource "cloudflare_record" "unifi-sudois" {
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
name = "unifi"
value = "bear.s21.sudo.is"
proxied = false
ttl = 60
}
resource "cloudflare_record" "broker-sudois" {
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
name = "broker"
value = "ber-sensnet-g0.s21.sudo.is"
proxied = false
ttl = 60
}
resource "cloudflare_record" "tvbed-sudois" {
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
name = "tvbed"
value = "xbianbedroom.s21.sudo.is"
proxied = false
ttl = 60
}
resource "cloudflare_record" "print-sudois" {
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
name = "print"
value = "bear.s21.sudo.is"
proxied = false
ttl = 60
}
resource "cloudflare_record" "tools-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "tools"
value = local.mainframe_ip_2
proxied = false
ttl = 60
}
resource "cloudflare_record" "weblate" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "weblate"
value = hcloud_server.fra3-weblate-g0.ipv4_address
ttl = 60
}
## static, proxied with cloudflare
resource "cloudflare_record" "static" {
zone_id = cloudflare_zone.sudois.id
name = element(["static", "benedikt"], count.index)
count = 2
type = "A"
value = local.fsn_lb_ip
ttl = 1
proxied = true
}
## vpn
resource "cloudflare_record" "vpn" {
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
name = "vpn"
value = "vpn-de.sudo.is"
ttl = 60
}
resource "cloudflare_record" "vpn-de" {
zone_id = cloudflare_zone.sudois.id
type = "A"
value = local.mainframe_ip
name = "vpn-de"
ttl = 60
proxied = false
}
resource "cloudflare_record" "vpn-uk" {
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
name = "vpn-uk"
value = "lon1.sudo.is"
ttl = 60
}
resource "cloudflare_record" "vpn-is" {
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
name = "vpn-is"
value = "rvk1.sudo.is"
ttl = 60
}
resource "cloudflare_record" "vpn-mamma" {
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
name = "vpn-mamma"
value = "rvk1.sudo.is"
ttl = 60
}
resource "cloudflare_record" "wifi001-vpn" {
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
name = "wifi001-vpn"
value = "lon1.sudo.is"
ttl = 60
}
resource "cloudflare_record" "mammassh" {
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
name = "mammassh"
value = "rvk1.sudo.is"
ttl = 60
}
## legacy records
resource "cloudflare_record" "endor" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "endor"
value = local.endor_ip
ttl = 60
}
# eyjabakki.sudo.is
# legacy record :(
resource "cloudflare_record" "eyjabakki" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "eyjabakki"
value = "89.160.147.41"
ttl = 60
}
# # mathom.sudo.is
# resource "cloudflare_record" "mathom-sudo-is" {
# zone_id = cloudflare_zone.sudois.id
# type = "A"
# name = "mathom"
# value = "89.17.135.222"
# ttl = 60
# }
## questionable
resource "cloudflare_record" "unifi-ls54-sudois" {
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
name = "unifi.ls54"
value = "ber1.sudo.is"
#value = "ber0.sudo.is"
proxied = false
ttl = 60
}
resource "cloudflare_record" "mathom" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "mathom"
value = "192.168.21.42"
ttl = 60
}
# resource "cloudflare_record" "rvk0-vpn" {
# zone_id = cloudflare_zone.sudois.id
# type = "CNAME"
# name = "rvk0-vpn"
# value = "lon1.sudo.is"
# ttl = 60
# }