diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 95b594a..4de8308 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -44,22 +44,24 @@ provider "registry.terraform.io/hashicorp/local" { ] } -provider "registry.terraform.io/hashicorp/tls" { - version = "4.0.4" +provider "registry.terraform.io/namecheap/namecheap" { + version = "2.1.0" + constraints = ">= 2.0.0" hashes = [ - "h1:Wd3RqmQW60k2QWPN4sK5CtjGuO1d+CRNXgC+D4rKtXc=", - "zh:23671ed83e1fcf79745534841e10291bbf34046b27d6e68a5d0aab77206f4a55", - "zh:45292421211ffd9e8e3eb3655677700e3c5047f71d8f7650d2ce30242335f848", - "zh:59fedb519f4433c0fdb1d58b27c210b27415fddd0cd73c5312530b4309c088be", - "zh:5a8eec2409a9ff7cd0758a9d818c74bcba92a240e6c5e54b99df68fff312bbd5", - "zh:5e6a4b39f3171f53292ab88058a59e64825f2b842760a4869e64dc1dc093d1fe", - "zh:810547d0bf9311d21c81cc306126d3547e7bd3f194fc295836acf164b9f8424e", - "zh:824a5f3617624243bed0259d7dd37d76017097dc3193dac669be342b90b2ab48", - "zh:9361ccc7048be5dcbc2fafe2d8216939765b3160bd52734f7a9fd917a39ecbd8", - "zh:aa02ea625aaf672e649296bce7580f62d724268189fe9ad7c1b36bb0fa12fa60", - "zh:c71b4cd40d6ec7815dfeefd57d88bc592c0c42f5e5858dcc88245d371b4b8b1e", - "zh:dabcd52f36b43d250a3d71ad7abfa07b5622c69068d989e60b79b2bb4f220316", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "h1:hprk50lXtEO7BrFukatptEoK/B59/GLyuR4gJyBE2Nw=", + "zh:3731f5f14a0958cd27a589ef7daa9be786b6490f2309c429eb2e9862aa4ac5f7", + "zh:3cbceb12ec3521d9dfbd890eee731a40f4e1f42de30d28fc1d1e524091148caa", + "zh:44095af1b1d1ee6d4b930e21e3c5bf0f81d9df65fe04f6f1e55d46713c240b21", + "zh:693e169228fe0c5fb1989425b1ad42c1206f8187c9932b4daee5a5c5e851a28e", + "zh:6b04c3c2666db3050f49bc85151496fe33cf852db9ad8fc6f455d1daf0a2bba6", + "zh:85fd126a573cc468f8d5d1b90f4a94f5977ea40623b1c5cd7c799bb95ef233bd", + "zh:99014437ef4e96161b0029efa12f05fa1ab63ff9bc0a255b0a249e17b4f8587a", + "zh:a4d8288ef01d4002a5aa07d1e64e4504757f07d6ada24fbf7d3670ceb24d2871", + "zh:d27f7798cbe1957294bb08459b1fbabe68721cc9cc50afee80bda87ce674dab8", + "zh:d85483f90380829d05b8a2725ce50bf2ee766d6c1cbef223b388d19c5a92dce2", + "zh:ddfecfbefd32e40386b482a2610e4173a52591afea3861f041041439d51d34da", + "zh:f9a10edfe11dbc4947cbb2f0db8935050693d5fff3b6559096288c689c2dd847", + "zh:fae14a74781a94bcaac07b6d533dd9eb1e40c1d152eb6ee49b2a44cdf5740cfe", ] } diff --git a/backend/.terraform.lock.hcl b/backend/.terraform.lock.hcl new file mode 100644 index 0000000..ee9d643 --- /dev/null +++ b/backend/.terraform.lock.hcl @@ -0,0 +1,68 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/digitalocean/digitalocean" { + version = "2.25.2" + constraints = "2.25.2" + hashes = [ + "h1:OreINFf349wOcU2trD8gmP2/dFYT85ltyG0YIQ+d4GA=", + "zh:0accb40afb05425f20ff93426c69fa9585fd269f5a0caff9e03173ca3a0f66f0", + "zh:0e389b5ebfce42a9a1c78b576acffa6d4f1cfa421810537e6e096a254ff3fec8", + "zh:12441f028af172a823b452bb017721d7bf2f6f14e343ac90f361c7bb73ff0874", + "zh:18e04874d833d014617ee94971b8ef4638931a3ee7c572f86ee816b74911bcb5", + "zh:4e728375e24fdc37e791b3f234c991da342dbad8e1bd878531dd45ab6710c4fe", + "zh:4f76bea793d71ae85c72275bd1a5d28ce72afbb41e6cf51cc74d19a470b2c4dc", + "zh:588fd686e257b9d989427106e16b7d35a805cf6c1f532dca8fd61c09f19cc95a", + "zh:5b433b49869a45d96b95e921dd3cc713471dfa78157fe6f89f09d41c689256c2", + "zh:5de660180ab655b64e579564ec5f60f63d7c6633f47dfe4c8ac5a6718d19b5ea", + "zh:6395f4d9995f525469d88825f56c88f46b3466db26a3962a645c9a2e65e60dad", + "zh:7b04b9ca110f3876000616f9f3f046a974a20db93583786f26dccf10ed9372cf", + "zh:81b02a7247a0142075315cdbccd41138c01ed3327036c6b3b417859b06fdac0d", + "zh:99e4cf8818eed4e0516a939658ae89a8eefeb4dd9d49303b47b28dc844f983ac", + "zh:a85ddbfc6db67508a64c95edd333132efbc40ab7b4d6266023750dc7756f6bec", + "zh:b7e9ee035192e2f4d8db11d33e0dabd1969135901bae52d96001fce5f2a4dce8", + "zh:ec5d133c03319ec103c80d954be31dd673f44e9c93ec9ed951576e110549b59f", + ] +} + +provider "registry.terraform.io/namecheap/namecheap" { + version = "2.1.0" + constraints = ">= 2.0.0" + hashes = [ + "h1:hprk50lXtEO7BrFukatptEoK/B59/GLyuR4gJyBE2Nw=", + "zh:3731f5f14a0958cd27a589ef7daa9be786b6490f2309c429eb2e9862aa4ac5f7", + "zh:3cbceb12ec3521d9dfbd890eee731a40f4e1f42de30d28fc1d1e524091148caa", + "zh:44095af1b1d1ee6d4b930e21e3c5bf0f81d9df65fe04f6f1e55d46713c240b21", + "zh:693e169228fe0c5fb1989425b1ad42c1206f8187c9932b4daee5a5c5e851a28e", + "zh:6b04c3c2666db3050f49bc85151496fe33cf852db9ad8fc6f455d1daf0a2bba6", + "zh:85fd126a573cc468f8d5d1b90f4a94f5977ea40623b1c5cd7c799bb95ef233bd", + "zh:99014437ef4e96161b0029efa12f05fa1ab63ff9bc0a255b0a249e17b4f8587a", + "zh:a4d8288ef01d4002a5aa07d1e64e4504757f07d6ada24fbf7d3670ceb24d2871", + "zh:d27f7798cbe1957294bb08459b1fbabe68721cc9cc50afee80bda87ce674dab8", + "zh:d85483f90380829d05b8a2725ce50bf2ee766d6c1cbef223b388d19c5a92dce2", + "zh:ddfecfbefd32e40386b482a2610e4173a52591afea3861f041041439d51d34da", + "zh:f9a10edfe11dbc4947cbb2f0db8935050693d5fff3b6559096288c689c2dd847", + "zh:fae14a74781a94bcaac07b6d533dd9eb1e40c1d152eb6ee49b2a44cdf5740cfe", + ] +} + +provider "registry.terraform.io/vancluever/acme" { + version = "2.12.0" + constraints = "~> 2.0" + hashes = [ + "h1:/vWhC9ly4N+BehMDxETXSeCWe2w+1MZgM6Ai6cHxpYY=", + "zh:10f52acfdc36510ece0790af4c93f88bc8bb3270cd23fac1f740900dbceff317", + "zh:24e52840e1d7a369a522465b7ab3ab3b13236fb9731867cfaa1957c3a0d09254", + "zh:354f87de829707e625cb6da2318796b314897a6dd639ce367e397496a86af9fb", + "zh:3569b27c707fa4170c9c736116aa6ecbd25c3d3c94558e9001e2aed858ee6ac6", + "zh:429427787e450138db9100fec60966b26810d1447b9b675cea56259e0b3bf4c6", + "zh:533ae7a09e83b2ed5235ef607815468daadfa78c722e85d3f3c6f6a740dee40e", + "zh:772b346540392b43dd422b5e77e1008953f9df1538545d61cba35d12bc569fa1", + "zh:7a9e6f5b6470f16a640e5751f95375b654fa63bbf702d2c20ef616be0b2fe80f", + "zh:a186f1121c9a802cce71045245b861aa09b7a7dc0e93fd913b261f8d892ff2d5", + "zh:b1521cb89a7166e26dd2b9dedd1f45e43a037de50ea19e42856e740b64bdaba9", + "zh:c152efb60e50e8a298fc66a3446cb47d1b110c642681df8fe3ab4892711b530a", + "zh:c6491988233db2691f26e821c1b81aa30c017f194fa3a17b98447076cae30d41", + "zh:ea564dcf2cc65610103495f8b18baf0fe4a0664e06f4fc7006c0938ac15227c1", + ] +} diff --git a/backend/main.tf b/backend/main.tf new file mode 100644 index 0000000..1afe857 --- /dev/null +++ b/backend/main.tf @@ -0,0 +1,238 @@ +# Main domain resource +resource "digitalocean_domain" "default" { + name = "distrust.co" +} + +# # Let's Encrypt +# ## Private key +# resource "tls_private_key" "private_key" { +# algorithm = "RSA" +# } + +# ## ACME registration +# resource "acme_registration" "reg" { +# account_key_pem = tls_private_key.private_key.private_key_pem +# email_address = "team@distrust.co" +# } + +# ## ACME certificate +# resource "acme_certificate" "certificate" { +# account_key_pem = acme_registration.reg.account_key_pem +# common_name = "www.distrust.co" +# subject_alternative_names = [] + +# dns_challenge { +# provider = "digitalociean" +# } +# } + +# Spaces Bucket +## Create a new Spaces Bucket +resource "digitalocean_spaces_bucket" "distrust_co" { + name = "distrust-co-website" + region = "nyc3" + acl = "public-read" +} + +## Handle record for CDN redirect +resource "digitalocean_record" "cdn" { + domain = "distrust.co" + type = "CNAME" + name = "${digitalocean_cdn.distrust_co.origin}." + value = "distrust.co" +} + +## Create a DigitalOcean managed Let's Encrypt Certificate +resource "digitalocean_certificate" "cert" { + name = "cdn-cert" + type = "lets_encrypt" + domains = ["static.distrust.co"] +} + +# Add a CDN endpoint to the Spaces Bucket +resource "digitalocean_cdn" "distrust_co" { + origin = digitalocean_spaces_bucket.distrust_co.bucket_domain_name + certificate_name = digitalocean_certificate.cert.name + custom_domain = "static.distrust.co" +} + +# Output the endpoint for the CDN resource +output "fqdn" { + value = digitalocean_cdn.distrust_co.endpoint +} + # +output "cdn_origin" { + value = digitalocean_cdn.distrust_co.origin +} + +# Handle record for distrust.co +resource "digitalocean_record" "distrust_co" { + domain = "distrust.co" + type = "CNAME" + name = "@" + value = digitalocean_cdn.distrust_co.origin +} + +resource "digitalocean_record" "CNAME-www" { + domain = digitalocean_domain.default.name + type = "CNAME" + name = "www" + value = "@" +} + +# NameCheap Records +resource "digitalocean_record" "main" { + domain = digitalocean_domain.default.id + type = "A" + name = "@" + value = "143.198.235.76" +} + +resource "digitalocean_record" "billing" { + domain = digitalocean_domain.default.id + type = "A" + name = "billing" + value = "45.16.98.153" +} + +resource "digitalocean_record" "chat" { + domain = digitalocean_domain.default.id + type = "A" + name = "chat" + value = "143.198.235.76" +} + +resource "digitalocean_record" "www" { + domain = digitalocean_domain.default.id + type = "A" + name = "www" + value = "143.198.235.76" +} + +# Mail records +## MX main +resource "digitalocean_record" "mx1-main" { + domain = digitalocean_domain.default.id + type = "MX" + name = "@" + priority = 10 + value = "aspmx1.migadu.com." +} + +resource "digitalocean_record" "mx2-main" { + domain = digitalocean_domain.default.id + type = "MX" + name = "@" + priority = 20 + value = "aspmx2.migadu.com." +} + +## MX subdomain wildcard +resource "digitalocean_record" "mx1-wildcard" { + domain = digitalocean_domain.default.id + type = "MX" + name = "*" + priority = 10 + value = "aspmx1.migadu.com." +} + +resource "digitalocean_record" "mx2-wildcard" { + domain = digitalocean_domain.default.id + type = "MX" + name = "*" + priority = 20 + value = "aspmx2.migadu.com." +} + +resource "digitalocean_record" "mail-verification" { + domain = digitalocean_domain.default.id + type = "TXT" + name = "@" + value = "hosted-email-verify=kezkgvsn" +} + +## DKIM+ARC +resource "digitalocean_record" "mail-dkim-primary" { + domain = digitalocean_domain.default.id + type = "CNAME" + name = "key1._domainkey" + value = "key1.distrust.co._domainkey.migadu.com." +} + +resource "digitalocean_record" "mail-dkim-secondary" { + domain = digitalocean_domain.default.id + type = "CNAME" + name = "key2._domainkey" + value = "key2.distrust.co._domainkey.migadu.com." +} + +resource "digitalocean_record" "mail-dkim-tertiary" { + domain = digitalocean_domain.default.id + type = "CNAME" + name = "key3._domainkey" + value = "key3.distrust.co._domainkey.migadu.com." +} + +## SPF +resource "digitalocean_record" "mail-spf" { + domain = digitalocean_domain.default.id + type = "TXT" + name = "@" + value = "v=spf1 include:spf.migadu.com -all" +} + +## DMARC +resource "digitalocean_record" "mail-dmarc" { + domain = digitalocean_domain.default.id + type = "TXT" + name = "_dmarc" + value = "v=DMARC1; p=quarantine;" +} + +## Autodiscovery +resource "digitalocean_record" "mail-discovery" { + domain = digitalocean_domain.default.id + type = "CNAME" + name = "autoconfig" + value = "autoconfig.migadu.com." +} + +resource "digitalocean_record" "mail-src-autodiscover" { + domain = digitalocean_domain.default.id + type = "SRV" + name = "_autodiscover" + port = 443 + priority = 0 + weight = 1 + value = "smtp.migadu.com" +} + +resource "digitalocean_record" "mail-srv-submissions" { + domain = digitalocean_domain.default.id + type = "SRV" + name = "_submissions" + port = 465 + priority = 0 + weight = 1 + value = "smtp.migadu.com" +} + +resource "digitalocean_record" "mail-srv-imaps" { + domain = digitalocean_domain.default.id + type = "SRV" + name = "_imaps" + port = 993 + priority = 0 + weight = 1 + value = "imap.migadu.com" +} + +resource "digitalocean_record" "mail-srv-pop3s" { + domain = digitalocean_domain.default.id + type = "SRV" + name = "_pop3s" + port = 995 + priority = 0 + weight = 1 + value = "pop.migadu.com" +} diff --git a/backend/provider.tf b/backend/provider.tf new file mode 100644 index 0000000..9559867 --- /dev/null +++ b/backend/provider.tf @@ -0,0 +1,39 @@ +terraform { + required_providers { + digitalocean = { + source = "digitalocean/digitalocean" + version = "2.25.2" + } + acme = { + source = "vancluever/acme" + version = "~> 2.0" + } + namecheap = { + source = "namecheap/namecheap" + version = ">= 2.0.0" + } + } +} + +provider "digitalocean" { + token = var.do_token + spaces_access_id = var.spaces_access_id + spaces_secret_key = var.spaces_secret +} + +provider "acme" { + server_url = "https://acme-v02.api.letsencrypt.org/directory" +} + +provider "namecheap" { + user_name = var.namecheap_user + api_user = var.namecheap_api_user + api_key = var.namecheap_api_key +} + +variable "do_token" {} +variable "spaces_access_id" {} +variable "spaces_secret" {} +variable "namecheap_user" {} +variable "namecheap_api_user" {} +variable "namecheap_api_key" {} \ No newline at end of file diff --git a/letsencrypt.tf b/letsencrypt.tf deleted file mode 100644 index 356ec4c..0000000 --- a/letsencrypt.tf +++ /dev/null @@ -1,38 +0,0 @@ -resource "digitalocean_domain" "default" { - name = "distrust.co" -} - -# Handle record for www redirect -resource "digitalocean_record" "www" { - domain = "distrust.co" - type = "CNAME" - name = "www" - value = digitalocean_cdn.distrust_co.origin -} - -# Handle record for distrust.co -resource "digitalocean_record" "distrust_co" { - domain = "distrust.co" - type = "CNAME" - name = "@" - value = digitalocean_cdn.distrust_co.origin -} - -resource "tls_private_key" "private_key" { - algorithm = "RSA" -} - -resource "acme_registration" "reg" { - account_key_pem = tls_private_key.private_key.private_key_pem - email_address = "team@distrust.co" -} - -resource "acme_certificate" "certificate" { - account_key_pem = acme_registration.reg.account_key_pem - common_name = "www.distrust.co" - subject_alternative_names = [] - - dns_challenge { - provider = "digitalociean" - } -} \ No newline at end of file diff --git a/website.tf b/main/main.tf similarity index 51% rename from website.tf rename to main/main.tf index daf5745..fd7564e 100644 --- a/website.tf +++ b/main/main.tf @@ -1,10 +1,3 @@ -# Upload files to Digital Ocean -## The Digital Ocean Spaces API is compatible with Amazon S3 -# resource "local_exec" "s3cmd" { -# command = "s3cmd put --recursive --acl-public --guess-mime-type --verbose static/ s3://static-site/" -# depends_on = [local_file.index_html, local_file.static_dir] -# } - # Create local directories as scratch space resource "local_file" "openpgpkey" { filename = ".well-known/openpgpkey/policy" @@ -27,32 +20,9 @@ resource "local_file" "policy" { depends_on = [local_file.openpgpkey] } -# # Execute commands required to fetch PGP keys -# resource "local_exec" "command1" { -# command = "command1 arg1 arg2" -# output = var.output1 -# depends_on = [local_file.openpgpkey] -# } - -# # Execute commands to build static site -# resource "local_exec" "command2" { -# command = "command2 ${var.output1} arg2" -# depends_on = [local_exec.command1] -# } - -# Create a new Spaces Bucket -resource "digitalocean_spaces_bucket" "distrust_co" { - name = "distrust-co" - region = "nyc3" - acl = "public-read" -} - -# Add a CDN endpoint to the Spaces Bucket -resource "digitalocean_cdn" "distrust_co" { - origin = digitalocean_spaces_bucket.distrust_co.bucket_domain_name -} - -# Output the endpoint for the CDN resource -output "fqdn" { - value = digitalocean_cdn.distrust_co.endpoint -} \ No newline at end of file +# Upload files to Digital Ocean +## The Digital Ocean Spaces API is compatible with Amazon S3 +# resource "local_exec" "s3cmd" { +# command = "s3cmd put --recursive --acl-public --guess-mime-type --verbose static/ s3://static-site/" +# depends_on = [local_file.index_html, local_file.static_dir] +# } \ No newline at end of file diff --git a/provider.tf b/main/provider.tf similarity index 64% rename from provider.tf rename to main/provider.tf index d05a38b..bb9b2dc 100644 --- a/provider.tf +++ b/main/provider.tf @@ -4,10 +4,6 @@ terraform { source = "digitalocean/digitalocean" version = "2.25.2" } - acme = { - source = "vancluever/acme" - version = "~> 2.0" - } } } @@ -17,10 +13,6 @@ provider "digitalocean" { spaces_secret_key = var.spaces_secret } -provider "acme" { - server_url = "https://acme-v02.api.letsencrypt.org/directory" -} - variable "do_token" {} variable "spaces_access_id" {} variable "spaces_secret" {} \ No newline at end of file