1 files changed, 139 insertions, 0 deletions
diff --git a/servers/guixvps/infrastructure.tf b/servers/guixvps/infrastructure.tf
new file mode 100644
index 0000000..2721c56
--- /dev/null
+++ b/servers/guixvps/infrastructure.tf
@@ -0,0 +1,139 @@
+terraform {
+  required_providers {
+    vultr = {
+      source  = "vultr/vultr"
+      version = "~> 2.1.2"
+    }
+  }
+  required_version = ">= 0.13"
+}
+
+# Input variables
+
+variable "vultr_api_key" {
+  type        = string
+  description = "Vultr API key."
+}
+
+variable "vps_tld" {
+  type        = string
+  description = "Root Top-Level Domain. Subdomains will be derived from it."
+}
+
+variable "vps_hostname" {
+  type        = string
+  description = "Human name of the host. This is a pet name, not cattle name :)"
+}
+
+variable "vps_dkim_public_key" {
+  type        = string
+  description = "Public key for the DNS TXT DKIM record."
+}
+
+variable "vps_dkim_selector" {
+  type        = string
+  description = "The DKIM selector that prefixes the domain in the TXT record."
+}
+
+# Vultr
+
+provider "vultr" {
+  api_key = var.vultr_api_key
+}
+
+# Instance
+
+resource "vultr_instance" "vps_server" {
+  enable_ipv6      = true
+  backups          = "enabled"
+  hostname         = var.vps_hostname
+  activation_email = true
+  label            = var.vps_hostname
+  region           = "cdg"
+  plan             = "vc2-1c-1gb"
+  # $ curl -H "Authorization: Bearer $TF_VAR_vultr_api_key" https://api.vultr.com/v2/snapshots  | jq
+  snapshot_id = "8e6aaab6-7973-48a0-aeb5-cb99ab1ff43d"
+}
+
+output "vps_public_ipv4" {
+  value = vultr_instance.vps_server.main_ip
+}
+
+output "vps_public_ipv6" {
+  value = vultr_instance.vps_server.v6_main_ip
+}
+
+# DNS and IP configuration
+
+locals {
+  mail_domain = "mail.${var.vps_tld}"
+}
+
+resource "vultr_dns_domain" "vps_tld" {
+  # The CNAME record is already generated by Vultr
+  domain = var.vps_tld
+  ip     = vultr_instance.vps_server.main_ip
+}
+
+resource "vultr_dns_record" "vps_mail_a_record" {
+  domain = vultr_dns_domain.vps_tld.id
+  name   = "mail"
+  data   = vultr_instance.vps_server.main_ip
+  type   = "A"
+}
+
+resource "vultr_reverse_ipv4" "vps_mail_reverse_ipv4" {
+  instance_id = vultr_instance.vps_server.id
+  ip          = vultr_instance.vps_server.main_ip
+  reverse     = local.mail_domain
+}
+
+resource "vultr_dns_record" "vps_mail_aaaa_record" {
+  domain = vultr_dns_domain.vps_tld.id
+  name   = "mail"
+  data   = vultr_instance.vps_server.v6_main_ip
+  type   = "AAAA"
+}
+
+resource "vultr_reverse_ipv6" "vps_mail_reverse_ipv6" {
+  instance_id = vultr_instance.vps_server.id
+  ip          = vultr_instance.vps_server.v6_main_ip
+  reverse     = local.mail_domain
+}
+
+resource "vultr_dns_record" "vps_mx_record" {
+  domain = vultr_dns_domain.vps_tld.id
+  name   = ""
+  data   = local.mail_domain
+  type   = "MX"
+}
+
+resource "vultr_dns_record" "vps_spf_txt" {
+  domain = vultr_dns_domain.vps_tld.id
+  name   = ""
+  data   = "\"v=spf1 mx -all\""
+  type   = "TXT"
+}
+
+resource "vultr_dns_record" "vps_dkim_txt" {
+  domain = vultr_dns_domain.vps_tld.id
+  name   = "${var.vps_dkim_selector}._domainkey"
+  data   = "\"v=DKIM1;k=rsa;p=${var.vps_dkim_public_key}\""
+  type   = "TXT"
+}
+
+resource "vultr_dns_record" "vps_dmarc_txt" {
+  domain = vultr_dns_domain.vps_tld.id
+  name   = "_dmarc"
+  data   = "\"v=DMARC1;p=none;pct=100;rua=mailto:postmaster@${var.vps_tld};\""
+  type   = "TXT"
+}
+
+# I think this DNS is configured by default
+
+# resource "vultr_dns_record" "vps_cname_start_alias" {
+#   domain = vultr_dns_domain.vps_tld.id
+#   name   = "*"
+#   data   = var.vps_tld
+#   type   = "CNAME"
+# }