# Main domain resource resource "digitalocean_domain" "default" { name = "distrust.co" } # # Let's Encrypt # ## Private key # resource "tls_private_key" "private_key" { # algorithm = "RSA" # } # ## ACME registration # resource "acme_registration" "reg" { # account_key_pem = tls_private_key.private_key.private_key_pem # email_address = "team@distrust.co" # } # ## ACME certificate # resource "acme_certificate" "certificate" { # account_key_pem = acme_registration.reg.account_key_pem # common_name = "www.distrust.co" # subject_alternative_names = [] # dns_challenge { # provider = "digitalociean" # } # } # Spaces Bucket ## Create a new Spaces Bucket resource "digitalocean_spaces_bucket" "distrust_co" { name = "distrust-co-website" region = "nyc3" acl = "public-read" } # Add a CDN endpoint to the Spaces Bucket resource "digitalocean_cdn" "distrust_co" { origin = digitalocean_spaces_bucket.distrust_co.bucket_domain_name # certificate_name = digitalocean_certificate.cert.name # custom_domain = "static.distrust.co" depends_on = [ digitalocean_spaces_bucket.distrust_co ] } ## Handle record for CDN redirect resource "digitalocean_record" "cdn" { domain = digitalocean_domain.default.name type = "CNAME" name = digitalocean_cdn.distrust_co.origin value = "${digitalocean_domain.default.name}." depends_on = [ digitalocean_cdn.distrust_co ] } # ## Create a DigitalOcean managed Let's Encrypt Certificate # resource "digitalocean_certificate" "cert" { # name = "cdn-cert" # type = "lets_encrypt" # domains = ["static.distrust.co"] # } # Output the endpoint for the CDN resource output "fqdn" { value = digitalocean_cdn.distrust_co.endpoint } # output "cdn_origin" { value = digitalocean_cdn.distrust_co.origin } # Handle record for distrust.co resource "digitalocean_record" "distrust_co-cdn" { domain = digitalocean_domain.default.name type = "CNAME" name = "@" value = "${digitalocean_cdn.distrust_co.origin}." depends_on = [ digitalocean_cdn.distrust_co ] } # NameCheap Records resource "digitalocean_record" "main" { domain = digitalocean_domain.default.id type = "A" name = "@" value = "143.198.235.76" } resource "digitalocean_record" "billing" { domain = digitalocean_domain.default.id type = "A" name = "billing" value = "45.16.98.153" } resource "digitalocean_record" "chat" { domain = digitalocean_domain.default.id type = "CNAME" name = "chat" value = "distrust.element.io." } resource "digitalocean_record" "www" { domain = digitalocean_domain.default.id type = "CNAME" name = "www" value = "${digitalocean_domain.default.id}." } # Mail records ## MX main resource "digitalocean_record" "mx1-main" { domain = digitalocean_domain.default.id type = "MX" name = "@" priority = 10 value = "aspmx1.migadu.com." } resource "digitalocean_record" "mx2-main" { domain = digitalocean_domain.default.id type = "MX" name = "@" priority = 20 value = "aspmx2.migadu.com." } ## MX subdomain wildcard resource "digitalocean_record" "mx1-wildcard" { domain = digitalocean_domain.default.id type = "MX" name = "*" priority = 10 value = "aspmx1.migadu.com." } resource "digitalocean_record" "mx2-wildcard" { domain = digitalocean_domain.default.id type = "MX" name = "*" priority = 20 value = "aspmx2.migadu.com." } resource "digitalocean_record" "mail-verification" { domain = digitalocean_domain.default.id type = "TXT" name = "@" value = "hosted-email-verify=kezkgvsn" } ## DKIM+ARC resource "digitalocean_record" "mail-dkim-primary" { domain = digitalocean_domain.default.id type = "CNAME" name = "key1._domainkey" value = "key1.distrust.co._domainkey.migadu.com." } resource "digitalocean_record" "mail-dkim-secondary" { domain = digitalocean_domain.default.id type = "CNAME" name = "key2._domainkey" value = "key2.distrust.co._domainkey.migadu.com." } resource "digitalocean_record" "mail-dkim-tertiary" { domain = digitalocean_domain.default.id type = "CNAME" name = "key3._domainkey" value = "key3.distrust.co._domainkey.migadu.com." } ## SPF resource "digitalocean_record" "mail-spf" { domain = digitalocean_domain.default.id type = "TXT" name = "@" value = "v=spf1 include:spf.migadu.com -all" } ## DMARC resource "digitalocean_record" "mail-dmarc" { domain = digitalocean_domain.default.id type = "TXT" name = "_dmarc" value = "v=DMARC1; p=quarantine;" } ## Autodiscovery resource "digitalocean_record" "mail-discovery" { domain = digitalocean_domain.default.id type = "CNAME" name = "autoconfig" value = "autoconfig.migadu.com." } resource "digitalocean_record" "mail-src-autodiscover" { domain = digitalocean_domain.default.id type = "SRV" name = "_autodiscover._tcp" port = 443 priority = 0 weight = 1 value = "smtp.migadu.com" } resource "digitalocean_record" "mail-srv-submissions" { domain = digitalocean_domain.default.id type = "SRV" name = "_submissions._tcp" port = 465 priority = 0 weight = 1 value = "smtp.migadu.com" } resource "digitalocean_record" "mail-srv-imaps" { domain = digitalocean_domain.default.id type = "SRV" name = "_imaps._tcp" port = 993 priority = 0 weight = 1 value = "imap.migadu.com" } resource "digitalocean_record" "mail-srv-pop3s" { domain = digitalocean_domain.default.id type = "SRV" name = "_pop3s._tcp" port = 995 priority = 0 weight = 1 value = "pop.migadu.com" }