# Main domain resource resource "digitalocean_domain" "default" { name = "distrust.co" } # # Let's Encrypt # ## Private key # resource "tls_private_key" "private_key" { # algorithm = "RSA" # } # ## ACME registration # resource "acme_registration" "reg" { # account_key_pem = tls_private_key.private_key.private_key_pem # email_address = "team@distrust.co" # } # ## ACME certificate # resource "acme_certificate" "certificate" { # account_key_pem = acme_registration.reg.account_key_pem # common_name = "www.distrust.co" # subject_alternative_names = [] # dns_challenge { # provider = "digitalociean" # } # } # # Spaces Bucket # ## Create a new Spaces Bucket # resource "digitalocean_spaces_bucket" "distrust_co" { # name = "distrust-co-bucket" # region = "nyc3" # # acl = "public-read" # } # # Add a CDN endpoint to the Spaces Bucket # resource "digitalocean_cdn" "distrust_co" { # origin = digitalocean_spaces_bucket.distrust_co.bucket_domain_name # # certificate_name = digitalocean_certificate.cert.name # # custom_domain = "static.distrust.co" # depends_on = [ # digitalocean_spaces_bucket.distrust_co # ] # } # ## Handle record for CDN redirect # resource "digitalocean_record" "cdn" { # domain = digitalocean_domain.default.name # type = "CNAME" # name = digitalocean_cdn.distrust_co.origin # value = "${digitalocean_domain.default.name}." # depends_on = [ # digitalocean_cdn.distrust_co # ] # } # ## Create a DigitalOcean managed Let's Encrypt Certificate # resource "digitalocean_certificate" "cert" { # name = "cdn-cert" # type = "lets_encrypt" # domains = ["static.distrust.co"] # } # # Output the endpoint for the CDN resource # output "fqdn" { # value = digitalocean_cdn.distrust_co.endpoint # } # # # output "cdn_origin" { # value = digitalocean_cdn.distrust_co.origin # } # # Handle record for distrust.co # resource "digitalocean_record" "distrust_co-cdn" { # domain = digitalocean_domain.default.name # type = "A" # name = "@" # value = "143.198.235.76" # depends_on = [ # digitalocean_cdn.distrust_co # ] # } # NameCheap Records resource "digitalocean_record" "main" { domain = digitalocean_domain.default.id type = "A" name = "@" value = "143.198.235.76" } resource "digitalocean_record" "billing" { domain = digitalocean_domain.default.id type = "A" name = "billing" value = "45.16.98.153" } resource "digitalocean_record" "chat" { domain = digitalocean_domain.default.id type = "CNAME" name = "chat" value = "distrust.element.io." } resource "digitalocean_record" "www" { domain = digitalocean_domain.default.id type = "CNAME" name = "www" value = "${digitalocean_domain.default.id}." } # Mail records ## MX main resource "digitalocean_record" "mx1-main" { domain = digitalocean_domain.default.id type = "MX" name = "@" priority = 10 value = "aspmx1.migadu.com." } resource "digitalocean_record" "mx2-main" { domain = digitalocean_domain.default.id type = "MX" name = "@" priority = 20 value = "aspmx2.migadu.com." } ## MX subdomain wildcard resource "digitalocean_record" "mx1-wildcard" { domain = digitalocean_domain.default.id type = "MX" name = "*" priority = 10 value = "aspmx1.migadu.com." } resource "digitalocean_record" "mx2-wildcard" { domain = digitalocean_domain.default.id type = "MX" name = "*" priority = 20 value = "aspmx2.migadu.com." } resource "digitalocean_record" "mail-verification" { domain = digitalocean_domain.default.id type = "TXT" name = "@" value = "hosted-email-verify=kezkgvsn" } ## DKIM+ARC resource "digitalocean_record" "mail-dkim-primary" { domain = digitalocean_domain.default.id type = "CNAME" name = "key1._domainkey" value = "key1.distrust.co._domainkey.migadu.com." } resource "digitalocean_record" "mail-dkim-secondary" { domain = digitalocean_domain.default.id type = "CNAME" name = "key2._domainkey" value = "key2.distrust.co._domainkey.migadu.com." } resource "digitalocean_record" "mail-dkim-tertiary" { domain = digitalocean_domain.default.id type = "CNAME" name = "key3._domainkey" value = "key3.distrust.co._domainkey.migadu.com." } ## SPF resource "digitalocean_record" "mail-spf" { domain = digitalocean_domain.default.id type = "TXT" name = "@" value = "v=spf1 include:spf.migadu.com -all" } ## DMARC resource "digitalocean_record" "mail-dmarc" { domain = digitalocean_domain.default.id type = "TXT" name = "_dmarc" value = "v=DMARC1; p=quarantine;" } ## Autodiscovery resource "digitalocean_record" "mail-discovery" { domain = digitalocean_domain.default.id type = "CNAME" name = "autoconfig" value = "autoconfig.migadu.com." } resource "digitalocean_record" "mail-src-autodiscover" { domain = digitalocean_domain.default.id type = "SRV" name = "_autodiscover._tcp" port = 443 priority = 0 weight = 1 value = "smtp.migadu.com" } resource "digitalocean_record" "mail-srv-submissions" { domain = digitalocean_domain.default.id type = "SRV" name = "_submissions._tcp" port = 465 priority = 0 weight = 1 value = "smtp.migadu.com" } resource "digitalocean_record" "mail-srv-imaps" { domain = digitalocean_domain.default.id type = "SRV" name = "_imaps._tcp" port = 993 priority = 0 weight = 1 value = "imap.migadu.com" } resource "digitalocean_record" "mail-srv-pop3s" { domain = digitalocean_domain.default.id type = "SRV" name = "_pop3s._tcp" port = 995 priority = 0 weight = 1 value = "pop.migadu.com" }