diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-08-31 13:33:54 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-08-31 13:33:54 -0700 |
| commit | 145e1dab68caf3f57c53820c6359bef83a5ce52a (patch) | |
| tree | 592546ad50121b32f386f532e3be8f75cb521d54 /terraform/admin/dns.nix | |
| parent | add terranix (diff) | |
| download | infra-145e1dab68caf3f57c53820c6359bef83a5ce52a.tar.gz | |
manage terraform configuration with terranix
All the terraform configuration is managed within one state instead of
having multiple state for each components. This might not be the best
practice but it simplifies things for me.
Now, all I need to do is to run `nix run .#tf -- plan` and I can see
what will be changed for all the resources that I care about.
Diffstat (limited to 'terraform/admin/dns.nix')
| -rw-r--r-- | terraform/admin/dns.nix | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/terraform/admin/dns.nix b/terraform/admin/dns.nix new file mode 100644 index 0000000..eeddfd5 --- /dev/null +++ b/terraform/admin/dns.nix @@ -0,0 +1,117 @@ +{ lib, ... }: +let + zoneId = lib.tfRef "var.cloudflare_zone_id"; + primaryIPv4 = "165.232.158.110"; + domain = "fcuny.net"; + + # GitHub Pages IP addresses for root domain + githubPagesIPs = [ + "185.199.108.153" + "185.199.110.153" + "185.199.109.153" + "185.199.111.153" + ]; + + mkARecord = name: content: ttl: { + inherit name content ttl; + type = "A"; + proxied = false; + zone_id = zoneId; + }; + + mkCNAMERecord = name: content: ttl: { + inherit name content ttl; + type = "CNAME"; + proxied = false; + zone_id = zoneId; + }; + + mkMXRecord = name: content: priority: { + inherit name content priority; + type = "MX"; + proxied = false; + ttl = 1; + zone_id = zoneId; + }; + + mkSRVRecord = name: port: priority: target: weight: { + inherit name priority; + type = "SRV"; + proxied = false; + ttl = 1; + zone_id = zoneId; + data = { + inherit + port + priority + target + weight + ; + }; + }; + + mkTXTRecord = name: content: { + inherit name content; + type = "TXT"; + proxied = false; + ttl = 1; + zone_id = zoneId; + }; + + mkMultipleARecords = + baseName: ips: + lib.listToAttrs ( + lib.imap0 (i: ip: { + name = "${baseName}_${toString i}"; + value = mkARecord domain ip 1; + }) ips + ); + + dkimRecords = lib.listToAttrs ( + lib.imap1 + (i: _: { + name = "cname_dkim_${toString (i - 1)}"; + value = mkCNAMERecord "fm${toString i}._domainkey" "fm${toString i}.${domain}.dkim.fmhosted.com" 60; + }) + [ + 1 + 2 + 3 + ] + ); + + subdomainARecords = { + cname_code = mkARecord "code.${domain}" primaryIPv4 1; + cname_go = mkARecord "go.${domain}" primaryIPv4 1; + cname_id = mkARecord "id.${domain}" primaryIPv4 1; + }; + + mxRecords = { + mx_0 = mkMXRecord domain "in1-smtp.messagingengine.com" 10; + mx_1 = mkMXRecord domain "in2-smtp.messagingengine.com" 20; + }; + + srvRecords = { + srv_caldavs = mkSRVRecord "_caldavs._tcp" 443 0 "caldav.fastmail.com" 1; + srv_caldav = mkSRVRecord "_caldav._tcp" 0 0 "." 0; + srv_carddavs = mkSRVRecord "_carddavs._tcp" 443 0 "carddav.fastmail.com" 1; + srv_carddav = mkSRVRecord "_carddav._tcp" 0 0 "." 0; + srv_imaps = mkSRVRecord "_imaps._tcp" 993 0 "imap.fastmail.com" 1; + srv_imap = mkSRVRecord "_imap._tcp" 0 0 "." 0; + srv_smtp = mkSRVRecord "_submission._tcp" 587 0 "smtp.fastmail.com" 1; + }; + + txtRecords = { + txt_spf = mkTXTRecord domain "\"v=spf1 include:spf.messagingengine.com ?all\""; + }; + +in +{ + resource.cloudflare_dns_record = + (mkMultipleARecords "cname_root" githubPagesIPs) + // subdomainARecords + // dkimRecords + // mxRecords + // srvRecords + // txtRecords; +} |