Terraform: Add email DNS records (DKIM, DMARC, SPF)

author: EuAndreh <eu@euandre.org> 2020-11-26 15:17:36 -0300
committer: EuAndreh <eu@euandre.org> 2020-11-26 15:18:06 -0300
commit: e317780e0a59b55d1203987dcbfa515ce93c1b3d (patch)
tree: b7bb94449c8616436cb547e9f03831409faf4141 /vps.tf
parent: vps.scm: Add unattended-upgrade-service-type to the service list (diff)
download: server-e317780e0a59b55d1203987dcbfa515ce93c1b3d.tar.gz
server-e317780e0a59b55d1203987dcbfa515ce93c1b3d.tar.xz
1 files changed, 67 insertions, 0 deletions
diff --git a/vps.tf b/vps.tf
index 74559c9..05f5b31 100644
--- a/vps.tf
+++ b/vps.tf
@@ -15,6 +15,15 @@ variable "hostname" {
   description = "Human name of the host. This is a pet name, not cattle name :)"
 }
 
+variable "dkim_public_key" {
+  type        = string
+  description = "Public key for the DNS TXT DKIM record."
+}
+
+variable "dkim_selector" {
+  type        = string
+  description = "The DKIM selector that prefixes the domain in the TXT record."
+}
 
 # Vultr
 
@@ -45,8 +54,66 @@ output "public_ip" {
 
 # DNS and IP configuration
 
+locals {
+  mail_domain = "mail.${var.tld}"
+}
+
 resource "vultr_dns_domain" "vps_tld" {
   # The CNAME record is already generated by Vultr
   domain    = var.tld
   server_ip = vultr_server.vps_server.main_ip
 }
+
+resource "vultr_dns_record" "vps_mail_a_record" {
+  domain = var.tld
+  name   = "mail"
+  data   = vultr_server.vps_server.main_ip
+  type   = "A"
+}
+
+resource "vultr_reverse_ipv4" "vps_mail_reverse_ipv4" {
+  instance_id = vultr_server.vps_server.id
+  ip          = vultr_server.vps_server.main_ip
+  reverse     = local.mail_domain
+}
+
+resource "vultr_dns_record" "vps_mail_aaaa_record" {
+  domain = var.tld
+  name   = "mail"
+  data   = vultr_server.vps_server.v6_networks[0].v6_main_ip
+  type   = "AAAA"
+}
+
+resource "vultr_reverse_ipv6" "vps_mail_reverse_ipv6" {
+  instance_id = vultr_server.vps_server.id
+  ip          = vultr_server.vps_server.v6_networks[0].v6_main_ip
+  reverse     = local.mail_domain
+}
+
+resource "vultr_dns_record" "vps_mx_record" {
+  domain = var.tld
+  name   = ""
+  data   = local.mail_domain
+  type   = "MX"
+}
+
+resource "vultr_dns_record" "vps_spf_txt" {
+  domain = var.tld
+  name   = ""
+  data   = "\"v=spf1 mx -all\""
+  type   = "TXT"
+}
+
+resource "vultr_dns_record" "vps_dkim_txt" {
+  domain = var.tld
+  name   = "${var.dkim_selector}._domainkey"
+  data   = "\"v=DKIM1;k=rsa;p=${var.dkim_public_key}\""
+  type   = "TXT"
+}
+
+resource "vultr_dns_record" "vps_dmarc_txt" {
+  domain = var.tld
+  name   = "_dmarc"
+  data   = "\"v=DMARC1;p=none;pct=100;rua=mailto:postmaster@${var.tld};\""
+  type   = "TXT"
+}
author	EuAndreh <eu@euandre.org>	2020-11-26 15:17:36 -0300
committer	EuAndreh <eu@euandre.org>	2020-11-26 15:18:06 -0300
commit	e317780e0a59b55d1203987dcbfa515ce93c1b3d (patch)
tree	b7bb94449c8616436cb547e9f03831409faf4141 /vps.tf
parent	vps.scm: Add unattended-upgrade-service-type to the service list (diff)
download	server-e317780e0a59b55d1203987dcbfa515ce93c1b3d.tar.gz server-e317780e0a59b55d1203987dcbfa515ce93c1b3d.tar.xz