WIP reactivate nixvps with Terraform and nixos-rebuild on Vultr

1 files changed, 18 insertions, 28 deletions

diff --git a/servers/active/nixvps/infrastructure.tf b/servers/active/nixvps/infrastructure.tf
index 2721c56..ae37080 100644
--- a/servers/active/nixvps/infrastructure.tf
+++ b/servers/active/nixvps/infrastructure.tf
@@ -15,26 +15,16 @@ variable "vultr_api_key" {
   description = "Vultr API key."
 }
 
-variable "vps_tld" {
+variable "tld" {
   type        = string
   description = "Root Top-Level Domain. Subdomains will be derived from it."
 }
 
-variable "vps_hostname" {
+variable "hostname" {
   type        = string
   description = "Human name of the host. This is a pet name, not cattle name :)"
 }
 
-variable "vps_dkim_public_key" {
-  type        = string
-  description = "Public key for the DNS TXT DKIM record."
-}
-
-variable "vps_dkim_selector" {
-  type        = string
-  description = "The DKIM selector that prefixes the domain in the TXT record."
-}
-
 # Vultr
 
 provider "vultr" {
@@ -46,9 +36,9 @@ provider "vultr" {
 resource "vultr_instance" "vps_server" {
   enable_ipv6      = true
   backups          = "enabled"
-  hostname         = var.vps_hostname
+  hostname         = var.hostname
   activation_email = true
-  label            = var.vps_hostname
+  label            = var.hostname
   region           = "cdg"
   plan             = "vc2-1c-1gb"
   # $ curl -H "Authorization: Bearer $TF_VAR_vultr_api_key" https://api.vultr.com/v2/snapshots  | jq
@@ -66,17 +56,17 @@ output "vps_public_ipv6" {
 # DNS and IP configuration
 
 locals {
-  mail_domain = "mail.${var.vps_tld}"
+  mail_domain = "mail.${var.tld}"
 }
 
-resource "vultr_dns_domain" "vps_tld" {
+resource "vultr_dns_domain" "tld" {
   # The CNAME record is already generated by Vultr
-  domain = var.vps_tld
+  domain = var.tld
   ip     = vultr_instance.vps_server.main_ip
 }
 
 resource "vultr_dns_record" "vps_mail_a_record" {
-  domain = vultr_dns_domain.vps_tld.id
+  domain = vultr_dns_domain.tld.id
   name   = "mail"
   data   = vultr_instance.vps_server.main_ip
   type   = "A"
@@ -89,7 +79,7 @@ resource "vultr_reverse_ipv4" "vps_mail_reverse_ipv4" {
 }
 
 resource "vultr_dns_record" "vps_mail_aaaa_record" {
-  domain = vultr_dns_domain.vps_tld.id
+  domain = vultr_dns_domain.tld.id
   name   = "mail"
   data   = vultr_instance.vps_server.v6_main_ip
   type   = "AAAA"
@@ -102,38 +92,38 @@ resource "vultr_reverse_ipv6" "vps_mail_reverse_ipv6" {
 }
 
 resource "vultr_dns_record" "vps_mx_record" {
-  domain = vultr_dns_domain.vps_tld.id
+  domain = vultr_dns_domain.tld.id
   name   = ""
   data   = local.mail_domain
   type   = "MX"
 }
 
 resource "vultr_dns_record" "vps_spf_txt" {
-  domain = vultr_dns_domain.vps_tld.id
+  domain = vultr_dns_domain.tld.id
   name   = ""
   data   = "\"v=spf1 mx -all\""
   type   = "TXT"
 }
 
 resource "vultr_dns_record" "vps_dkim_txt" {
-  domain = vultr_dns_domain.vps_tld.id
-  name   = "${var.vps_dkim_selector}._domainkey"
-  data   = "\"v=DKIM1;k=rsa;p=${var.vps_dkim_public_key}\""
+  domain = vultr_dns_domain.tld.id
+  name   = "mail._domainkey"
+  data   = "\"v=DKIM1; k=rsa; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgxJoKIUUzm1/4b507UQnO2gzJU5haFUhjLK2Vsx3eEGZ83XNj1NkI40IstWsR1VXNUkYcnuCGYwwoDwu397PBRK3qi62MV85rtLQ3ZbUoCkEtPgdoLome/87TU1sziMgadGVwK5QeV4bfFQYCY8dinM9QzIpfUo3UyB6s9mrCbQIDAQAB\""
   type   = "TXT"
 }
 
 resource "vultr_dns_record" "vps_dmarc_txt" {
-  domain = vultr_dns_domain.vps_tld.id
+  domain = vultr_dns_domain.tld.id
   name   = "_dmarc"
-  data   = "\"v=DMARC1;p=none;pct=100;rua=mailto:postmaster@${var.vps_tld};\""
+  data   = "\"v=DMARC1; p=quarantine\""
   type   = "TXT"
 }
 
 # I think this DNS is configured by default
 
 # resource "vultr_dns_record" "vps_cname_start_alias" {
-#   domain = vultr_dns_domain.vps_tld.id
+#   domain = vultr_dns_domain.tld.id
 #   name   = "*"
-#   data   = var.vps_tld
+#   data   = var.tld
 #   type   = "CNAME"
 # }