diff --git a/configs/nixos/plover/dns.tf b/configs/nixos/plover/dns.tf new file mode 100644 index 00000000..6c776748 --- /dev/null +++ b/configs/nixos/plover/dns.tf @@ -0,0 +1,30 @@ +variable zone_id { + description = "Hetzner DNS zone ID to be configured with." +} + +resource "hetznerdns_record" "plover_ipv4" { + zone_id = var.zone_id + name = "plover" + type = "A" + value = hcloud_server.plover.ipv4_address +} + +resource "hetznerdns_record" "plover_ipv6" { + zone_id = var.zone_id + name = "plover" + type = "AAAA" + value = hcloud_server.plover.ipv6_address +} + +variable services { + type = list(string) + default = [ "auth", "pass", "code" ] +} + +resource "hetznerdns_record" "plover_services" { + for_each = toset(var.services) + zone_id = var.zone_id + name = each.key + type = "CNAME" + value = "plover" +} diff --git a/configs/nixos/plover/main.tf b/configs/nixos/plover/main.tf index 798278c5..0f484174 100644 --- a/configs/nixos/plover/main.tf +++ b/configs/nixos/plover/main.tf @@ -1,34 +1,6 @@ -variable "hcloud_token" { - sensitive = true -} - -variable "hcloud_dns_token" { - sensitive = true -} - -provider "hcloud" { - token = var.hcloud_token -} - -provider "hetznerdns" { - apitoken = var.hcloud_dns_token -} - -resource "hetznerdns_zone" "main" { - name = "foodogsquared.one" - ttl = 3600 -} - -resource "hetznerdns_primary_server" "main" { - address = hcloud_server.plover.ipv4_address - port = 53 - zone_id = hetznerdns_zone.main.id -} - -resource "hetznerdns_primary_server" "main_ipv6" { - address = hcloud_server.plover.ipv6_address - port = 53 - zone_id = hetznerdns_zone.main.id +variable "ssh_keys" { + type = list(number) + description = "SSH keys for the associated server" } resource "hcloud_server" "plover" { @@ -37,10 +9,9 @@ resource "hcloud_server" "plover" { server_type = "cx22" datacenter = "hel1-dc2" - ssh_keys = [ - hcloud_ssh_key.foodogsquared.id, + ssh_keys = concat(var.ssh_keys[*], [ hcloud_ssh_key.plover.id - ] + ]) delete_protection = false rebuild_protection = false @@ -49,36 +20,9 @@ resource "hcloud_server" "plover" { ipv4_enabled = true ipv6_enabled = true } - - network { - network_id = hcloud_network.plover.id - ip = "10.0.0.2" - } - - depends_on = [ - hcloud_network_subnet.plover-subnet - ] -} - -resource "hcloud_ssh_key" "foodogsquared" { - name = "foodogsquared@foodogsquared.one" - public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPR52KfVODfKsgdvYSoQinV3kyOTZ4mtKa0fah5Wkfr foodogsquared@foodogsquared.one" } resource "hcloud_ssh_key" "plover" { name = "plover.foodogsquared.one" public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGo3tfNQjWZ5pxlqREfBgQJxdNzGHKJIy5hDS9Z+Hpth plover.foodogsquared.one" } - -resource "hcloud_network" "plover" { - name = "personal" - ip_range = "10.0.0.0/8" - delete_protection = false -} - -resource "hcloud_network_subnet" "plover-subnet" { - network_id = hcloud_network.plover.id - type = "cloud" - network_zone = "eu-central" - ip_range = "10.0.0.0/12" -} diff --git a/configs/nixos/plover/.terraform.lock.hcl b/terraform/.terraform.lock.hcl similarity index 100% rename from configs/nixos/plover/.terraform.lock.hcl rename to terraform/.terraform.lock.hcl diff --git a/terraform/dns.tf b/terraform/dns.tf new file mode 100644 index 00000000..68122566 --- /dev/null +++ b/terraform/dns.tf @@ -0,0 +1,75 @@ +variable "hcloud_dns_token" { + sensitive = true +} + +provider "hetznerdns" { + apitoken = var.hcloud_dns_token +} + +data "hetznerdns_zone" "main" { + name = "foodogsquared.one" +} + +resource "hetznerdns_record" "personal_site" { + zone_id = data.hetznerdns_zone.main.id + name = "@" + ttl = 3600 + type = "A" + value = "75.2.60.5" +} + +resource "hetznerdns_record" "personal_site_cname" { + zone_id = data.hetznerdns_zone.main.id + name = "www" + ttl = 3600 + type = "CNAME" + value = "foodogsquared.netlify.app." +} + +resource "hetznerdns_record" "personal_wiki" { + zone_id = data.hetznerdns_zone.main.id + name = "wiki" + ttl = 3600 + type = "CNAME" + value = "foodogsquared-wiki.netlify.app." +} + +# Mail resources. +resource "hetznerdns_record" "mail_mx" { + for_each = toset([ "10 heracles.mxrouting.net", "20 heracles-relay.mxrouting.net." ]) + zone_id = data.hetznerdns_zone.main.id + name = "@" + type = "MX" + value = each.value +} + +resource "hetznerdns_record" "mail_dmarc" { + zone_id = data.hetznerdns_zone.main.id + name = "_dmarc" + ttl = 3600 + type = "TXT" + value = "v=DMARC1;p=none;rua=mailto:postmaster@foodogsquared.one;ruf=mailto:admin@foodogsquared.one" +} + +resource "hetznerdns_record" "mail_dkim" { + zone_id = data.hetznerdns_zone.main.id + name = "x._domainkey" + ttl = 3600 + type = "TXT" + value = "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLlrgdsO4jLncMoGAowlE14oB9R2ESxNLRBtkzc24LOPJ1CwEIE+5AHZd+ZRMwiD7fdXcyCH7/E1BRXWT+TtLnKnBgf5I0z6EbPqiPPb6nmpDWrbZzA2mdKetAKz0kFJC8oYK7lQF7Bdh57y/HWksoH6yjl1E88m8tEQ/thlyABGjqzV+txgmc1BryFu23KasqI2c4We/KgvsoSSAaUHkjpAMCuJck/P0G9mJWyTHrnZN2gCotyenLBZew0BIbiA2XYp6dQW4sU+MawfZ0E1KA0lem0SRYCB+sGD248uj4xVo9sIiCVyO9EQXy/YCZTeuTQHf1+QeFzI82vIrlv63QIDAQAB" +} + +resource "hetznerdns_record" "mail_spf" { + zone_id = data.hetznerdns_zone.main.id + name = "@" + type = "TXT" + value = "v=spf1 include:mxlogin.com -all" +} + +resource "hetznerdns_record" "mail_webmail" { + for_each = toset([ "mail", "webmail" ]) + zone_id = data.hetznerdns_zone.main.id + name = each.value + type = "CNAME" + value = "heracles.mxrouting.net." +} diff --git a/terraform/files/foodogsquared.one.zone b/terraform/files/foodogsquared.one.zone new file mode 100644 index 00000000..17a51e57 --- /dev/null +++ b/terraform/files/foodogsquared.one.zone @@ -0,0 +1,42 @@ +; This is trying to be discrete with certain information. This should be copied +; and replaced with more confidential information somewhere. +$TTL 12h +$ORIGIN foodogsquared.one. + +@ 3600 IN SOA ns1.first-ns.de. hostmaster ( + 2024100601 ; serial number + 1h ; refresh + 15m ; update retry + 3w ; expiry + 3h ; nx = nxdomain ttl + ) + 3600 IN NS ns1.first-ns.de. + 3600 IN NS robotns2.second-ns.de. + 3600 IN NS robotns3.second-ns.com. + +; Setting up the mail-related DNS entries. +; https://mxroutedocs.com/ +@ IN MX 10 heracles.mxrouting.net. + IN MX 20 heracles-relay.mxrouting.net. + IN TXT "v=spf1 include:mxlogin.com -all" + +; Setting up custom hostnames for our domain, hell yeah. +; For more information, see https://mxroutedocs.com/branding/customhostnames/. +mail IN CNAME heracles.mxrouting.net. +webmail IN CNAME heracles.mxrouting.net. + +; Protect the validity of my emails sent by me!!!! +x._domainkey 3600 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLlrgdsO4jLncMoGAowlE14oB9R2ESxNLRBtkzc24LOPJ1CwEIE+5AHZd+ZRMwiD7fdXcyCH7/E1BRXWT+TtLnKnBgf5I0z6EbPqiPPb6nmpDWrbZzA2mdKetAKz0kFJC8oYK7lQF7Bdh57y/HWksoH6yjl1E88m8tEQ/thlyABGjqzV+txgmc1BryFu23KasqI2c4We/KgvsoSSAaUHkjpAMCuJck/P0G9mJWyTHrnZN2gCotyenLBZew0BIbiA2XYp6dQW4sU+MawfZ0E1KA0lem0SRYCB+sGD248uj4xVo9sIiCVyO9EQXy/YCZTeuTQHf1+QeFzI82vIrlv63QIDAQAB" + +; Protect my domain email from spoofing. +_dmarc 400 IN TXT "v=DMARC1;p=none;rua=mailto:postmaster@foodogsquared.one;ruf=mailto:admin@foodogsquared.one" + +; My websites that are deployed by somewhere else. +@ IN A 75.2.60.5 +www IN CNAME foodogsquared.netlify.app. +wiki IN CNAME foodogsquared-wiki.netlify.app. + +; Other things. +_github-pages-challenge-foo-dogsquared IN TXT 673febae1ea0095e76d1e02a7a1709 + +; vim: expandtab! tabstop=8 shiftwidth=8 filetype=dns diff --git a/terraform/servers.tf b/terraform/servers.tf new file mode 100644 index 00000000..b6621016 --- /dev/null +++ b/terraform/servers.tf @@ -0,0 +1,15 @@ +variable "hcloud_token" { + sensitive = true +} + +provider "hcloud" { + token = var.hcloud_token +} + +module "hetzner_vps_plover" { + source = "../configs/nixos/plover" + zone_id = data.hetznerdns_zone.main.id + ssh_keys = [ + hcloud_ssh_key.foodogsquared.id + ] +} diff --git a/terraform/ssh-keys.tf b/terraform/ssh-keys.tf new file mode 100644 index 00000000..c47923a4 --- /dev/null +++ b/terraform/ssh-keys.tf @@ -0,0 +1,4 @@ +resource "hcloud_ssh_key" "foodogsquared" { + name = "foodogsquared@foodogsquared.one" + public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPR52KfVODfKsgdvYSoQinV3kyOTZ4mtKa0fah5Wkfr foodogsquared@foodogsquared.one" +} diff --git a/terraform/version.tf b/terraform/version.tf new file mode 100644 index 00000000..5f5c1832 --- /dev/null +++ b/terraform/version.tf @@ -0,0 +1,13 @@ +terraform { + required_providers { + hcloud = { + source = "hetznercloud/hcloud" + version = "1.48.1" + } + + hetznerdns = { + source = "timohirt/hetznerdns" + version = "2.2.0" + } + } +}