1
0
Fork 0
distrust-stack/backend/main.tf

241 lines
5.7 KiB
HCL

# Main domain resource
resource "digitalocean_domain" "default" {
name = "distrust.co"
}
# # Let's Encrypt
# ## Private key
# resource "tls_private_key" "private_key" {
# algorithm = "RSA"
# }
# ## ACME registration
# resource "acme_registration" "reg" {
# account_key_pem = tls_private_key.private_key.private_key_pem
# email_address = "team@distrust.co"
# }
# ## ACME certificate
# resource "acme_certificate" "certificate" {
# account_key_pem = acme_registration.reg.account_key_pem
# common_name = "www.distrust.co"
# subject_alternative_names = []
# dns_challenge {
# provider = "digitalociean"
# }
# }
# # Spaces Bucket
# ## Create a new Spaces Bucket
# resource "digitalocean_spaces_bucket" "distrust_co" {
# name = "distrust-co-bucket"
# region = "nyc3"
# # acl = "public-read"
# }
# # Add a CDN endpoint to the Spaces Bucket
# resource "digitalocean_cdn" "distrust_co" {
# origin = digitalocean_spaces_bucket.distrust_co.bucket_domain_name
# # certificate_name = digitalocean_certificate.cert.name
# # custom_domain = "static.distrust.co"
# depends_on = [
# digitalocean_spaces_bucket.distrust_co
# ]
# }
# ## Handle record for CDN redirect
# resource "digitalocean_record" "cdn" {
# domain = digitalocean_domain.default.name
# type = "CNAME"
# name = digitalocean_cdn.distrust_co.origin
# value = "${digitalocean_domain.default.name}."
# depends_on = [
# digitalocean_cdn.distrust_co
# ]
# }
# ## Create a DigitalOcean managed Let's Encrypt Certificate
# resource "digitalocean_certificate" "cert" {
# name = "cdn-cert"
# type = "lets_encrypt"
# domains = ["static.distrust.co"]
# }
# # Output the endpoint for the CDN resource
# output "fqdn" {
# value = digitalocean_cdn.distrust_co.endpoint
# }
# #
# output "cdn_origin" {
# value = digitalocean_cdn.distrust_co.origin
# }
# # Handle record for distrust.co
# resource "digitalocean_record" "distrust_co-cdn" {
# domain = digitalocean_domain.default.name
# type = "A"
# name = "@"
# value = "143.198.235.76"
# depends_on = [
# digitalocean_cdn.distrust_co
# ]
# }
# NameCheap Records
resource "digitalocean_record" "main" {
domain = digitalocean_domain.default.id
type = "A"
name = "@"
value = "143.198.235.76"
}
resource "digitalocean_record" "billing" {
domain = digitalocean_domain.default.id
type = "A"
name = "billing"
value = "45.16.98.153"
}
resource "digitalocean_record" "chat" {
domain = digitalocean_domain.default.id
type = "CNAME"
name = "chat"
value = "distrust.element.io."
}
resource "digitalocean_record" "www" {
domain = digitalocean_domain.default.id
type = "CNAME"
name = "www"
value = "${digitalocean_domain.default.id}."
}
# Mail records
## MX main
resource "digitalocean_record" "mx1-main" {
domain = digitalocean_domain.default.id
type = "MX"
name = "@"
priority = 10
value = "aspmx1.migadu.com."
}
resource "digitalocean_record" "mx2-main" {
domain = digitalocean_domain.default.id
type = "MX"
name = "@"
priority = 20
value = "aspmx2.migadu.com."
}
## MX subdomain wildcard
resource "digitalocean_record" "mx1-wildcard" {
domain = digitalocean_domain.default.id
type = "MX"
name = "*"
priority = 10
value = "aspmx1.migadu.com."
}
resource "digitalocean_record" "mx2-wildcard" {
domain = digitalocean_domain.default.id
type = "MX"
name = "*"
priority = 20
value = "aspmx2.migadu.com."
}
resource "digitalocean_record" "mail-verification" {
domain = digitalocean_domain.default.id
type = "TXT"
name = "@"
value = "hosted-email-verify=kezkgvsn"
}
## DKIM+ARC
resource "digitalocean_record" "mail-dkim-primary" {
domain = digitalocean_domain.default.id
type = "CNAME"
name = "key1._domainkey"
value = "key1.distrust.co._domainkey.migadu.com."
}
resource "digitalocean_record" "mail-dkim-secondary" {
domain = digitalocean_domain.default.id
type = "CNAME"
name = "key2._domainkey"
value = "key2.distrust.co._domainkey.migadu.com."
}
resource "digitalocean_record" "mail-dkim-tertiary" {
domain = digitalocean_domain.default.id
type = "CNAME"
name = "key3._domainkey"
value = "key3.distrust.co._domainkey.migadu.com."
}
## SPF
resource "digitalocean_record" "mail-spf" {
domain = digitalocean_domain.default.id
type = "TXT"
name = "@"
value = "v=spf1 include:spf.migadu.com -all"
}
## DMARC
resource "digitalocean_record" "mail-dmarc" {
domain = digitalocean_domain.default.id
type = "TXT"
name = "_dmarc"
value = "v=DMARC1; p=quarantine;"
}
## Autodiscovery
resource "digitalocean_record" "mail-discovery" {
domain = digitalocean_domain.default.id
type = "CNAME"
name = "autoconfig"
value = "autoconfig.migadu.com."
}
resource "digitalocean_record" "mail-src-autodiscover" {
domain = digitalocean_domain.default.id
type = "SRV"
name = "_autodiscover._tcp"
port = 443
priority = 0
weight = 1
value = "smtp.migadu.com"
}
resource "digitalocean_record" "mail-srv-submissions" {
domain = digitalocean_domain.default.id
type = "SRV"
name = "_submissions._tcp"
port = 465
priority = 0
weight = 1
value = "smtp.migadu.com"
}
resource "digitalocean_record" "mail-srv-imaps" {
domain = digitalocean_domain.default.id
type = "SRV"
name = "_imaps._tcp"
port = 993
priority = 0
weight = 1
value = "imap.migadu.com"
}
resource "digitalocean_record" "mail-srv-pop3s" {
domain = digitalocean_domain.default.id
type = "SRV"
name = "_pop3s._tcp"
port = 995
priority = 0
weight = 1
value = "pop.migadu.com"
}