forked from public/stack
239 lines
5.4 KiB
HCL
239 lines
5.4 KiB
HCL
# Main domain resource
|
|
resource "digitalocean_domain" "default" {
|
|
name = "distrust.co"
|
|
}
|
|
|
|
# # Let's Encrypt
|
|
# ## Private key
|
|
# resource "tls_private_key" "private_key" {
|
|
# algorithm = "RSA"
|
|
# }
|
|
|
|
# ## ACME registration
|
|
# resource "acme_registration" "reg" {
|
|
# account_key_pem = tls_private_key.private_key.private_key_pem
|
|
# email_address = "team@distrust.co"
|
|
# }
|
|
|
|
# ## ACME certificate
|
|
# resource "acme_certificate" "certificate" {
|
|
# account_key_pem = acme_registration.reg.account_key_pem
|
|
# common_name = "www.distrust.co"
|
|
# subject_alternative_names = []
|
|
|
|
# dns_challenge {
|
|
# provider = "digitalociean"
|
|
# }
|
|
# }
|
|
|
|
# Spaces Bucket
|
|
## Create a new Spaces Bucket
|
|
resource "digitalocean_spaces_bucket" "distrust_co" {
|
|
name = "distrust-co-website"
|
|
region = "nyc3"
|
|
acl = "public-read"
|
|
}
|
|
|
|
## Handle record for CDN redirect
|
|
resource "digitalocean_record" "cdn" {
|
|
domain = "distrust.co"
|
|
type = "CNAME"
|
|
name = "${digitalocean_cdn.distrust_co.origin}."
|
|
value = "distrust.co"
|
|
}
|
|
|
|
## Create a DigitalOcean managed Let's Encrypt Certificate
|
|
resource "digitalocean_certificate" "cert" {
|
|
name = "cdn-cert"
|
|
type = "lets_encrypt"
|
|
domains = ["static.distrust.co"]
|
|
}
|
|
|
|
# Add a CDN endpoint to the Spaces Bucket
|
|
resource "digitalocean_cdn" "distrust_co" {
|
|
origin = digitalocean_spaces_bucket.distrust_co.bucket_domain_name
|
|
certificate_name = digitalocean_certificate.cert.name
|
|
custom_domain = "static.distrust.co"
|
|
}
|
|
|
|
# Output the endpoint for the CDN resource
|
|
output "fqdn" {
|
|
value = digitalocean_cdn.distrust_co.endpoint
|
|
}
|
|
#
|
|
output "cdn_origin" {
|
|
value = digitalocean_cdn.distrust_co.origin
|
|
}
|
|
|
|
# Handle record for distrust.co
|
|
resource "digitalocean_record" "distrust_co" {
|
|
domain = "distrust.co"
|
|
type = "CNAME"
|
|
name = "@"
|
|
value = digitalocean_cdn.distrust_co.origin
|
|
}
|
|
|
|
resource "digitalocean_record" "CNAME-www" {
|
|
domain = digitalocean_domain.default.name
|
|
type = "CNAME"
|
|
name = "www"
|
|
value = "@"
|
|
}
|
|
|
|
# NameCheap Records
|
|
resource "digitalocean_record" "main" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "A"
|
|
name = "@"
|
|
value = "143.198.235.76"
|
|
}
|
|
|
|
resource "digitalocean_record" "billing" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "A"
|
|
name = "billing"
|
|
value = "45.16.98.153"
|
|
}
|
|
|
|
resource "digitalocean_record" "chat" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "A"
|
|
name = "chat"
|
|
value = "143.198.235.76"
|
|
}
|
|
|
|
resource "digitalocean_record" "www" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "A"
|
|
name = "www"
|
|
value = "143.198.235.76"
|
|
}
|
|
|
|
# Mail records
|
|
## MX main
|
|
resource "digitalocean_record" "mx1-main" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "MX"
|
|
name = "@"
|
|
priority = 10
|
|
value = "aspmx1.migadu.com."
|
|
}
|
|
|
|
resource "digitalocean_record" "mx2-main" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "MX"
|
|
name = "@"
|
|
priority = 20
|
|
value = "aspmx2.migadu.com."
|
|
}
|
|
|
|
## MX subdomain wildcard
|
|
resource "digitalocean_record" "mx1-wildcard" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "MX"
|
|
name = "*"
|
|
priority = 10
|
|
value = "aspmx1.migadu.com."
|
|
}
|
|
|
|
resource "digitalocean_record" "mx2-wildcard" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "MX"
|
|
name = "*"
|
|
priority = 20
|
|
value = "aspmx2.migadu.com."
|
|
}
|
|
|
|
resource "digitalocean_record" "mail-verification" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "TXT"
|
|
name = "@"
|
|
value = "hosted-email-verify=kezkgvsn"
|
|
}
|
|
|
|
## DKIM+ARC
|
|
resource "digitalocean_record" "mail-dkim-primary" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "CNAME"
|
|
name = "key1._domainkey"
|
|
value = "key1.distrust.co._domainkey.migadu.com."
|
|
}
|
|
|
|
resource "digitalocean_record" "mail-dkim-secondary" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "CNAME"
|
|
name = "key2._domainkey"
|
|
value = "key2.distrust.co._domainkey.migadu.com."
|
|
}
|
|
|
|
resource "digitalocean_record" "mail-dkim-tertiary" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "CNAME"
|
|
name = "key3._domainkey"
|
|
value = "key3.distrust.co._domainkey.migadu.com."
|
|
}
|
|
|
|
## SPF
|
|
resource "digitalocean_record" "mail-spf" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "TXT"
|
|
name = "@"
|
|
value = "v=spf1 include:spf.migadu.com -all"
|
|
}
|
|
|
|
## DMARC
|
|
resource "digitalocean_record" "mail-dmarc" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "TXT"
|
|
name = "_dmarc"
|
|
value = "v=DMARC1; p=quarantine;"
|
|
}
|
|
|
|
## Autodiscovery
|
|
resource "digitalocean_record" "mail-discovery" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "CNAME"
|
|
name = "autoconfig"
|
|
value = "autoconfig.migadu.com."
|
|
}
|
|
|
|
resource "digitalocean_record" "mail-src-autodiscover" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "SRV"
|
|
name = "_autodiscover"
|
|
port = 443
|
|
priority = 0
|
|
weight = 1
|
|
value = "smtp.migadu.com"
|
|
}
|
|
|
|
resource "digitalocean_record" "mail-srv-submissions" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "SRV"
|
|
name = "_submissions"
|
|
port = 465
|
|
priority = 0
|
|
weight = 1
|
|
value = "smtp.migadu.com"
|
|
}
|
|
|
|
resource "digitalocean_record" "mail-srv-imaps" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "SRV"
|
|
name = "_imaps"
|
|
port = 993
|
|
priority = 0
|
|
weight = 1
|
|
value = "imap.migadu.com"
|
|
}
|
|
|
|
resource "digitalocean_record" "mail-srv-pop3s" {
|
|
domain = digitalocean_domain.default.id
|
|
type = "SRV"
|
|
name = "_pop3s"
|
|
port = 995
|
|
priority = 0
|
|
weight = 1
|
|
value = "pop.migadu.com"
|
|
}
|