2019-03-24 23:52:35 +01:00
terraform {
2019-11-18 02:12:32 +01:00
backend " pg " {
2020-04-30 14:30:35 +02:00
schema_name = " terraform_remote_state_stage1 "
2019-11-18 02:12:32 +01:00
}
2019-03-24 23:52:35 +01:00
}
2020-08-27 11:22:04 +02:00
data " external " " vault_hetzner " {
program = [
" ${ path . module } /../misc/get_key.py " , " misc/vault_hetzner.yml " ,
" hetzner_cloud_api_key " ,
" hetzner_dns_api_key " ,
" --format " , " json "
]
2019-03-31 04:15:45 +02:00
}
2019-02-14 06:45:18 +01:00
2019-08-10 17:47:26 +02:00
data " hcloud_image " " archlinux " {
with_selector = " custom_image=archlinux "
2019-11-18 02:12:32 +01:00
most_recent = true
with_status = [ " available " ]
2019-02-14 06:45:18 +01:00
}
provider " hcloud " {
2020-08-27 11:22:04 +02:00
token = data . external . vault_hetzner . result . hetzner_cloud_api_key
}
provider " hetznerdns " {
apitoken = data . external . vault_hetzner . result . hetzner_dns_api_key
}
2020-12-27 00:23:23 +01:00
locals {
2020-12-27 03:57:32 +01:00
# These are the Hetzner Cloud VPSes.
# Every entry creates:
# - the machine
# - the rdns entries
# - A and AAAA entries
#
# Valid parameters are:
# - server_type (mandatory)
# - domain (mandatory)
2020-12-28 02:21:55 +01:00
# - ttl (optional, applies to the dns entries)
2020-12-27 03:57:32 +01:00
# - zone (optionel, required for pkgbuild.com machines)
#
2020-12-28 02:21:55 +01:00
# Example:
# "archlinux.org" = {
# server_type = "cpx11"
# domain = "@"
# ttl = 600
# }
2020-12-27 03:57:32 +01:00
machines = {
" archlinux.org " = {
server_type = " cpx11 "
domain = " @ "
}
" accounts.archlinux.org " = {
server_type = " cx11 "
domain = " accounts "
}
" aur-dev.archlinux.org " = {
server_type = " cx11 "
domain = " aur-dev "
}
" aur.archlinux.org " = {
server_type = " cpx41 "
domain = " aur "
}
" bbs.archlinux.org " = {
server_type = " cx21 "
domain = " bbs "
}
" bugs.archlinux.org " = {
server_type = " cx11 "
domain = " bugs "
}
" gitlab.archlinux.org " = {
server_type = " cx51 "
domain = " gitlab "
}
" homedir.archlinux.org " = {
server_type = " cx11 "
domain = " homedir "
}
" mail.archlinux.org " = {
server_type = " cx11 "
domain = " mail "
}
" mailman3.archlinux.org " = {
server_type = " cx11 "
domain = " mailman3 "
}
" matrix.archlinux.org " = {
server_type = " cpx31 "
domain = " matrix "
}
" monitoring.archlinux.org " = {
server_type = " cx11 "
domain = " monitoring "
}
" openpgpkey.archlinux.org " = {
server_type = " cx11 "
domain = " openpgpkey "
}
" patchwork.archlinux.org " = {
server_type = " cx11 "
domain = " patchwork "
}
" phrik.archlinux.org " = {
server_type = " cx11 "
domain = " phrik "
}
" quassel.archlinux.org " = {
server_type = " cx11 "
domain = " quassel "
}
" redirect.archlinux.org " = {
server_type = " cx11 "
domain = " redirect "
}
" reproducible.archlinux.org " = {
server_type = " cx11 "
domain = " reproducible "
}
" security.archlinux.org " = {
server_type = " cx11 "
domain = " security "
}
" svn2gittest.archlinux.org " = {
server_type = " cx11 "
domain = " svn2gittest "
}
" wiki.archlinux.org " = {
2020-12-28 02:22:48 +01:00
server_type = " cpx21 "
2020-12-27 03:57:32 +01:00
domain = " wiki "
}
" mirror.pkgbuild.com " = {
server_type = " cx11 "
domain = " mirror "
zone = hetznerdns_zone . pkgbuild . id
2020-12-27 00:23:23 +01:00
}
2020-12-27 03:57:32 +01:00
}
# This creates gitlab pages varification entries.
# Every line consists of "key" = "value":
# - key equals the pages subdomain
# - value equals the pages verification code
#
archlinux_org_gitlab_pages = {
" conf " = " 60a06a1c02e42b36c3b4919f4d6de6bf "
" whatcanwedofor " = " b5f8011047c1610ace52e754b568c834 "
}
# This creates archlinux.org A/AAAA DNS entries in addition to those already specified by the VPSes.
# The VPSes already get a default domain assigned based on their domain parameter.
# Thus the domains in local.archlinux_org_a_aaaa are additional domains or domains assigned to dedicated servers.
#
# The entry name corresponds to the subdomain.
# '@' is the root doman (archlinux.org).
# Valid parameters are:
# - ipv4_address (mandatory)
# - ipv6_address (mandatory)
2020-12-28 02:21:55 +01:00
# - ttl (optional)
2020-12-27 03:57:32 +01:00
#
2020-12-28 02:21:55 +01:00
# Example:
# apollo = {
# ipv4_address = "138.201.81.199"
# ipv6_address = "2a01:4f8:172:1d86::1"
# ttl = 600
# }
2020-12-27 03:57:32 +01:00
archlinux_org_a_aaaa = {
2020-12-27 00:23:23 +01:00
apollo = {
ipv4_address = " 138.201.81.199 "
ipv6_address = " 2a01:4f8:172:1d86::1 "
}
aur4 = {
ipv4_address = " 5.9.250.164 "
ipv6_address = " 2a01:4f8:160:3033::2 "
}
dragon = {
ipv4_address = " 195.201.167.210 "
ipv6_address = " 2a01:4f8:13a:102a::2 "
}
gemini = {
ipv4_address = " 49.12.124.107 "
ipv6_address = " 2a01:4f8:242:5614::2 "
}
lists = {
ipv4_address = " 5.9.250.164 "
ipv6_address = " 2a01:4f8:160:3033::2 "
}
luna = {
ipv4_address = " 5.9.250.164 "
ipv6_address = " 2a01:4f8:160:3033::2 "
}
2020-12-27 03:57:32 +01:00
pages = {
ipv4_address = hcloud_floating_ip . gitlab_pages . ip_address
ipv6_address = var . gitlab_pages_ipv6
2020-12-27 00:23:23 +01:00
}
runner1 = {
ipv4_address = " 84.17.49.250 "
ipv6_address = " 2a02:6ea0:c719::2 "
}
runner2 = {
ipv4_address = " 147.75.80.217 "
ipv6_address = " 2604:1380:2001:4500::3 "
}
secure - runner1 = {
ipv4_address = " 116.202.134.150 "
ipv6_address = " 2a01:4f8:231:4e1e::2 "
}
state = {
ipv4_address = " 116.203.16.252 "
ipv6_address = " 2a01:4f8:c2c:474::1 "
}
2020-12-28 02:44:54 +01:00
www = {
ipv4_address = hcloud_server . machine [ " archlinux.org " ] . ipv4_address
ipv6_address = hcloud_server . machine [ " archlinux.org " ] . ipv6_address
}
2020-12-27 00:23:23 +01:00
}
2020-12-27 03:57:32 +01:00
# This creates archlinux.org CNAME DNS entries.
# Valid parameters are:
# - value (mandatory, the target for the CNAME "redirect")
2020-12-28 02:21:55 +01:00
# - ttl (optional)
2020-12-27 03:57:32 +01:00
#
2020-12-28 02:21:55 +01:00
# Example:
# dev = { value = "www", ttl = 600 }
2020-12-27 03:57:32 +01:00
archlinux_org_cname = {
archive = { value = " gemini " }
2020-12-28 02:44:54 +01:00
dev = { value = " www " }
2020-12-27 03:57:32 +01:00
g2kjxsblac7x = { value = " gv-i5y6mnrelvpfiu.dv.googlehosted.com. " }
git = { value = " luna " }
grafana = { value = " apollo " }
2020-12-28 02:44:54 +01:00
ipxe = { value = " www " }
2020-12-27 03:57:32 +01:00
" luna2._domainkey.aur " = { value = " luna2._domainkey " }
" luna2._domainkey.lists " = { value = " luna2._domainkey " }
mailman = { value = " apollo " }
2020-12-28 02:44:54 +01:00
master - key = { value = " www " }
packages = { value = " www " }
planet = { value = " www " }
2020-12-27 03:57:32 +01:00
projects = { value = " luna " }
repos = { value = " gemini " }
rsync = { value = " gemini " }
sources = { value = " gemini " }
2020-12-28 02:14:12 +01:00
" static.conf " = { value = " redirect " }
2020-12-27 03:57:32 +01:00
static = { value = " apollo " }
status = { value = " stats.uptimerobot.com. " }
svn = { value = " gemini " }
2020-12-26 22:47:08 +01:00
}
2020-12-27 03:57:32 +01:00
# This creates pkgbuild.comA/AAAA DNS entries in addition to those already specified by the VPSes.
# The VPSes already get a default domain assigned based on their domain parameter.
# Thus the domains in local.pkgbuild_com_a_aaaa are additional domains or domains assigned to dedicated servers.
#
# The entry name corresponds to the subdomain.
# '@' is the root doman (pkgbuild.com).
# Valid parameters are:
# - ipv4_address (mandatory)
# - ipv6_address (mandatory)
2020-12-28 02:21:55 +01:00
# - ttl (optional)
2020-12-27 03:57:32 +01:00
#
pkgbuild_com_a_aaaa = {
" * " = {
ipv4_address = " 78.46.178.133 "
ipv6_address = " 2a01:4f8:c2c:51e2::1 "
2020-12-26 17:01:12 +01:00
}
2020-12-27 03:57:32 +01:00
" @ " = {
ipv4_address = " 78.46.178.133 "
ipv6_address = " 2a01:4f8:c2c:51e2::1 "
}
" america.mirror " = {
ipv4_address = " 143.244.34.62 "
ipv6_address = " 2a02:6ea0:cc0e::2 "
}
" america.archive " = {
ipv4_address = " 143.244.34.62 "
ipv6_address = " 2a02:6ea0:cc0e::2 "
}
" asia.mirror " = {
ipv4_address = " 84.17.57.98 "
ipv6_address = " 2a02:6ea0:d605::2 "
}
" asia.archive " = {
ipv4_address = " 84.17.57.98 "
ipv6_address = " 2a02:6ea0:d605::2 "
}
" europe.mirror " = {
ipv4_address = " 89.187.191.12 "
ipv6_address = " 2a02:6ea0:c237::2 "
}
" europe.archive " = {
ipv4_address = " 89.187.191.12 "
ipv6_address = " 2a02:6ea0:c237::2 "
}
repro1 = {
ipv4_address = " 147.75.81.79 "
ipv6_address = " 2604:1380:2001:4500::1 "
}
repro2 = {
ipv4_address = " 212.102.38.209 "
ipv6_address = " 2a02:6ea0:c238::2 "
}
www = {
ipv4_address = " 78.46.178.133 "
ipv6_address = " 2a01:4f8:c2c:51e2::1 "
}
}
2020-12-26 17:01:12 +01:00
}
2020-08-27 11:22:04 +02:00
resource " hetznerdns_zone " " archlinux " {
name = " archlinux.org "
2020-10-21 20:14:43 +02:00
ttl = 86400
2020-08-27 11:22:04 +02:00
}
resource " hetznerdns_zone " " pkgbuild " {
name = " pkgbuild.com "
2020-10-21 20:14:43 +02:00
ttl = 86400
2020-08-27 11:22:04 +02:00
}
resource " hetznerdns_record " " pkgbuild_com_origin_caa " {
zone_id = hetznerdns_zone . pkgbuild . id
2020-10-21 20:14:43 +02:00
name = " @ "
value = " 0 issue \ " letsencrypt . org \ " "
type = " CAA "
2020-08-27 11:22:04 +02:00
}
resource " hetznerdns_record " " pkgbuild_com_origin_mx " {
zone_id = hetznerdns_zone . pkgbuild . id
2020-10-21 20:14:43 +02:00
name = " @ "
value = " 0 . "
type = " MX "
2020-08-27 11:22:04 +02:00
}
resource " hetznerdns_record " " pkgbuild_com_origin_ns3 " {
zone_id = hetznerdns_zone . pkgbuild . id
2020-10-21 20:14:43 +02:00
name = " @ "
value = " robotns3.second-ns.com. "
type = " NS "
2020-08-27 11:22:04 +02:00
}
resource " hetznerdns_record " " pkgbuild_com_origin_ns2 " {
zone_id = hetznerdns_zone . pkgbuild . id
2020-10-21 20:14:43 +02:00
name = " @ "
value = " robotns2.second-ns.de. "
type = " NS "
2020-08-27 11:22:04 +02:00
}
resource " hetznerdns_record " " pkgbuild_com_origin_ns1 " {
zone_id = hetznerdns_zone . pkgbuild . id
2020-10-21 20:14:43 +02:00
name = " @ "
value = " ns1.first-ns.de. "
type = " NS "
2020-08-27 11:22:04 +02:00
}
2020-09-08 12:34:16 +02:00
# TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
# https://github.com/timohirt/terraform-provider-hetznerdns/issues/20
# https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/62#note_4040
# resource "hetznerdns_record" "pkgbuild_com_origin_soa" {
# zone_id = hetznerdns_zone.pkgbuild.id
# name = "@"
# value = "ns1.first-ns.de. dns.hetzner.com. 2020090604 14400 1800 604800 86400"
# type = "SOA"
# }
2020-08-27 11:22:04 +02:00
2020-12-27 03:57:32 +01:00
2020-08-27 11:22:04 +02:00
resource " hetznerdns_record " " pkgbuild_com_origin_txt " {
zone_id = hetznerdns_zone . pkgbuild . id
2020-10-21 20:14:43 +02:00
name = " @ "
value = " \ " v =spf1 - all \ " "
type = " TXT "
2020-08-27 11:22:04 +02:00
}
resource " hetznerdns_record " " archlinux_org_origin_caa " {
zone_id = hetznerdns_zone . archlinux . id
2020-10-21 20:14:43 +02:00
name = " @ "
value = " 0 issue \ " letsencrypt . org \ " "
type = " CAA "
2020-08-27 11:22:04 +02:00
}
resource " hetznerdns_record " " archlinux_org_origin_ns3 " {
zone_id = hetznerdns_zone . archlinux . id
2020-10-21 20:14:43 +02:00
name = " @ "
value = " robotns3.second-ns.com. "
type = " NS "
2020-08-27 11:22:04 +02:00
}
resource " hetznerdns_record " " archlinux_org_origin_ns2 " {
zone_id = hetznerdns_zone . archlinux . id
2020-10-21 20:14:43 +02:00
name = " @ "
value = " robotns2.second-ns.de. "
type = " NS "
2020-08-27 11:22:04 +02:00
}
resource " hetznerdns_record " " archlinux_org_origin_ns1 " {
zone_id = hetznerdns_zone . archlinux . id
2020-10-21 20:14:43 +02:00
name = " @ "
value = " ns1.first-ns.de. "
type = " NS "
2020-08-27 11:22:04 +02:00
}
2020-09-08 12:34:16 +02:00
# TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
# https://github.com/timohirt/terraform-provider-hetznerdns/issues/20
# https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/62#note_4040
#; resource "hetznerdns_record" "archlinux_org_origin_soa" {
# zone_id = hetznerdns_zone.archlinux.id
# name = "@"
# value = "ns1.first-ns.de. ibiru.archlinux.org. 2020072502 7200 900 1209600 86400"
# type = "SOA"
# }
2020-08-27 11:22:04 +02:00
resource " hetznerdns_record " " archlinux_org_origin_apollo_domainkey_txt " {
zone_id = hetznerdns_zone . archlinux . id
2020-10-21 20:14:43 +02:00
name = " apollo._domainkey "
2020-10-24 18:33:03 +02:00
ttl = 600
2020-11-09 17:47:51 +01:00
value = " \ " v =DKIM1 ; k =rsa ; s =email ; \ " \ " p =MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvZIf8SbjC53RDCbMjTEpo0FCuMSShlKWdwWjY1J + RpT3CL / 21 z4nXqVBYF1orkUScH8Nlabocraqk8lmpNBlKCUV77lk9mRsLkWhg + XjhvQXL1xfH8zAg1CntEZuaIMLUQ + 5 Gkw6BlO1qDRkmXS9UtV8Jt1rhjRtSrgN5lhztOCbQLRAtzKty / nMeClqsfT3nL2hbDeh + b / rYc \ " \ " l2veZAqiGcR2 / 0 bnKlt + Nb5lOBY3oZiYLmZ5g + l9UXVjGUq9jGAooIWpQvuRPmin3RX31kXfr1A + mDBEexiOL1dDST2Zx7i9puXbqYH0u0IxBpweHCO5UqWx52mdXBuhs + DCo / JoZAHU / 6 eRzK + Sps50LgLFSzJJNfGXk5PUKdww2GHbkK3mCYfoFCpB0SADzl42 + 1 w6YZk1yXoPdOHtChfQpCgjtddf1W8Q09pYO1 / bn4l0erdFQsWb1K \ " \ " 4 wEVOCn + hHWbV42V + J3TyGxQ4AM8KQ1OPvUEabyTyqcO4evBaH7 / S2wA91Z9QDjTbKmlNovs5zoxuOM / mPGPUuQMvhjoAP + rg4AwJ3Xwd3GgUcqQflcokayUYdp7F3aKp1NWAR9ibseU / XBYsSF8Ucjqzf4DJFUfrgjHUr97st7g4HUCyXrQO4tyE0ytiX8OFjjIszWLmF + B7Vup9O7k + dNz2Vj2Vyzkq1UCAwEAAQ == \ " "
2020-10-21 20:14:43 +02:00
type = " TXT "
2020-08-27 11:22:04 +02:00
}
resource " hetznerdns_record " " archlinux_org_lists_mx " {
zone_id = hetznerdns_zone . archlinux . id
2020-10-21 20:14:43 +02:00
name = " lists "
2020-10-24 18:33:03 +02:00
ttl = 600
2020-10-21 20:14:43 +02:00
value = " 10 luna "
type = " MX "
2020-08-27 11:22:04 +02:00
}
2020-12-25 23:54:07 +01:00
resource " hetznerdns_record " " archlinux_org_lists_txt " {
zone_id = hetznerdns_zone . archlinux . id
name = " lists "
ttl = 600
# lists.archlinux.org
value = " \ " v =spf1 ip4 : 5 . 9 . 250 . 164 ip6 : 2 a01 : 4 f8 : 160 : 3033 : : 2 ~ all \ " "
type = " TXT "
}
2020-08-27 11:22:04 +02:00
resource " hetznerdns_record " " archlinux_org_luna_txt " {
zone_id = hetznerdns_zone . archlinux . id
2020-10-21 20:14:43 +02:00
name = " luna._domainkey "
2020-10-24 18:33:03 +02:00
ttl = 600
2020-11-09 17:47:51 +01:00
value = " \ " v =DKIM1 ; k =rsa ; s =email ; \ " \ " p =MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0 + 4 XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4 / EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH + jjdqzNqAG9d4lNvkTs6RRzPF3KhhY + XljaeysEyDSS4ap4E0DYcduSIX \ " \ " oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP + S + FqDRy2woCaQb / VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll / rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV + zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h + UvfCGgz35dtlnzd / noGhNARg0Z + kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg \ " \ " kTx / sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W + EAUsGG5653Vzmp3FJRWp1tWJwRJ0M / aZ3ka / G1iTx3rNNcadVk + 4 q3gz3KnlAlun + m58y8pNWKjYuxmu9xkDRwM / 33 rv98j0R8HZO7HFL + 1 vjKkxSEuzmnTQ2O9F76 / OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62 + 1 F1M8U2Xn7u84dYLUCAwEAAQ == \ " "
2020-10-21 20:14:43 +02:00
type = " TXT "
2020-08-27 11:22:04 +02:00
}
resource " hetznerdns_record " " archlinux_org_luna2_txt " {
zone_id = hetznerdns_zone . archlinux . id
2020-10-21 20:14:43 +02:00
name = " luna2._domainkey "
2020-10-24 18:33:03 +02:00
ttl = 600
2020-11-09 17:47:51 +01:00
value = " \ " v =DKIM1 ; k =rsa ; s =email ; \ " \ " p =MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0 + 4 XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4 / EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH + jjdqzNqAG9d4lNvkTs6RRzPF3KhhY + XljaeysEyDSS4ap4E0DYcduSIX \ " \ " oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP + S + FqDRy2woCaQb / VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll / rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV + zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h + UvfCGgz35dtlnzd / noGhNARg0Z + kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg \ " \ " kTx / sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W + EAUsGG5653Vzmp3FJRWp1tWJwRJ0M / aZ3ka / G1iTx3rNNcadVk + 4 q3gz3KnlAlun + m58y8pNWKjYuxmu9xkDRwM / 33 rv98j0R8HZO7HFL + 1 vjKkxSEuzmnTQ2O9F76 / OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62 + 1 F1M8U2Xn7u84dYLUCAwEAAQ == \ " "
2020-10-21 20:14:43 +02:00
type = " TXT "
2020-08-27 11:22:04 +02:00
}
2020-12-26 02:23:08 +01:00
resource " hetznerdns_record " " archlinux_org_luna3_txt " {
zone_id = hetznerdns_zone . archlinux . id
name = " luna "
ttl = 600
value = " \ " v =spf1 include : lists . archlinux . org - all \ " "
type = " TXT "
}
2020-12-17 14:33:04 +01:00
resource " hetznerdns_record " " archlinux_org_mtasts_cname " {
2020-12-26 20:00:55 +01:00
for_each = toset ( [ " " , " .aur " , " .master-key " , " .lists " ] )
2020-12-17 14:33:04 +01:00
zone_id = hetznerdns_zone . archlinux . id
2020-12-26 20:00:55 +01:00
name = " mta-sts ${ each . value } "
2020-12-17 14:33:04 +01:00
value = " mail "
type = " CNAME "
}
resource " hetznerdns_record " " archlinux_org__mtasts_txt " {
2020-12-26 20:00:55 +01:00
for_each = toset ( [ " " , " .aur " , " .master-key " , " .lists " ] )
2020-12-17 14:33:04 +01:00
zone_id = hetznerdns_zone . archlinux . id
2020-12-26 20:00:55 +01:00
name = " _mta-sts ${ each . value } "
2020-12-17 14:33:04 +01:00
ttl = 600
# date +%s
value = " \ " v =STSv1 ; id =1608210175 \ " "
type = " TXT "
}
2020-12-26 03:40:41 +01:00
resource " hetznerdns_record " " archlinux_org_origin_mx " {
for_each = toset ( [ " @ " , " aur " , " master-key " ] )
2020-11-03 18:26:46 +01:00
zone_id = hetznerdns_zone . archlinux . id
2020-12-26 03:40:41 +01:00
name = each . value
2020-11-03 18:26:46 +01:00
ttl = 600
2020-12-26 03:40:41 +01:00
value = " 10 mail "
type = " MX "
2020-11-03 18:26:46 +01:00
}
2020-12-26 03:40:41 +01:00
resource " hetznerdns_record " " archlinux_org_origin_txt " {
for_each = toset ( [ " @ " , " aur " , " mail " , " master-key " ] )
2020-10-24 23:13:52 +02:00
zone_id = hetznerdns_zone . archlinux . id
2020-12-26 03:40:41 +01:00
name = each . value
2020-10-24 23:13:52 +02:00
ttl = 600
2020-12-26 03:40:41 +01:00
# mail.archlinux.org
value = " \ " v =spf1 ip4 : 95 . 216 . 189 . 61 ip6 : 2 a01 : 4 f9 : c010 : 3052 : : 1 ~ all \ " "
type = " TXT "
2020-10-24 23:13:52 +02:00
}
2020-11-22 16:09:02 +01:00
resource " hetznerdns_record " " archlinux_org_domainkey_dkim-ed25519_txt " {
zone_id = hetznerdns_zone . archlinux . id
name = " dkim-ed25519._domainkey "
ttl = 600
value = " \ " v =DKIM1 ; k =ed25519 ; \ " \ " p =XOHB7b7V1puX + FryNIhsjXHYIFqk + q6JRu4XQ7Jc8MQ =\ " "
type = " TXT "
}
resource " hetznerdns_record " " archlinux_org_domainkey_dkim-rsa_txt " {
zone_id = hetznerdns_zone . archlinux . id
name = " dkim-rsa._domainkey "
ttl = 600
value = " \ " v =DKIM1 ; k =rsa ; \ " \ " p =MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1GjGrEczq7iHZbvT7wa4ltJz2jwSndUGdRHgfEPnGBeevOXEAlEFr4zsdkfZEaNaQLIhZNpvKAt / A + kkyalkj4u9AnxqeNsNmZflFl6TKgvh0tWNEP3 + XNxfdQ7zfml4WggL / YdAjXngg42oZEUsnS / 6 iozOFn7bNvzqBx5PFJ21pgyuR8DWyLaeOt + p55dVed7DCKnKi11Xjiu7k \ " \ " H68W8rose7g8Fv9fecBatEE4jwloOXsjh + tH0iab1NSSSpIq6EdgcPrpmrllN3 / n2J / kCGK6ztISB6vR7xWgvgHSMjmEL0GPWzohGPrw2UQhZhrNV8dJpiLRYmfK + rXaKF0Kqag / F0e4C4jCKFX7NYFcYXYRlN5QlDFjZvUmOILlgnZ8w / SdZUKzpLObGuwnANLG + WSOjw42p9mXVGN6AfOQPu8OjRjS1MyhcdDIbUvZiQjbmiVJ5frpYZ39BTg \ " \ " CIzYLJJ5932 + 3 gnwROu1OeljWkpBkfHZXPzADus80l3Vxsk91XZVB36rN8tyuMownR / M4HNC7ZE / EBwOnn1mGH7bLd6pva8u5Qy8Y6LrDdYea5Kk7aZ2WJSSRTV + nkPvOEIx + DfsIWNfmkVWzmuVky96fRvwOCuh38w8zpmlqzhDuGSQrBaLFXwAC7LYQ6kPDHzrjQhs99ScR0ix6YclrmpimMcCAwEAAQ == \ " "
type = " TXT "
}
2020-11-03 18:26:46 +01:00
resource " hetznerdns_record " " archlinux_org_dmarc_txt " {
zone_id = hetznerdns_zone . archlinux . id
name = " _dmarc "
value = " \ " v =DMARC1 ; p =none ; rua =mailto : dmarc - reports @ archlinux . org ; ruf =mailto : dmarc - reports @ archlinux . org ; \ " "
type = " TXT "
}
2020-12-17 13:47:53 +01:00
resource " hetznerdns_record " " archlinux_org_smtp_tlsrpt_txt " {
2020-12-26 20:18:25 +01:00
for_each = toset ( [ " " , " .aur " , " .master-key " , " .lists " ] )
2020-12-17 13:47:53 +01:00
zone_id = hetznerdns_zone . archlinux . id
2020-12-26 20:18:25 +01:00
name = " _smtp._tls ${ each . value } "
2020-12-17 13:47:53 +01:00
value = " \ " v =TLSRPTv1 ; rua =mailto : postmaster @ archlinux . org \ " "
type = " TXT "
}
2020-08-27 11:22:04 +02:00
resource " hetznerdns_record " " archlinux_org_matrix_tcp_srv " {
zone_id = hetznerdns_zone . archlinux . id
2020-10-21 20:14:43 +02:00
name = " _matrix._tcp "
value = " 10 0 8448 matrix "
type = " SRV "
2020-08-27 11:22:04 +02:00
}
resource " hetznerdns_record " " archlinux_org_github_challenge_archlinux " {
zone_id = hetznerdns_zone . archlinux . id
2020-10-21 20:14:43 +02:00
name = " _github-challenge-archlinux "
value = " \ " 824 af4446e \ " "
type = " TXT "
2020-08-27 11:22:04 +02:00
}
resource " hetznerdns_record " " archlinux_org_github_challenge_archlinux_www " {
zone_id = hetznerdns_zone . archlinux . id
2020-10-21 20:14:43 +02:00
name = " _github-challenge-archlinux.www "
value = " \ " b53f311f86 \ " "
type = " TXT "
2019-02-14 06:45:18 +01:00
}
2020-12-18 16:38:13 +01:00
resource " hcloud_floating_ip " " gitlab_pages " {
type = " ipv4 "
description = " GitLab Pages "
2020-12-27 03:57:32 +01:00
server_id = hcloud_server . machine [ " gitlab.archlinux.org " ] . id
2020-12-18 16:38:13 +01:00
}
variable " gitlab_pages_ipv6 " {
default = " 2a01:4f8:c2c:5d2d::2 "
}
2020-10-21 05:42:11 +02:00
resource " hcloud_volume " " gitlab " {
2020-10-21 20:14:43 +02:00
name = " gitlab "
size = 1000
2020-12-27 03:57:32 +01:00
server_id = hcloud_server . machine [ " gitlab.archlinux.org " ] . id
2019-10-10 23:14:36 +02:00
}
2019-10-13 17:35:12 +02:00
2020-08-13 21:07:15 +02:00
resource " hcloud_volume " " mirror " {
2020-10-21 20:14:43 +02:00
name = " mirror "
size = 100
2020-12-27 03:57:32 +01:00
server_id = hcloud_server . machine [ " mirror.pkgbuild.com " ] . id
2019-11-18 07:47:44 +01:00
}
resource " hcloud_volume " " homedir " {
2020-10-21 20:14:43 +02:00
name = " homedir "
size = 100
2020-12-27 03:57:32 +01:00
server_id = hcloud_server . machine [ " homedir.archlinux.org " ] . id
2020-04-30 14:30:35 +02:00
}