aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.envrc9
-rw-r--r--secrets/mail/dkim/tld.keybin0 -> 909 bytes
-rw-r--r--secrets/mail/dkim/tld.pubbin0 -> 294 bytes
-rw-r--r--secrets/terraform/plan-files/2020-11-26T13:47:30-03:00.tfplanbin0 -> 4073 bytes
-rw-r--r--secrets/terraform/plan-files/2020-11-26T13:51:16-03:00.tfplanbin0 -> 4188 bytes
-rw-r--r--secrets/terraform/plan-files/2020-11-26T13:51:48-03:00.tfplanbin0 -> 4190 bytes
-rw-r--r--secrets/terraform/plan-files/2020-11-26T14:27:01-03:00.tfplanbin0 -> 4230 bytes
-rw-r--r--secrets/terraform/plan-files/2020-11-26T14:28:03-03:00.tfplanbin0 -> 4239 bytes
-rw-r--r--secrets/terraform/plan-files/2020-11-26T14:29:14-03:00.tfplanbin0 -> 4241 bytes
-rw-r--r--secrets/terraform/plan-files/2020-11-26T14:31:17-03:00.tfplanbin0 -> 4088 bytes
-rw-r--r--secrets/terraform/plan-files/2020-11-26T14:45:29-03:00.tfplanbin0 -> 4344 bytes
-rw-r--r--secrets/terraform/plan-files/2020-11-26T14:46:53-03:00.tfplanbin0 -> 4427 bytes
-rw-r--r--secrets/terraform/plan-files/2020-11-26T14:56:51-03:00.tfplanbin0 -> 4533 bytes
-rw-r--r--secrets/terraform/plan-files/2020-11-26T14:57:42-03:00.tfplanbin0 -> 4538 bytes
-rw-r--r--secrets/terraform/plan-files/2020-11-26T15:14:51-03:00.tfplanbin0 -> 5005 bytes
-rw-r--r--secrets/terraform/plan-files/2020-11-26T15:16:32-03:00.tfplanbin0 -> 5364 bytes
-rw-r--r--secrets/terraform/terraform.tfstatebin3145 -> 8289 bytes
-rw-r--r--secrets/terraform/terraform.tfstate.backupbin3133 -> 7698 bytes
-rw-r--r--sync/tld.txt1
-rw-r--r--vps.tf67
20 files changed, 76 insertions, 1 deletions
diff --git a/.envrc b/.envrc
index d16dff6..7583e6f 100644
--- a/.envrc
+++ b/.envrc
@@ -4,7 +4,7 @@ set -Eeuo pipefail
#
# envsubst
#
-export TLD='arrobaponto.org'
+export TLD="$(cat sync/tld.txt)"
#
# Terraform
@@ -12,5 +12,12 @@ export TLD='arrobaponto.org'
export TF_VAR_tld="${TLD}"
export TF_VAR_hostname="sovereignty-guix-system"
export TF_VAR_storage_name="sovereignty-storage"
+
TF_VAR_vultr_api_key="$(cat ./secrets/terraform/vultr-api-key.txt)"
export TF_VAR_vultr_api_key
+
+TF_VAR_dkim_public_key="$(cat ./secrets/mail/dkim/tld.pub | head -n -1 | tail -n +2 | tr -d '\n')"
+export TF_VAR_dkim_public_key
+
+# Selector: date when it was created
+export TF_VAR_dkim_selector='20201126'
diff --git a/secrets/mail/dkim/tld.key b/secrets/mail/dkim/tld.key
new file mode 100644
index 0000000..4738a73
--- /dev/null
+++ b/secrets/mail/dkim/tld.key
Binary files differ
diff --git a/secrets/mail/dkim/tld.pub b/secrets/mail/dkim/tld.pub
new file mode 100644
index 0000000..5954001
--- /dev/null
+++ b/secrets/mail/dkim/tld.pub
Binary files differ
diff --git a/secrets/terraform/plan-files/2020-11-26T13:47:30-03:00.tfplan b/secrets/terraform/plan-files/2020-11-26T13:47:30-03:00.tfplan
new file mode 100644
index 0000000..5c52f72
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-11-26T13:47:30-03:00.tfplan
Binary files differ
diff --git a/secrets/terraform/plan-files/2020-11-26T13:51:16-03:00.tfplan b/secrets/terraform/plan-files/2020-11-26T13:51:16-03:00.tfplan
new file mode 100644
index 0000000..7e61915
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-11-26T13:51:16-03:00.tfplan
Binary files differ
diff --git a/secrets/terraform/plan-files/2020-11-26T13:51:48-03:00.tfplan b/secrets/terraform/plan-files/2020-11-26T13:51:48-03:00.tfplan
new file mode 100644
index 0000000..f229586
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-11-26T13:51:48-03:00.tfplan
Binary files differ
diff --git a/secrets/terraform/plan-files/2020-11-26T14:27:01-03:00.tfplan b/secrets/terraform/plan-files/2020-11-26T14:27:01-03:00.tfplan
new file mode 100644
index 0000000..148fc94
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-11-26T14:27:01-03:00.tfplan
Binary files differ
diff --git a/secrets/terraform/plan-files/2020-11-26T14:28:03-03:00.tfplan b/secrets/terraform/plan-files/2020-11-26T14:28:03-03:00.tfplan
new file mode 100644
index 0000000..f4e6788
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-11-26T14:28:03-03:00.tfplan
Binary files differ
diff --git a/secrets/terraform/plan-files/2020-11-26T14:29:14-03:00.tfplan b/secrets/terraform/plan-files/2020-11-26T14:29:14-03:00.tfplan
new file mode 100644
index 0000000..2c9d42e
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-11-26T14:29:14-03:00.tfplan
Binary files differ
diff --git a/secrets/terraform/plan-files/2020-11-26T14:31:17-03:00.tfplan b/secrets/terraform/plan-files/2020-11-26T14:31:17-03:00.tfplan
new file mode 100644
index 0000000..8628174
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-11-26T14:31:17-03:00.tfplan
Binary files differ
diff --git a/secrets/terraform/plan-files/2020-11-26T14:45:29-03:00.tfplan b/secrets/terraform/plan-files/2020-11-26T14:45:29-03:00.tfplan
new file mode 100644
index 0000000..7b2f5f2
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-11-26T14:45:29-03:00.tfplan
Binary files differ
diff --git a/secrets/terraform/plan-files/2020-11-26T14:46:53-03:00.tfplan b/secrets/terraform/plan-files/2020-11-26T14:46:53-03:00.tfplan
new file mode 100644
index 0000000..26a4ee6
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-11-26T14:46:53-03:00.tfplan
Binary files differ
diff --git a/secrets/terraform/plan-files/2020-11-26T14:56:51-03:00.tfplan b/secrets/terraform/plan-files/2020-11-26T14:56:51-03:00.tfplan
new file mode 100644
index 0000000..b8c21a9
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-11-26T14:56:51-03:00.tfplan
Binary files differ
diff --git a/secrets/terraform/plan-files/2020-11-26T14:57:42-03:00.tfplan b/secrets/terraform/plan-files/2020-11-26T14:57:42-03:00.tfplan
new file mode 100644
index 0000000..b2052d1
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-11-26T14:57:42-03:00.tfplan
Binary files differ
diff --git a/secrets/terraform/plan-files/2020-11-26T15:14:51-03:00.tfplan b/secrets/terraform/plan-files/2020-11-26T15:14:51-03:00.tfplan
new file mode 100644
index 0000000..eebd758
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-11-26T15:14:51-03:00.tfplan
Binary files differ
diff --git a/secrets/terraform/plan-files/2020-11-26T15:16:32-03:00.tfplan b/secrets/terraform/plan-files/2020-11-26T15:16:32-03:00.tfplan
new file mode 100644
index 0000000..a157868
--- /dev/null
+++ b/secrets/terraform/plan-files/2020-11-26T15:16:32-03:00.tfplan
Binary files differ
diff --git a/secrets/terraform/terraform.tfstate b/secrets/terraform/terraform.tfstate
index 78a3106..6a6beca 100644
--- a/secrets/terraform/terraform.tfstate
+++ b/secrets/terraform/terraform.tfstate
Binary files differ
diff --git a/secrets/terraform/terraform.tfstate.backup b/secrets/terraform/terraform.tfstate.backup
index 96a51dc..928925b 100644
--- a/secrets/terraform/terraform.tfstate.backup
+++ b/secrets/terraform/terraform.tfstate.backup
Binary files differ
diff --git a/sync/tld.txt b/sync/tld.txt
new file mode 100644
index 0000000..1aaed8d
--- /dev/null
+++ b/sync/tld.txt
@@ -0,0 +1 @@
+arrobaponto.org
diff --git a/vps.tf b/vps.tf
index 74559c9..05f5b31 100644
--- a/vps.tf
+++ b/vps.tf
@@ -15,6 +15,15 @@ variable "hostname" {
description = "Human name of the host. This is a pet name, not cattle name :)"
}
+variable "dkim_public_key" {
+ type = string
+ description = "Public key for the DNS TXT DKIM record."
+}
+
+variable "dkim_selector" {
+ type = string
+ description = "The DKIM selector that prefixes the domain in the TXT record."
+}
# Vultr
@@ -45,8 +54,66 @@ output "public_ip" {
# DNS and IP configuration
+locals {
+ mail_domain = "mail.${var.tld}"
+}
+
resource "vultr_dns_domain" "vps_tld" {
# The CNAME record is already generated by Vultr
domain = var.tld
server_ip = vultr_server.vps_server.main_ip
}
+
+resource "vultr_dns_record" "vps_mail_a_record" {
+ domain = var.tld
+ name = "mail"
+ data = vultr_server.vps_server.main_ip
+ type = "A"
+}
+
+resource "vultr_reverse_ipv4" "vps_mail_reverse_ipv4" {
+ instance_id = vultr_server.vps_server.id
+ ip = vultr_server.vps_server.main_ip
+ reverse = local.mail_domain
+}
+
+resource "vultr_dns_record" "vps_mail_aaaa_record" {
+ domain = var.tld
+ name = "mail"
+ data = vultr_server.vps_server.v6_networks[0].v6_main_ip
+ type = "AAAA"
+}
+
+resource "vultr_reverse_ipv6" "vps_mail_reverse_ipv6" {
+ instance_id = vultr_server.vps_server.id
+ ip = vultr_server.vps_server.v6_networks[0].v6_main_ip
+ reverse = local.mail_domain
+}
+
+resource "vultr_dns_record" "vps_mx_record" {
+ domain = var.tld
+ name = ""
+ data = local.mail_domain
+ type = "MX"
+}
+
+resource "vultr_dns_record" "vps_spf_txt" {
+ domain = var.tld
+ name = ""
+ data = "\"v=spf1 mx -all\""
+ type = "TXT"
+}
+
+resource "vultr_dns_record" "vps_dkim_txt" {
+ domain = var.tld
+ name = "${var.dkim_selector}._domainkey"
+ data = "\"v=DKIM1;k=rsa;p=${var.dkim_public_key}\""
+ type = "TXT"
+}
+
+resource "vultr_dns_record" "vps_dmarc_txt" {
+ domain = var.tld
+ name = "_dmarc"
+ data = "\"v=DMARC1;p=none;pct=100;rua=mailto:postmaster@${var.tld};\""
+ type = "TXT"
+}
generated by cgit v1.2.3 (git 2.49.0) at 2025-07-21 21:35:58 +0000