2023-01-30 19:12:17 +00:00
|
|
|
# Main domain resource
|
|
|
|
resource "digitalocean_domain" "default" {
|
|
|
|
name = "distrust.co"
|
|
|
|
}
|
|
|
|
|
|
|
|
# # Let's Encrypt
|
|
|
|
# ## Private key
|
|
|
|
# resource "tls_private_key" "private_key" {
|
|
|
|
# algorithm = "RSA"
|
|
|
|
# }
|
|
|
|
|
|
|
|
# ## ACME registration
|
|
|
|
# resource "acme_registration" "reg" {
|
|
|
|
# account_key_pem = tls_private_key.private_key.private_key_pem
|
|
|
|
# email_address = "team@distrust.co"
|
|
|
|
# }
|
|
|
|
|
|
|
|
# ## ACME certificate
|
|
|
|
# resource "acme_certificate" "certificate" {
|
|
|
|
# account_key_pem = acme_registration.reg.account_key_pem
|
|
|
|
# common_name = "www.distrust.co"
|
|
|
|
# subject_alternative_names = []
|
|
|
|
|
|
|
|
# dns_challenge {
|
|
|
|
# provider = "digitalociean"
|
|
|
|
# }
|
|
|
|
# }
|
|
|
|
|
2023-02-17 03:24:44 +00:00
|
|
|
# # Spaces Bucket
|
|
|
|
# ## Create a new Spaces Bucket
|
|
|
|
# resource "digitalocean_spaces_bucket" "distrust_co" {
|
|
|
|
# name = "distrust-co-bucket"
|
|
|
|
# region = "nyc3"
|
|
|
|
# # acl = "public-read"
|
|
|
|
# }
|
2023-01-30 19:12:17 +00:00
|
|
|
|
2023-02-17 03:24:44 +00:00
|
|
|
# # Add a CDN endpoint to the Spaces Bucket
|
|
|
|
# resource "digitalocean_cdn" "distrust_co" {
|
|
|
|
# origin = digitalocean_spaces_bucket.distrust_co.bucket_domain_name
|
|
|
|
# # certificate_name = digitalocean_certificate.cert.name
|
|
|
|
# # custom_domain = "static.distrust.co"
|
|
|
|
# depends_on = [
|
|
|
|
# digitalocean_spaces_bucket.distrust_co
|
|
|
|
# ]
|
|
|
|
# }
|
2023-01-30 19:12:17 +00:00
|
|
|
|
2023-02-17 03:24:44 +00:00
|
|
|
# ## Handle record for CDN redirect
|
|
|
|
# resource "digitalocean_record" "cdn" {
|
|
|
|
# domain = digitalocean_domain.default.name
|
|
|
|
# type = "CNAME"
|
|
|
|
# name = digitalocean_cdn.distrust_co.origin
|
|
|
|
# value = "${digitalocean_domain.default.name}."
|
|
|
|
# depends_on = [
|
|
|
|
# digitalocean_cdn.distrust_co
|
|
|
|
# ]
|
|
|
|
# }
|
2023-01-31 01:19:08 +00:00
|
|
|
|
|
|
|
# ## Create a DigitalOcean managed Let's Encrypt Certificate
|
|
|
|
# resource "digitalocean_certificate" "cert" {
|
|
|
|
# name = "cdn-cert"
|
|
|
|
# type = "lets_encrypt"
|
|
|
|
# domains = ["static.distrust.co"]
|
|
|
|
# }
|
|
|
|
|
2023-02-17 03:24:44 +00:00
|
|
|
# # Output the endpoint for the CDN resource
|
|
|
|
# output "fqdn" {
|
|
|
|
# value = digitalocean_cdn.distrust_co.endpoint
|
|
|
|
# }
|
|
|
|
# #
|
|
|
|
# output "cdn_origin" {
|
|
|
|
# value = digitalocean_cdn.distrust_co.origin
|
|
|
|
# }
|
2023-01-30 19:12:17 +00:00
|
|
|
|
2023-02-17 03:24:44 +00:00
|
|
|
# # Handle record for distrust.co
|
|
|
|
# resource "digitalocean_record" "distrust_co-cdn" {
|
|
|
|
# domain = digitalocean_domain.default.name
|
|
|
|
# type = "A"
|
|
|
|
# name = "@"
|
|
|
|
# value = "143.198.235.76"
|
|
|
|
# depends_on = [
|
|
|
|
# digitalocean_cdn.distrust_co
|
|
|
|
# ]
|
|
|
|
# }
|
2023-01-30 19:12:17 +00:00
|
|
|
|
|
|
|
# NameCheap Records
|
|
|
|
resource "digitalocean_record" "main" {
|
|
|
|
domain = digitalocean_domain.default.id
|
|
|
|
type = "A"
|
|
|
|
name = "@"
|
|
|
|
value = "143.198.235.76"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "digitalocean_record" "billing" {
|
|
|
|
domain = digitalocean_domain.default.id
|
|
|
|
type = "A"
|
2023-02-17 03:24:44 +00:00
|
|
|
name = "billing"
|
2023-01-30 19:12:17 +00:00
|
|
|
value = "45.16.98.153"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "digitalocean_record" "chat" {
|
|
|
|
domain = digitalocean_domain.default.id
|
2023-02-10 03:56:00 +00:00
|
|
|
type = "CNAME"
|
2023-01-30 19:12:17 +00:00
|
|
|
name = "chat"
|
2023-02-10 03:56:00 +00:00
|
|
|
value = "distrust.element.io."
|
2023-01-30 19:12:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "digitalocean_record" "www" {
|
|
|
|
domain = digitalocean_domain.default.id
|
2023-02-10 03:56:00 +00:00
|
|
|
type = "CNAME"
|
2023-01-30 19:12:17 +00:00
|
|
|
name = "www"
|
2023-02-10 03:56:00 +00:00
|
|
|
value = "${digitalocean_domain.default.id}."
|
2023-01-30 19:12:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
# Mail records
|
|
|
|
## MX main
|
|
|
|
resource "digitalocean_record" "mx1-main" {
|
|
|
|
domain = digitalocean_domain.default.id
|
|
|
|
type = "MX"
|
|
|
|
name = "@"
|
|
|
|
priority = 10
|
|
|
|
value = "aspmx1.migadu.com."
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "digitalocean_record" "mx2-main" {
|
|
|
|
domain = digitalocean_domain.default.id
|
|
|
|
type = "MX"
|
|
|
|
name = "@"
|
|
|
|
priority = 20
|
|
|
|
value = "aspmx2.migadu.com."
|
|
|
|
}
|
|
|
|
|
|
|
|
## MX subdomain wildcard
|
|
|
|
resource "digitalocean_record" "mx1-wildcard" {
|
|
|
|
domain = digitalocean_domain.default.id
|
|
|
|
type = "MX"
|
|
|
|
name = "*"
|
|
|
|
priority = 10
|
|
|
|
value = "aspmx1.migadu.com."
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "digitalocean_record" "mx2-wildcard" {
|
|
|
|
domain = digitalocean_domain.default.id
|
|
|
|
type = "MX"
|
|
|
|
name = "*"
|
|
|
|
priority = 20
|
|
|
|
value = "aspmx2.migadu.com."
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "digitalocean_record" "mail-verification" {
|
|
|
|
domain = digitalocean_domain.default.id
|
|
|
|
type = "TXT"
|
|
|
|
name = "@"
|
|
|
|
value = "hosted-email-verify=kezkgvsn"
|
|
|
|
}
|
|
|
|
|
|
|
|
## DKIM+ARC
|
|
|
|
resource "digitalocean_record" "mail-dkim-primary" {
|
|
|
|
domain = digitalocean_domain.default.id
|
|
|
|
type = "CNAME"
|
|
|
|
name = "key1._domainkey"
|
|
|
|
value = "key1.distrust.co._domainkey.migadu.com."
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "digitalocean_record" "mail-dkim-secondary" {
|
|
|
|
domain = digitalocean_domain.default.id
|
|
|
|
type = "CNAME"
|
|
|
|
name = "key2._domainkey"
|
|
|
|
value = "key2.distrust.co._domainkey.migadu.com."
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "digitalocean_record" "mail-dkim-tertiary" {
|
|
|
|
domain = digitalocean_domain.default.id
|
|
|
|
type = "CNAME"
|
|
|
|
name = "key3._domainkey"
|
|
|
|
value = "key3.distrust.co._domainkey.migadu.com."
|
|
|
|
}
|
|
|
|
|
|
|
|
## SPF
|
|
|
|
resource "digitalocean_record" "mail-spf" {
|
|
|
|
domain = digitalocean_domain.default.id
|
|
|
|
type = "TXT"
|
|
|
|
name = "@"
|
|
|
|
value = "v=spf1 include:spf.migadu.com -all"
|
|
|
|
}
|
|
|
|
|
|
|
|
## DMARC
|
|
|
|
resource "digitalocean_record" "mail-dmarc" {
|
|
|
|
domain = digitalocean_domain.default.id
|
|
|
|
type = "TXT"
|
|
|
|
name = "_dmarc"
|
|
|
|
value = "v=DMARC1; p=quarantine;"
|
|
|
|
}
|
|
|
|
|
|
|
|
## Autodiscovery
|
|
|
|
resource "digitalocean_record" "mail-discovery" {
|
|
|
|
domain = digitalocean_domain.default.id
|
|
|
|
type = "CNAME"
|
|
|
|
name = "autoconfig"
|
|
|
|
value = "autoconfig.migadu.com."
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "digitalocean_record" "mail-src-autodiscover" {
|
|
|
|
domain = digitalocean_domain.default.id
|
|
|
|
type = "SRV"
|
2023-01-31 01:19:08 +00:00
|
|
|
name = "_autodiscover._tcp"
|
|
|
|
port = 443
|
2023-01-30 19:12:17 +00:00
|
|
|
priority = 0
|
2023-01-31 01:19:08 +00:00
|
|
|
weight = 1
|
2023-01-30 19:12:17 +00:00
|
|
|
value = "smtp.migadu.com"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "digitalocean_record" "mail-srv-submissions" {
|
|
|
|
domain = digitalocean_domain.default.id
|
|
|
|
type = "SRV"
|
2023-01-31 01:19:08 +00:00
|
|
|
name = "_submissions._tcp"
|
|
|
|
port = 465
|
2023-01-30 19:12:17 +00:00
|
|
|
priority = 0
|
2023-01-31 01:19:08 +00:00
|
|
|
weight = 1
|
2023-01-30 19:12:17 +00:00
|
|
|
value = "smtp.migadu.com"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "digitalocean_record" "mail-srv-imaps" {
|
|
|
|
domain = digitalocean_domain.default.id
|
|
|
|
type = "SRV"
|
2023-01-31 01:19:08 +00:00
|
|
|
name = "_imaps._tcp"
|
|
|
|
port = 993
|
2023-01-30 19:12:17 +00:00
|
|
|
priority = 0
|
2023-01-31 01:19:08 +00:00
|
|
|
weight = 1
|
2023-01-30 19:12:17 +00:00
|
|
|
value = "imap.migadu.com"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "digitalocean_record" "mail-srv-pop3s" {
|
|
|
|
domain = digitalocean_domain.default.id
|
|
|
|
type = "SRV"
|
2023-01-31 01:19:08 +00:00
|
|
|
name = "_pop3s._tcp"
|
|
|
|
port = 995
|
2023-01-30 19:12:17 +00:00
|
|
|
priority = 0
|
2023-01-31 01:19:08 +00:00
|
|
|
weight = 1
|
2023-01-30 19:12:17 +00:00
|
|
|
value = "pop.migadu.com"
|
|
|
|
}
|