2019-03-24 23:52:35 +01:00
|
|
|
terraform {
|
2019-11-18 02:12:32 +01:00
|
|
|
backend "pg" {
|
2020-04-30 14:30:35 +02:00
|
|
|
schema_name = "terraform_remote_state_stage1"
|
2019-11-18 02:12:32 +01:00
|
|
|
}
|
2019-03-24 23:52:35 +01:00
|
|
|
}
|
|
|
|
|
2020-08-27 11:22:04 +02:00
|
|
|
data "external" "vault_hetzner" {
|
|
|
|
program = [
|
|
|
|
"${path.module}/../misc/get_key.py", "misc/vault_hetzner.yml",
|
|
|
|
"hetzner_cloud_api_key",
|
|
|
|
"hetzner_dns_api_key",
|
|
|
|
"--format", "json"
|
|
|
|
]
|
2019-03-31 04:15:45 +02:00
|
|
|
}
|
2019-02-14 06:45:18 +01:00
|
|
|
|
2019-08-10 17:47:26 +02:00
|
|
|
data "hcloud_image" "archlinux" {
|
|
|
|
with_selector = "custom_image=archlinux"
|
2019-11-18 02:12:32 +01:00
|
|
|
most_recent = true
|
|
|
|
with_status = ["available"]
|
2019-02-14 06:45:18 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
provider "hcloud" {
|
2020-08-27 11:22:04 +02:00
|
|
|
token = data.external.vault_hetzner.result.hetzner_cloud_api_key
|
|
|
|
}
|
|
|
|
|
|
|
|
provider "hetznerdns" {
|
|
|
|
apitoken = data.external.vault_hetzner.result.hetzner_dns_api_key
|
|
|
|
}
|
|
|
|
|
2020-12-27 00:23:23 +01:00
|
|
|
locals {
|
2020-12-27 03:57:32 +01:00
|
|
|
# These are the Hetzner Cloud VPSes.
|
|
|
|
# Every entry creates:
|
|
|
|
# - the machine
|
|
|
|
# - the rdns entries
|
|
|
|
# - A and AAAA entries
|
|
|
|
#
|
|
|
|
# Valid parameters are:
|
|
|
|
# - server_type (mandatory)
|
2021-01-24 16:18:19 +01:00
|
|
|
# - domain (optional, creates dns entry <domain>.archlinux.org pointing to the machine)
|
2020-12-28 02:21:55 +01:00
|
|
|
# - ttl (optional, applies to the dns entries)
|
2020-12-27 03:57:32 +01:00
|
|
|
# - zone (optionel, required for pkgbuild.com machines)
|
|
|
|
#
|
2020-12-28 02:21:55 +01:00
|
|
|
# Example:
|
|
|
|
# "archlinux.org" = {
|
|
|
|
# server_type = "cpx11"
|
|
|
|
# domain = "@"
|
|
|
|
# ttl = 600
|
|
|
|
# }
|
2020-12-27 03:57:32 +01:00
|
|
|
machines = {
|
|
|
|
"archlinux.org" = {
|
|
|
|
server_type = "cpx11"
|
|
|
|
domain = "@"
|
|
|
|
}
|
|
|
|
"accounts.archlinux.org" = {
|
|
|
|
server_type = "cx11"
|
|
|
|
domain = "accounts"
|
|
|
|
}
|
|
|
|
"aur-dev.archlinux.org" = {
|
|
|
|
server_type = "cx11"
|
|
|
|
domain = "aur-dev"
|
|
|
|
}
|
|
|
|
"aur.archlinux.org" = {
|
|
|
|
server_type = "cpx41"
|
|
|
|
domain = "aur"
|
|
|
|
}
|
|
|
|
"bbs.archlinux.org" = {
|
|
|
|
server_type = "cx21"
|
|
|
|
domain = "bbs"
|
|
|
|
}
|
|
|
|
"bugs.archlinux.org" = {
|
|
|
|
server_type = "cx11"
|
|
|
|
domain = "bugs"
|
|
|
|
}
|
|
|
|
"gitlab.archlinux.org" = {
|
|
|
|
server_type = "cx51"
|
|
|
|
domain = "gitlab"
|
|
|
|
}
|
|
|
|
"homedir.archlinux.org" = {
|
|
|
|
server_type = "cx11"
|
|
|
|
domain = "homedir"
|
|
|
|
}
|
2021-01-13 16:59:41 +01:00
|
|
|
"lists.archlinux.org" = {
|
|
|
|
server_type = "cx11"
|
|
|
|
}
|
2020-12-27 03:57:32 +01:00
|
|
|
"mail.archlinux.org" = {
|
|
|
|
server_type = "cx11"
|
|
|
|
domain = "mail"
|
|
|
|
}
|
|
|
|
"mailman3.archlinux.org" = {
|
|
|
|
server_type = "cx11"
|
|
|
|
domain = "mailman3"
|
|
|
|
}
|
2021-01-11 00:31:37 +01:00
|
|
|
"man.archlinux.org" = {
|
|
|
|
server_type = "cx11"
|
|
|
|
domain = "man"
|
|
|
|
}
|
2020-12-27 03:57:32 +01:00
|
|
|
"matrix.archlinux.org" = {
|
|
|
|
server_type = "cpx31"
|
|
|
|
domain = "matrix"
|
|
|
|
}
|
|
|
|
"monitoring.archlinux.org" = {
|
2021-04-27 02:28:11 +02:00
|
|
|
server_type = "cx31"
|
2020-12-27 03:57:32 +01:00
|
|
|
domain = "monitoring"
|
|
|
|
}
|
|
|
|
"patchwork.archlinux.org" = {
|
|
|
|
server_type = "cx11"
|
|
|
|
domain = "patchwork"
|
|
|
|
}
|
|
|
|
"phrik.archlinux.org" = {
|
|
|
|
server_type = "cx11"
|
|
|
|
domain = "phrik"
|
|
|
|
}
|
|
|
|
"quassel.archlinux.org" = {
|
|
|
|
server_type = "cx11"
|
|
|
|
domain = "quassel"
|
|
|
|
}
|
|
|
|
"redirect.archlinux.org" = {
|
|
|
|
server_type = "cx11"
|
|
|
|
domain = "redirect"
|
|
|
|
}
|
|
|
|
"reproducible.archlinux.org" = {
|
|
|
|
server_type = "cx11"
|
|
|
|
domain = "reproducible"
|
|
|
|
}
|
|
|
|
"security.archlinux.org" = {
|
|
|
|
server_type = "cx11"
|
|
|
|
domain = "security"
|
|
|
|
}
|
|
|
|
"svn2gittest.archlinux.org" = {
|
|
|
|
server_type = "cx11"
|
|
|
|
domain = "svn2gittest"
|
|
|
|
}
|
|
|
|
"wiki.archlinux.org" = {
|
2020-12-28 02:22:48 +01:00
|
|
|
server_type = "cpx21"
|
2020-12-27 03:57:32 +01:00
|
|
|
domain = "wiki"
|
|
|
|
}
|
|
|
|
"mirror.pkgbuild.com" = {
|
|
|
|
server_type = "cx11"
|
|
|
|
domain = "mirror"
|
|
|
|
zone = hetznerdns_zone.pkgbuild.id
|
2020-12-27 00:23:23 +01:00
|
|
|
}
|
2021-01-28 21:48:59 +01:00
|
|
|
"md.archlinux.org" = {
|
|
|
|
server_type = "cx11"
|
|
|
|
domain = "md"
|
|
|
|
}
|
2020-12-27 03:57:32 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# This creates gitlab pages varification entries.
|
|
|
|
# Every line consists of "key" = "value":
|
|
|
|
# - key equals the pages subdomain
|
|
|
|
# - value equals the pages verification code
|
|
|
|
#
|
|
|
|
archlinux_org_gitlab_pages = {
|
2021-04-27 22:30:51 +02:00
|
|
|
"conf" = "60a06a1c02e42b36c3b4919f4d6de6bf"
|
|
|
|
"whatcanidofor" = "d9e45851002a623e10f6954ff9a85d21"
|
|
|
|
"openpgpkey" = "7533dfbf3947a5730d9cbcc1e5e63102"
|
|
|
|
"openpgpkey.master-key" = "5c7f9c249885c62287dd75d0c1dd99d8"
|
|
|
|
"bugs-old" = "1f3308c8d5763eecb4f9013291aeeac4"
|
2020-12-27 03:57:32 +01:00
|
|
|
}
|
|
|
|
|
2020-12-27 23:13:29 +01:00
|
|
|
# This creates archlinux.org TXT DNS entries
|
|
|
|
# Valid parameters are:
|
|
|
|
# - ttl (optional)
|
|
|
|
# - value (mandatory)
|
|
|
|
#
|
|
|
|
# Example:
|
2020-12-29 14:39:42 +01:00
|
|
|
# "_github-challenge-archlinux" = { ttl = 600, value = "824af4446e" }
|
2020-12-27 23:13:29 +01:00
|
|
|
archlinux_org_txt = {
|
|
|
|
"luna._domainkey.lists" = { ttl = 600, value = "v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0+4XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4/EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH+jjdqzNqAG9d4lNvkTs6RRzPF3KhhY+XljaeysEyDSS4ap4E0DYcduSIX\" \"oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP+S+FqDRy2woCaQb/VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll/rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV+zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h+UvfCGgz35dtlnzd/noGhNARg0Z+kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg\" \"kTx/sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W+EAUsGG5653Vzmp3FJRWp1tWJwRJ0M/aZ3ka/G1iTx3rNNcadVk+4q3gz3KnlAlun+m58y8pNWKjYuxmu9xkDRwM/33rv98j0R8HZO7HFL+1vjKkxSEuzmnTQ2O9F76/OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62+1F1M8U2Xn7u84dYLUCAwEAAQ==" }
|
2021-01-13 16:35:51 +01:00
|
|
|
"dkim-ed25519._domainkey" = { ttl = 600, value = "v=DKIM1; k=ed25519; p=XOHB7b7V1puX+FryNIhsjXHYIFqk+q6JRu4XQ7Jc8MQ=" }
|
2020-12-27 23:13:29 +01:00
|
|
|
"dkim-rsa._domainkey" = { ttl = 600, value = "v=DKIM1; k=rsa; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1GjGrEczq7iHZbvT7wa4ltJz2jwSndUGdRHgfEPnGBeevOXEAlEFr4zsdkfZEaNaQLIhZNpvKAt/A+kkyalkj4u9AnxqeNsNmZflFl6TKgvh0tWNEP3+XNxfdQ7zfml4WggL/YdAjXngg42oZEUsnS/6iozOFn7bNvzqBx5PFJ21pgyuR8DWyLaeOt+p55dVed7DCKnKi11Xjiu7k\" \"H68W8rose7g8Fv9fecBatEE4jwloOXsjh+tH0iab1NSSSpIq6EdgcPrpmrllN3/n2J/kCGK6ztISB6vR7xWgvgHSMjmEL0GPWzohGPrw2UQhZhrNV8dJpiLRYmfK+rXaKF0Kqag/F0e4C4jCKFX7NYFcYXYRlN5QlDFjZvUmOILlgnZ8w/SdZUKzpLObGuwnANLG+WSOjw42p9mXVGN6AfOQPu8OjRjS1MyhcdDIbUvZiQjbmiVJ5frpYZ39BTg\" \"CIzYLJJ5932+3gnwROu1OeljWkpBkfHZXPzADus80l3Vxsk91XZVB36rN8tyuMownR/M4HNC7ZE/EBwOnn1mGH7bLd6pva8u5Qy8Y6LrDdYea5Kk7aZ2WJSSRTV+nkPvOEIx+DfsIWNfmkVWzmuVky96fRvwOCuh38w8zpmlqzhDuGSQrBaLFXwAC7LYQ6kPDHzrjQhs99ScR0ix6YclrmpimMcCAwEAAQ==" }
|
|
|
|
"_dmarc" = { value = "v=DMARC1; p=none; rua=mailto:dmarc-reports@archlinux.org; ruf=mailto:dmarc-reports@archlinux.org;" }
|
|
|
|
"_github-challenge-archlinux" = { value = "824af4446e" }
|
|
|
|
"_github-challenge-archlinux.www" = { value = "b53f311f86" }
|
|
|
|
|
2020-12-28 19:21:55 +01:00
|
|
|
# TLS-RPT + MTA-STS + SPF
|
|
|
|
"_smtp._tls" = { value = "v=TLSRPTv1;rua=mailto:postmaster@archlinux.org" }
|
|
|
|
"_smtp._tls.aur" = { value = "v=TLSRPTv1;rua=mailto:postmaster@archlinux.org" }
|
|
|
|
"_smtp._tls.master-key" = { value = "v=TLSRPTv1;rua=mailto:postmaster@archlinux.org" }
|
|
|
|
"_smtp._tls.lists" = { value = "v=TLSRPTv1;rua=mailto:postmaster@archlinux.org" }
|
|
|
|
# Generated with: date +%s
|
2020-12-31 02:26:40 +01:00
|
|
|
"_mta-sts" = { ttl = 600, value = "v=STSv1; id=1608210175" }
|
2020-12-30 15:06:36 +01:00
|
|
|
"@" = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all", ttl = 600 }
|
|
|
|
"mail" = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all", ttl = 600 }
|
|
|
|
"aur" = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all", ttl = 600 }
|
|
|
|
"master-key" = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all", ttl = 600 }
|
2020-12-31 02:26:40 +01:00
|
|
|
lists = { ttl = 600, value = "v=spf1 ip4:5.9.250.164 ip6:2a01:4f8:160:3033::2 ~all" }
|
|
|
|
luna = { ttl = 600, value = "v=spf1 ip4:5.9.250.164 ip6:2a01:4f8:160:3033::2 ~all" }
|
2020-12-28 19:21:55 +01:00
|
|
|
}
|
2020-12-28 00:09:26 +01:00
|
|
|
|
2020-12-28 19:21:55 +01:00
|
|
|
# This creates archlinux.org MX DNS entries
|
2020-12-28 00:09:26 +01:00
|
|
|
# Valid parameters are:
|
|
|
|
# - mx (mandatory)
|
2020-12-28 19:21:55 +01:00
|
|
|
# - ttl (optional)
|
2020-12-28 00:09:26 +01:00
|
|
|
#
|
2020-12-28 19:21:55 +01:00
|
|
|
# Example:
|
|
|
|
# "lists" = { mx = "luna", ttl = 600 }
|
|
|
|
archlinux_org_mx = {
|
|
|
|
"@" = { mx = "mail", ttl = 600 }
|
|
|
|
aur = { mx = "mail", ttl = 600 }
|
|
|
|
master-key = { mx = "mail", ttl = 600 }
|
|
|
|
lists = { mx = "luna", ttl = 600 }
|
2020-12-28 00:09:26 +01:00
|
|
|
}
|
|
|
|
|
2020-12-27 03:57:32 +01:00
|
|
|
# This creates archlinux.org A/AAAA DNS entries in addition to those already specified by the VPSes.
|
|
|
|
# The VPSes already get a default domain assigned based on their domain parameter.
|
|
|
|
# Thus the domains in local.archlinux_org_a_aaaa are additional domains or domains assigned to dedicated servers.
|
|
|
|
#
|
|
|
|
# The entry name corresponds to the subdomain.
|
|
|
|
# '@' is the root doman (archlinux.org).
|
|
|
|
# Valid parameters are:
|
|
|
|
# - ipv4_address (mandatory)
|
|
|
|
# - ipv6_address (mandatory)
|
2020-12-28 02:21:55 +01:00
|
|
|
# - ttl (optional)
|
2020-12-27 03:57:32 +01:00
|
|
|
#
|
2020-12-28 02:21:55 +01:00
|
|
|
# Example:
|
2020-12-29 11:55:41 +01:00
|
|
|
# gemini = {
|
|
|
|
# ipv4_address = "49.12.124.107"
|
|
|
|
# ipv6_address = "2a01:4f8:242:5614::2"
|
2020-12-28 02:21:55 +01:00
|
|
|
# ttl = 600
|
|
|
|
# }
|
2020-12-27 03:57:32 +01:00
|
|
|
archlinux_org_a_aaaa = {
|
2020-12-27 00:23:23 +01:00
|
|
|
aur4 = {
|
|
|
|
ipv4_address = "5.9.250.164"
|
|
|
|
ipv6_address = "2a01:4f8:160:3033::2"
|
|
|
|
}
|
2021-01-26 18:03:56 +01:00
|
|
|
build = {
|
|
|
|
ipv4_address = "135.181.138.48"
|
|
|
|
ipv6_address = "2a01:4f9:3a:120f::2"
|
|
|
|
}
|
2020-12-27 00:23:23 +01:00
|
|
|
gemini = {
|
|
|
|
ipv4_address = "49.12.124.107"
|
|
|
|
ipv6_address = "2a01:4f8:242:5614::2"
|
|
|
|
}
|
|
|
|
lists = {
|
|
|
|
ipv4_address = "5.9.250.164"
|
|
|
|
ipv6_address = "2a01:4f8:160:3033::2"
|
2021-01-13 17:39:41 +01:00
|
|
|
ttl = 600
|
2020-12-27 00:23:23 +01:00
|
|
|
}
|
|
|
|
luna = {
|
|
|
|
ipv4_address = "5.9.250.164"
|
|
|
|
ipv6_address = "2a01:4f8:160:3033::2"
|
|
|
|
}
|
2020-12-28 03:02:59 +01:00
|
|
|
master-key = {
|
|
|
|
ipv4_address = hcloud_server.machine["archlinux.org"].ipv4_address
|
|
|
|
ipv6_address = hcloud_server.machine["archlinux.org"].ipv6_address
|
|
|
|
}
|
2020-12-27 03:57:32 +01:00
|
|
|
pages = {
|
|
|
|
ipv4_address = hcloud_floating_ip.gitlab_pages.ip_address
|
|
|
|
ipv6_address = var.gitlab_pages_ipv6
|
2020-12-27 00:23:23 +01:00
|
|
|
}
|
|
|
|
runner1 = {
|
|
|
|
ipv4_address = "84.17.49.250"
|
|
|
|
ipv6_address = "2a02:6ea0:c719::2"
|
|
|
|
}
|
|
|
|
runner2 = {
|
|
|
|
ipv4_address = "147.75.80.217"
|
|
|
|
ipv6_address = "2604:1380:2001:4500::3"
|
|
|
|
}
|
|
|
|
secure-runner1 = {
|
|
|
|
ipv4_address = "116.202.134.150"
|
|
|
|
ipv6_address = "2a01:4f8:231:4e1e::2"
|
|
|
|
}
|
|
|
|
state = {
|
|
|
|
ipv4_address = "116.203.16.252"
|
|
|
|
ipv6_address = "2a01:4f8:c2c:474::1"
|
|
|
|
}
|
2020-12-28 02:44:54 +01:00
|
|
|
www = {
|
|
|
|
ipv4_address = hcloud_server.machine["archlinux.org"].ipv4_address
|
|
|
|
ipv6_address = hcloud_server.machine["archlinux.org"].ipv6_address
|
|
|
|
}
|
2020-12-27 00:23:23 +01:00
|
|
|
}
|
|
|
|
|
2020-12-27 03:57:32 +01:00
|
|
|
# This creates archlinux.org CNAME DNS entries.
|
|
|
|
# Valid parameters are:
|
|
|
|
# - value (mandatory, the target for the CNAME "redirect")
|
2020-12-28 02:21:55 +01:00
|
|
|
# - ttl (optional)
|
2020-12-27 03:57:32 +01:00
|
|
|
#
|
2020-12-28 02:21:55 +01:00
|
|
|
# Example:
|
|
|
|
# dev = { value = "www", ttl = 600 }
|
2020-12-27 03:57:32 +01:00
|
|
|
archlinux_org_cname = {
|
2020-12-27 23:21:29 +01:00
|
|
|
archive = { value = "gemini" }
|
|
|
|
dev = { value = "www" }
|
|
|
|
g2kjxsblac7x = { value = "gv-i5y6mnrelvpfiu.dv.googlehosted.com." }
|
|
|
|
git = { value = "luna" }
|
|
|
|
ipxe = { value = "www" }
|
|
|
|
mailman = { value = "redirect" }
|
|
|
|
packages = { value = "www" }
|
2021-02-24 18:31:06 +01:00
|
|
|
ping = { value = "redirect" }
|
2020-12-27 23:21:29 +01:00
|
|
|
planet = { value = "www" }
|
|
|
|
projects = { value = "luna" }
|
|
|
|
repos = { value = "gemini" }
|
|
|
|
rsync = { value = "gemini" }
|
|
|
|
sources = { value = "gemini" }
|
|
|
|
"static.conf" = { value = "redirect" }
|
2021-03-29 02:31:42 +02:00
|
|
|
logging = { value = "monitoring" }
|
2020-12-27 23:21:29 +01:00
|
|
|
status = { value = "stats.uptimerobot.com." }
|
|
|
|
svn = { value = "gemini" }
|
2020-12-28 19:21:55 +01:00
|
|
|
|
|
|
|
# MTA-STS
|
|
|
|
mta-sts = { value = "mail" }
|
|
|
|
"mta-sts.aur" = { value = "mail" }
|
2020-12-31 02:26:40 +01:00
|
|
|
"_mta-sts.aur" = { value = "_mta-sts", ttl = 600 }
|
2020-12-28 19:21:55 +01:00
|
|
|
"mta-sts.master-key" = { value = "mail" }
|
2020-12-31 02:26:40 +01:00
|
|
|
"_mta-sts.master-key" = { value = "_mta-sts", ttl = 600 }
|
2020-12-28 19:21:55 +01:00
|
|
|
"mta-sts.lists" = { value = "mail" }
|
2020-12-31 02:26:40 +01:00
|
|
|
"_mta-sts.lists" = { value = "_mta-sts", ttl = 600 }
|
2020-12-26 22:47:08 +01:00
|
|
|
}
|
|
|
|
|
2020-12-27 03:57:32 +01:00
|
|
|
# This creates pkgbuild.comA/AAAA DNS entries in addition to those already specified by the VPSes.
|
|
|
|
# The VPSes already get a default domain assigned based on their domain parameter.
|
|
|
|
# Thus the domains in local.pkgbuild_com_a_aaaa are additional domains or domains assigned to dedicated servers.
|
|
|
|
#
|
|
|
|
# The entry name corresponds to the subdomain.
|
|
|
|
# '@' is the root doman (pkgbuild.com).
|
|
|
|
# Valid parameters are:
|
|
|
|
# - ipv4_address (mandatory)
|
|
|
|
# - ipv6_address (mandatory)
|
2020-12-28 02:21:55 +01:00
|
|
|
# - ttl (optional)
|
2020-12-27 03:57:32 +01:00
|
|
|
#
|
|
|
|
pkgbuild_com_a_aaaa = {
|
|
|
|
"@" = {
|
2020-12-28 23:13:43 +01:00
|
|
|
ipv4_address = hcloud_server.machine["homedir.archlinux.org"].ipv4_address
|
|
|
|
ipv6_address = hcloud_server.machine["homedir.archlinux.org"].ipv6_address
|
2020-12-27 03:57:32 +01:00
|
|
|
}
|
|
|
|
"america.mirror" = {
|
|
|
|
ipv4_address = "143.244.34.62"
|
|
|
|
ipv6_address = "2a02:6ea0:cc0e::2"
|
|
|
|
}
|
|
|
|
"america.archive" = {
|
|
|
|
ipv4_address = "143.244.34.62"
|
|
|
|
ipv6_address = "2a02:6ea0:cc0e::2"
|
|
|
|
}
|
|
|
|
"asia.mirror" = {
|
|
|
|
ipv4_address = "84.17.57.98"
|
|
|
|
ipv6_address = "2a02:6ea0:d605::2"
|
|
|
|
}
|
|
|
|
"asia.archive" = {
|
|
|
|
ipv4_address = "84.17.57.98"
|
|
|
|
ipv6_address = "2a02:6ea0:d605::2"
|
|
|
|
}
|
|
|
|
"europe.mirror" = {
|
|
|
|
ipv4_address = "89.187.191.12"
|
|
|
|
ipv6_address = "2a02:6ea0:c237::2"
|
|
|
|
}
|
|
|
|
"europe.archive" = {
|
|
|
|
ipv4_address = "89.187.191.12"
|
|
|
|
ipv6_address = "2a02:6ea0:c237::2"
|
|
|
|
}
|
|
|
|
repro1 = {
|
|
|
|
ipv4_address = "147.75.81.79"
|
|
|
|
ipv6_address = "2604:1380:2001:4500::1"
|
|
|
|
}
|
|
|
|
repro2 = {
|
|
|
|
ipv4_address = "212.102.38.209"
|
|
|
|
ipv6_address = "2a02:6ea0:c238::2"
|
|
|
|
}
|
|
|
|
www = {
|
2020-12-28 23:13:43 +01:00
|
|
|
ipv4_address = hcloud_server.machine["homedir.archlinux.org"].ipv4_address
|
|
|
|
ipv6_address = hcloud_server.machine["homedir.archlinux.org"].ipv6_address
|
2020-12-27 03:57:32 +01:00
|
|
|
}
|
|
|
|
}
|
2020-12-26 17:01:12 +01:00
|
|
|
}
|
|
|
|
|
2020-08-27 11:22:04 +02:00
|
|
|
resource "hetznerdns_zone" "archlinux" {
|
|
|
|
name = "archlinux.org"
|
2020-10-21 20:14:43 +02:00
|
|
|
ttl = 86400
|
2020-08-27 11:22:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "hetznerdns_zone" "pkgbuild" {
|
|
|
|
name = "pkgbuild.com"
|
2020-10-21 20:14:43 +02:00
|
|
|
ttl = 86400
|
2020-08-27 11:22:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "hetznerdns_record" "pkgbuild_com_origin_caa" {
|
|
|
|
zone_id = hetznerdns_zone.pkgbuild.id
|
2020-10-21 20:14:43 +02:00
|
|
|
name = "@"
|
|
|
|
value = "0 issue \"letsencrypt.org\""
|
|
|
|
type = "CAA"
|
2020-08-27 11:22:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "hetznerdns_record" "pkgbuild_com_origin_mx" {
|
|
|
|
zone_id = hetznerdns_zone.pkgbuild.id
|
2020-10-21 20:14:43 +02:00
|
|
|
name = "@"
|
|
|
|
value = "0 ."
|
|
|
|
type = "MX"
|
2020-08-27 11:22:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "hetznerdns_record" "pkgbuild_com_origin_ns3" {
|
|
|
|
zone_id = hetznerdns_zone.pkgbuild.id
|
2020-10-21 20:14:43 +02:00
|
|
|
name = "@"
|
|
|
|
value = "robotns3.second-ns.com."
|
|
|
|
type = "NS"
|
2020-08-27 11:22:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "hetznerdns_record" "pkgbuild_com_origin_ns2" {
|
|
|
|
zone_id = hetznerdns_zone.pkgbuild.id
|
2020-10-21 20:14:43 +02:00
|
|
|
name = "@"
|
|
|
|
value = "robotns2.second-ns.de."
|
|
|
|
type = "NS"
|
2020-08-27 11:22:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "hetznerdns_record" "pkgbuild_com_origin_ns1" {
|
|
|
|
zone_id = hetznerdns_zone.pkgbuild.id
|
2020-10-21 20:14:43 +02:00
|
|
|
name = "@"
|
|
|
|
value = "ns1.first-ns.de."
|
|
|
|
type = "NS"
|
2020-08-27 11:22:04 +02:00
|
|
|
}
|
|
|
|
|
2020-09-08 12:34:16 +02:00
|
|
|
# TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
|
|
|
|
# https://github.com/timohirt/terraform-provider-hetznerdns/issues/20
|
|
|
|
# https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/62#note_4040
|
|
|
|
# resource "hetznerdns_record" "pkgbuild_com_origin_soa" {
|
|
|
|
# zone_id = hetznerdns_zone.pkgbuild.id
|
|
|
|
# name = "@"
|
|
|
|
# value = "ns1.first-ns.de. dns.hetzner.com. 2020090604 14400 1800 604800 86400"
|
|
|
|
# type = "SOA"
|
|
|
|
# }
|
2020-08-27 11:22:04 +02:00
|
|
|
|
2020-12-27 03:57:32 +01:00
|
|
|
|
2020-08-27 11:22:04 +02:00
|
|
|
resource "hetznerdns_record" "pkgbuild_com_origin_txt" {
|
|
|
|
zone_id = hetznerdns_zone.pkgbuild.id
|
2020-10-21 20:14:43 +02:00
|
|
|
name = "@"
|
|
|
|
value = "\"v=spf1 -all\""
|
|
|
|
type = "TXT"
|
2020-08-27 11:22:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "hetznerdns_record" "archlinux_org_origin_caa" {
|
|
|
|
zone_id = hetznerdns_zone.archlinux.id
|
2020-10-21 20:14:43 +02:00
|
|
|
name = "@"
|
|
|
|
value = "0 issue \"letsencrypt.org\""
|
|
|
|
type = "CAA"
|
2020-08-27 11:22:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "hetznerdns_record" "archlinux_org_origin_ns3" {
|
|
|
|
zone_id = hetznerdns_zone.archlinux.id
|
2020-10-21 20:14:43 +02:00
|
|
|
name = "@"
|
|
|
|
value = "robotns3.second-ns.com."
|
|
|
|
type = "NS"
|
2020-08-27 11:22:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "hetznerdns_record" "archlinux_org_origin_ns2" {
|
|
|
|
zone_id = hetznerdns_zone.archlinux.id
|
2020-10-21 20:14:43 +02:00
|
|
|
name = "@"
|
|
|
|
value = "robotns2.second-ns.de."
|
|
|
|
type = "NS"
|
2020-08-27 11:22:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "hetznerdns_record" "archlinux_org_origin_ns1" {
|
|
|
|
zone_id = hetznerdns_zone.archlinux.id
|
2020-10-21 20:14:43 +02:00
|
|
|
name = "@"
|
|
|
|
value = "ns1.first-ns.de."
|
|
|
|
type = "NS"
|
2020-08-27 11:22:04 +02:00
|
|
|
}
|
|
|
|
|
2020-09-08 12:34:16 +02:00
|
|
|
# TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
|
|
|
|
# https://github.com/timohirt/terraform-provider-hetznerdns/issues/20
|
|
|
|
# https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/62#note_4040
|
|
|
|
#; resource "hetznerdns_record" "archlinux_org_origin_soa" {
|
|
|
|
# zone_id = hetznerdns_zone.archlinux.id
|
|
|
|
# name = "@"
|
|
|
|
# value = "ns1.first-ns.de. ibiru.archlinux.org. 2020072502 7200 900 1209600 86400"
|
|
|
|
# type = "SOA"
|
|
|
|
# }
|
2020-08-27 11:22:04 +02:00
|
|
|
|
|
|
|
resource "hetznerdns_record" "archlinux_org_matrix_tcp_srv" {
|
|
|
|
zone_id = hetznerdns_zone.archlinux.id
|
2020-10-21 20:14:43 +02:00
|
|
|
name = "_matrix._tcp"
|
|
|
|
value = "10 0 8448 matrix"
|
|
|
|
type = "SRV"
|
2020-08-27 11:22:04 +02:00
|
|
|
}
|
|
|
|
|
2020-12-18 16:38:13 +01:00
|
|
|
resource "hcloud_floating_ip" "gitlab_pages" {
|
|
|
|
type = "ipv4"
|
|
|
|
description = "GitLab Pages"
|
2020-12-27 03:57:32 +01:00
|
|
|
server_id = hcloud_server.machine["gitlab.archlinux.org"].id
|
2020-12-18 16:38:13 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
variable "gitlab_pages_ipv6" {
|
|
|
|
default = "2a01:4f8:c2c:5d2d::2"
|
|
|
|
}
|
|
|
|
|
2020-10-21 05:42:11 +02:00
|
|
|
resource "hcloud_volume" "gitlab" {
|
2020-10-21 20:14:43 +02:00
|
|
|
name = "gitlab"
|
|
|
|
size = 1000
|
2020-12-27 03:57:32 +01:00
|
|
|
server_id = hcloud_server.machine["gitlab.archlinux.org"].id
|
2019-10-10 23:14:36 +02:00
|
|
|
}
|
2019-10-13 17:35:12 +02:00
|
|
|
|
2020-08-13 21:07:15 +02:00
|
|
|
resource "hcloud_volume" "mirror" {
|
2020-10-21 20:14:43 +02:00
|
|
|
name = "mirror"
|
|
|
|
size = 100
|
2020-12-27 03:57:32 +01:00
|
|
|
server_id = hcloud_server.machine["mirror.pkgbuild.com"].id
|
2019-11-18 07:47:44 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "hcloud_volume" "homedir" {
|
2020-10-21 20:14:43 +02:00
|
|
|
name = "homedir"
|
|
|
|
size = 100
|
2020-12-27 03:57:32 +01:00
|
|
|
server_id = hcloud_server.machine["homedir.archlinux.org"].id
|
2020-04-30 14:30:35 +02:00
|
|
|
}
|
2021-03-19 05:41:40 +01:00
|
|
|
|
|
|
|
resource "hcloud_volume" "monitoring" {
|
|
|
|
name = "monitoring"
|
|
|
|
size = 100
|
|
|
|
server_id = hcloud_server.machine["monitoring.archlinux.org"].id
|
|
|
|
}
|