archlinux.tf 17.7 KB
Newer Older
1
terraform {
2
  backend "pg" {
3
    schema_name = "terraform_remote_state_stage1"
4
  }
5
6
}

7
8
data "external" "vault_hetzner" {
  program = [
9
    "${path.module}/../misc/get_key.py", "${path.module}/../misc/vaults/vault_hetzner.yml",
10
11
12
13
    "hetzner_cloud_api_key",
    "hetzner_dns_api_key",
    "--format", "json"
  ]
14
}
15

16
17
data "hcloud_image" "archlinux" {
  with_selector = "custom_image=archlinux"
18
19
  most_recent   = true
  with_status   = ["available"]
20
21
22
}

provider "hcloud" {
23
24
25
26
27
28
29
  token = data.external.vault_hetzner.result.hetzner_cloud_api_key
}

provider "hetznerdns" {
  apitoken = data.external.vault_hetzner.result.hetzner_dns_api_key
}

30
locals {
31
32
33
34
35
36
37
38
  # These are the Hetzner Cloud VPSes.
  # Every entry creates:
  #   - the machine
  #   - the rdns entries
  #   - A and AAAA entries
  #
  # Valid parameters are:
  #   - server_type (mandatory)
39
  #   - domain (optional, creates dns entry <domain>.archlinux.org pointing to the machine)
Frederik Schwan's avatar
Frederik Schwan committed
40
  #   - ttl (optional, applies to the dns entries)
41
  #   - zone (optional, required for pkgbuild.com machines)
42
  #
43
44
45
46
  # Example:
  # "archlinux.org" = {
  #   server_type = "cpx11"
  #   domain      = "@"
47
  #   ttl         = 3600
48
  # }
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
  machines = {
    "archlinux.org" = {
      server_type = "cpx11"
      domain      = "@"
    }
    "accounts.archlinux.org" = {
      server_type = "cx11"
      domain      = "accounts"
    }
    "aur.archlinux.org" = {
      server_type = "cpx41"
      domain      = "aur"
    }
    "bbs.archlinux.org" = {
      server_type = "cx21"
      domain      = "bbs"
    }
    "bugs.archlinux.org" = {
      server_type = "cx11"
      domain      = "bugs"
    }
    "gitlab.archlinux.org" = {
71
      server_type = "cpx41"
72
73
74
75
76
77
      domain      = "gitlab"
    }
    "homedir.archlinux.org" = {
      server_type = "cx11"
      domain      = "homedir"
    }
78
    "lists.archlinux.org" = {
Evangelos Foutras's avatar
Evangelos Foutras committed
79
      server_type = "cpx11"
80
      domain      = "lists"
81
    }
82
83
84
85
86
87
88
89
    "mail.archlinux.org" = {
      server_type = "cx11"
      domain      = "mail"
    }
    "mailman3.archlinux.org" = {
      server_type = "cx11"
      domain      = "mailman3"
    }
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
90
91
92
93
    "man.archlinux.org" = {
      server_type = "cx11"
      domain      = "man"
    }
94
95
96
97
98
    "matrix.archlinux.org" = {
      server_type = "cpx31"
      domain      = "matrix"
    }
    "monitoring.archlinux.org" = {
99
      server_type = "cx31"
100
101
      domain      = "monitoring"
    }
102
103
104
105
    "dashboards.archlinux.org" = {
      server_type = "cx11"
      domain      = "dashboards"
    }
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
    "patchwork.archlinux.org" = {
      server_type = "cx11"
      domain      = "patchwork"
    }
    "phrik.archlinux.org" = {
      server_type = "cx11"
      domain      = "phrik"
    }
    "quassel.archlinux.org" = {
      server_type = "cx11"
      domain      = "quassel"
    }
    "redirect.archlinux.org" = {
      server_type = "cx11"
      domain      = "redirect"
    }
    "reproducible.archlinux.org" = {
      server_type = "cx11"
      domain      = "reproducible"
    }
    "security.archlinux.org" = {
      server_type = "cx11"
      domain      = "security"
    }
    "wiki.archlinux.org" = {
131
      server_type = "cpx21"
132
133
134
135
136
137
      domain      = "wiki"
    }
    "mirror.pkgbuild.com" = {
      server_type = "cx11"
      domain      = "mirror"
      zone        = hetznerdns_zone.pkgbuild.id
138
    }
139
140
141
    "md.archlinux.org" = {
      server_type = "cx11"
      domain      = "md"
Jelle van der Waa's avatar
Jelle van der Waa committed
142
143
144
145
    },
    "gluebuddy.archlinux.org" = {
      server_type = "cx11"
      domain      = "gluebuddy"
Kristian Klausen's avatar
Kristian Klausen committed
146
147
148
149
    },
    "debuginfod.archlinux.org" = {
      server_type = "cx11"
      domain      = "debuginfod"
150
    }
151
152
153
154
155
    "buildbot.pkgbuild.com" = {
      server_type = "cx21"
      domain      = "buildbot"
      zone        = hetznerdns_zone.pkgbuild.id
    }
156
157
  }

158
  # This creates gitlab pages verification entries.
159
160
161
162
163
  # Every line consists of "key" = "value":
  #   - key equals the pages subdomain
  #   - value equals the pages verification code
  #
  archlinux_org_gitlab_pages = {
164
165
166
167
168
    "conf"                  = "60a06a1c02e42b36c3b4919f4d6de6bf"
    "whatcanidofor"         = "d9e45851002a623e10f6954ff9a85d21"
    "openpgpkey"            = "7533dfbf3947a5730d9cbcc1e5e63102"
    "openpgpkey.master-key" = "5c7f9c249885c62287dd75d0c1dd99d8"
    "bugs-old"              = "1f3308c8d5763eecb4f9013291aeeac4"
169
    "tu-bylaws.aur"         = "bbafd3ed82f336e0c52d3eb9774b2432"
170
    "reproducible-notes"    = "8c657f2f2720db1c3db63be89605cf0d"
171
    "terms"                 = "0b62a71af2aa85fb491295b543b4c3d2"
172
173
  }

174
175
176
177
178
179
  # This creates archlinux.org TXT DNS entries
  # Valid parameters are:
  #   - ttl (optional)
  #   - value (mandatory)
  #
  # Example:
180
  # "_github-challenge-archlinux" = { ttl = 3600, value = "824af4446e" }
181
  archlinux_org_txt = {
182
183
184
185
    "dkim-ed25519._domainkey.lists" = { value = "v=DKIM1; k=ed25519;p=ongbdFgt5Vimg/VRRbbSVRU4lBCkcYNaPA4K3JS/DnY=" }
    "dkim-rsa._domainkey.lists"     = { value = "v=DKIM1; k=rsa; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4M+y3ZeB9eI3GVgcrvMcI1SYOveH7P5TTRstaCHTlE/aRTiCzu5h6zKwwxEiK6NR5ugbHpBtfFnfnsl1eoaXVFBQfNdDNglHllJOZGVxTnyrFjRJUk9zN+PV/Haz73nAe1hOAENgV8NKnTok1ntaOYSH1AEj4yTswfQkuN23NPrQc1eyy3+hGC+lYpud3xAAl+oT4QE76PaLgk6Hz\" \"HOvZmAPGD3azJZRbobninZZXTAEvZFuPkfpWeUreDU9Hk9VX3zOmnqTN+YjIS5CdV6+Ghem3dCkmR9j3gOZBeBUYD7b+cinTYe/PZO2OG/LWCwN11EYyf1LSBGhBJCF9HPGiGIdhy5T62nKvwDQS0bj1HL+y6pXZdv2C7KgH+lAZ0idpOQ2TtV5e0tlVdryY4QXY9m7mSQ84WsoEdGDsetOhiTEKuqyGnDoYa0wYbM5477LL6EOzS0x3ZC/mbOg\" \"B+FSdzmLWCH/WjuzMNpw9WU+u4BucwVbYcnZ1vAxQQOEnA/Ku9drRHMFixBwodQuMA78j8ICCMJKlUiXmbbL7OFoXBArYJ7lgVs7mlaoEaqzDPCyqs1lJ9kOxdNoZj5zdxERcQhLm+Yo/948i6Js/nkWT0eAjNlHxZuCg3B4z7L4lRZpaGt+vHdcGUIeDKW34O0dWxPwIUmQA4CwmhUB0HWL9UcCAwEAAQ==" }
    "dkim-ed25519._domainkey"       = { value = "v=DKIM1; k=ed25519; p=XOHB7b7V1puX+FryNIhsjXHYIFqk+q6JRu4XQ7Jc8MQ=" }
    "dkim-rsa._domainkey"           = { value = "v=DKIM1; k=rsa; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1GjGrEczq7iHZbvT7wa4ltJz2jwSndUGdRHgfEPnGBeevOXEAlEFr4zsdkfZEaNaQLIhZNpvKAt/A+kkyalkj4u9AnxqeNsNmZflFl6TKgvh0tWNEP3+XNxfdQ7zfml4WggL/YdAjXngg42oZEUsnS/6iozOFn7bNvzqBx5PFJ21pgyuR8DWyLaeOt+p55dVed7DCKnKi11Xjiu7k\" \"H68W8rose7g8Fv9fecBatEE4jwloOXsjh+tH0iab1NSSSpIq6EdgcPrpmrllN3/n2J/kCGK6ztISB6vR7xWgvgHSMjmEL0GPWzohGPrw2UQhZhrNV8dJpiLRYmfK+rXaKF0Kqag/F0e4C4jCKFX7NYFcYXYRlN5QlDFjZvUmOILlgnZ8w/SdZUKzpLObGuwnANLG+WSOjw42p9mXVGN6AfOQPu8OjRjS1MyhcdDIbUvZiQjbmiVJ5frpYZ39BTg\" \"CIzYLJJ5932+3gnwROu1OeljWkpBkfHZXPzADus80l3Vxsk91XZVB36rN8tyuMownR/M4HNC7ZE/EBwOnn1mGH7bLd6pva8u5Qy8Y6LrDdYea5Kk7aZ2WJSSRTV+nkPvOEIx+DfsIWNfmkVWzmuVky96fRvwOCuh38w8zpmlqzhDuGSQrBaLFXwAC7LYQ6kPDHzrjQhs99ScR0ix6YclrmpimMcCAwEAAQ==" }
186

187
188
189
190
    "_dmarc"                          = { value = "v=DMARC1; p=none; rua=mailto:dmarc-reports@archlinux.org; ruf=mailto:dmarc-reports@archlinux.org;" }
    "_github-challenge-archlinux"     = { value = "824af4446e" }
    "_github-challenge-archlinux.www" = { value = "b53f311f86" }

191
192
193
194
195
    # TLS-RPT + MTA-STS + SPF
    "_smtp._tls"            = { value = "v=TLSRPTv1;rua=mailto:postmaster@archlinux.org" }
    "_smtp._tls.aur"        = { value = "v=TLSRPTv1;rua=mailto:postmaster@archlinux.org" }
    "_smtp._tls.master-key" = { value = "v=TLSRPTv1;rua=mailto:postmaster@archlinux.org" }
    "_smtp._tls.lists"      = { value = "v=TLSRPTv1;rua=mailto:postmaster@archlinux.org" }
196
    # Generated with: date +%Y%m%d01
197
    "_mta-sts"   = { value = "v=STSv1; id=2022051602" }
198
199
200
201
202
    "@"          = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all" }
    "mail"       = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all" }
    "aur"        = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all" }
    "master-key" = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all" }
    lists        = { value = "v=spf1 ip4:${hcloud_server.machine["lists.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["lists.archlinux.org"].ipv6_address} ~all" }
203
  }
204

205
  # This creates archlinux.org MX DNS entries
206
207
  # Valid parameters are:
  #   - mx (mandatory)
208
  #   - ttl (optional)
209
  #
210
  # Example:
211
  # "lists" = { mx = "lists", ttl = 3600 }
212
  archlinux_org_mx = {
213
214
215
216
    "@"        = { mx = "mail" }
    aur        = { mx = "mail" }
    master-key = { mx = "mail" }
    lists      = { mx = "lists" }
217
218
  }

219
220
221
222
223
224
225
226
227
  # This creates archlinux.org A/AAAA DNS entries in addition to those already specified by the VPSes.
  # The VPSes already get a default domain assigned based on their domain parameter.
  # Thus the domains in local.archlinux_org_a_aaaa are additional domains or domains assigned to dedicated servers.
  #
  # The entry name corresponds to the subdomain.
  # '@' is the root doman (archlinux.org).
  # Valid parameters are:
  #   - ipv4_address (mandatory)
  #   - ipv6_address (mandatory)
Frederik Schwan's avatar
Frederik Schwan committed
228
  #   - ttl (optional)
229
  #
230
  # Example:
231
232
233
  # gemini = {
  #   ipv4_address = "49.12.124.107"
  #   ipv6_address = "2a01:4f8:242:5614::2"
234
  #   ttl          = 3600
235
  # }
236
  archlinux_org_a_aaaa = {
237
238
239
240
    aur4 = {
      ipv4_address = "5.9.250.164"
      ipv6_address = "2a01:4f8:160:3033::2"
    }
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
241
242
243
244
    build = {
      ipv4_address = "135.181.138.48"
      ipv6_address = "2a01:4f9:3a:120f::2"
    }
245
246
247
248
    gemini = {
      ipv4_address = "49.12.124.107"
      ipv6_address = "2a01:4f8:242:5614::2"
    }
249
250
251
252
    master-key = {
      ipv4_address = hcloud_server.machine["archlinux.org"].ipv4_address
      ipv6_address = hcloud_server.machine["archlinux.org"].ipv6_address
    }
253
254
255
    pages = {
      ipv4_address = hcloud_floating_ip.gitlab_pages.ip_address
      ipv6_address = var.gitlab_pages_ipv6
256
257
    }
    runner1 = {
258
259
      ipv4_address = "138.199.19.15"
      ipv6_address = "2a02:6ea0:c72e::2"
260
261
262
263
264
265
266
267
268
269
270
271
272
    }
    runner2 = {
      ipv4_address = "147.75.80.217"
      ipv6_address = "2604:1380:2001:4500::3"
    }
    secure-runner1 = {
      ipv4_address = "116.202.134.150"
      ipv6_address = "2a01:4f8:231:4e1e::2"
    }
    state = {
      ipv4_address = "116.203.16.252"
      ipv6_address = "2a01:4f8:c2c:474::1"
    }
273
274
275
276
    www = {
      ipv4_address = hcloud_server.machine["archlinux.org"].ipv4_address
      ipv6_address = hcloud_server.machine["archlinux.org"].ipv6_address
    }
277
278
  }

279
280
281
  # This creates archlinux.org CNAME DNS entries.
  # Valid parameters are:
  #   - value (mandatory, the target for the CNAME "redirect")
Frederik Schwan's avatar
Frederik Schwan committed
282
  #   - ttl (optional)
283
  #
284
  # Example:
285
  # dev                      = { value = "www", ttl = 3600 }
286
  archlinux_org_cname = {
287
288
289
290
291
292
    archive       = { value = "gemini" }
    dev           = { value = "www" }
    g2kjxsblac7x  = { value = "gv-i5y6mnrelvpfiu.dv.googlehosted.com." }
    ipxe          = { value = "www" }
    mailman       = { value = "redirect" }
    packages      = { value = "www" }
293
    ping          = { value = "redirect" }
294
295
296
297
298
299
300
    planet        = { value = "www" }
    repos         = { value = "gemini" }
    rsync         = { value = "gemini" }
    sources       = { value = "gemini" }
    "static.conf" = { value = "redirect" }
    status        = { value = "stats.uptimerobot.com." }
    svn           = { value = "gemini" }
301
    coc           = { value = "redirect" }
302
    git           = { value = "redirect" }
303
304
305
306

    # MTA-STS
    mta-sts               = { value = "mail" }
    "mta-sts.aur"         = { value = "mail" }
307
    "_mta-sts.aur"        = { value = "_mta-sts" }
308
    "mta-sts.master-key"  = { value = "mail" }
309
    "_mta-sts.master-key" = { value = "_mta-sts" }
310
    "mta-sts.lists"       = { value = "mail" }
311
    "_mta-sts.lists"      = { value = "_mta-sts" }
312
313
  }

314
  # This creates pkgbuild.com A/AAAA DNS entries in addition to those already specified by the VPSes.
315
316
317
318
319
320
321
322
  # The VPSes already get a default domain assigned based on their domain parameter.
  # Thus the domains in local.pkgbuild_com_a_aaaa are additional domains or domains assigned to dedicated servers.
  #
  # The entry name corresponds to the subdomain.
  # '@' is the root doman (pkgbuild.com).
  # Valid parameters are:
  #   - ipv4_address (mandatory)
  #   - ipv6_address (mandatory)
Frederik Schwan's avatar
Frederik Schwan committed
323
  #   - ttl (optional)
324
325
326
  #
  pkgbuild_com_a_aaaa = {
    "@" = {
327
328
      ipv4_address = hcloud_server.machine["homedir.archlinux.org"].ipv4_address
      ipv6_address = hcloud_server.machine["homedir.archlinux.org"].ipv6_address
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
    }
    "america.mirror" = {
      ipv4_address = "143.244.34.62"
      ipv6_address = "2a02:6ea0:cc0e::2"
    }
    "america.archive" = {
      ipv4_address = "143.244.34.62"
      ipv6_address = "2a02:6ea0:cc0e::2"
    }
    "asia.mirror" = {
      ipv4_address = "84.17.57.98"
      ipv6_address = "2a02:6ea0:d605::2"
    }
    "asia.archive" = {
      ipv4_address = "84.17.57.98"
      ipv6_address = "2a02:6ea0:d605::2"
    }
    "europe.mirror" = {
      ipv4_address = "89.187.191.12"
      ipv6_address = "2a02:6ea0:c237::2"
    }
    "europe.archive" = {
      ipv4_address = "89.187.191.12"
      ipv6_address = "2a02:6ea0:c237::2"
    }
    repro1 = {
      ipv4_address = "147.75.81.79"
      ipv6_address = "2604:1380:2001:4500::1"
    }
    repro2 = {
      ipv4_address = "212.102.38.209"
      ipv6_address = "2a02:6ea0:c238::2"
    }
    www = {
363
364
      ipv4_address = hcloud_server.machine["homedir.archlinux.org"].ipv4_address
      ipv6_address = hcloud_server.machine["homedir.archlinux.org"].ipv6_address
365
366
    }
  }
367
368

  # Domains served by machines in the geo_mirrors group
369
370
371
372
373
  # Valid parameters are:
  #   - zone_id (mandatory, either of hetznerdns_zone.{archlinux,pkgbuild}.id)
  #   - name (mandatory, specifies the subdomain to create in the above zone)
  #   - ttl (optional, the TTL of the NS records, defaults to 86400 if unset)
  #
374
375
376
  # Note: If you use a custom TTL, also add it to geo_options[domain]['ns_ttl']
  #       in Ansible (see the 'geo_options' variable in group_vars/all/geo.yml)
  #
377
378
379
380
381
382
  geo_domains = {
    "geo.mirror.pkgbuild.com" = {
      zone_id = hetznerdns_zone.pkgbuild.id
      name    = "geo.mirror"
    }
  }
383
384
}

385
386
resource "hetznerdns_zone" "archlinux" {
  name = "archlinux.org"
387
  ttl  = 3600
388
389
390
391
}

resource "hetznerdns_zone" "pkgbuild" {
  name = "pkgbuild.com"
392
  ttl  = 3600
393
394
395
396
}

resource "hetznerdns_record" "pkgbuild_com_origin_caa" {
  zone_id = hetznerdns_zone.pkgbuild.id
397
398
399
  name    = "@"
  value   = "0 issue \"letsencrypt.org\""
  type    = "CAA"
400
401
402
403
}

resource "hetznerdns_record" "pkgbuild_com_origin_mx" {
  zone_id = hetznerdns_zone.pkgbuild.id
404
405
406
  name    = "@"
  value   = "0 ."
  type    = "MX"
407
408
409
410
}

resource "hetznerdns_record" "pkgbuild_com_origin_ns3" {
  zone_id = hetznerdns_zone.pkgbuild.id
411
  name    = "@"
412
  value   = "helium.ns.hetzner.de."
413
  type    = "NS"
414
  ttl     = 86400
415
416
417
418
}

resource "hetznerdns_record" "pkgbuild_com_origin_ns2" {
  zone_id = hetznerdns_zone.pkgbuild.id
419
  name    = "@"
420
  value   = "oxygen.ns.hetzner.com."
421
  type    = "NS"
422
  ttl     = 86400
423
424
425
426
}

resource "hetznerdns_record" "pkgbuild_com_origin_ns1" {
  zone_id = hetznerdns_zone.pkgbuild.id
427
  name    = "@"
428
  value   = "hydrogen.ns.hetzner.com."
429
  type    = "NS"
430
  ttl     = 86400
431
432
}

433
434
435
436
437
438
# TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
# https://github.com/timohirt/terraform-provider-hetznerdns/issues/20
# https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/62#note_4040
# resource "hetznerdns_record" "pkgbuild_com_origin_soa" {
#   zone_id = hetznerdns_zone.pkgbuild.id
#   name = "@"
439
#   value = "hydrogen.ns.hetzner.com. hetzner.archlinux.org. 2021070703 3600 1800 604800 3600"
440
441
#   type = "SOA"
# }
442
443
444

resource "hetznerdns_record" "pkgbuild_com_origin_txt" {
  zone_id = hetznerdns_zone.pkgbuild.id
445
446
447
  name    = "@"
  value   = "\"v=spf1 -all\""
  type    = "TXT"
448
449
450
451
}

resource "hetznerdns_record" "archlinux_org_origin_caa" {
  zone_id = hetznerdns_zone.archlinux.id
452
453
454
  name    = "@"
  value   = "0 issue \"letsencrypt.org\""
  type    = "CAA"
455
456
457
458
}

resource "hetznerdns_record" "archlinux_org_origin_ns3" {
  zone_id = hetznerdns_zone.archlinux.id
459
  name    = "@"
460
  value   = "helium.ns.hetzner.de."
461
  type    = "NS"
462
  ttl     = 86400
463
464
465
466
}

resource "hetznerdns_record" "archlinux_org_origin_ns2" {
  zone_id = hetznerdns_zone.archlinux.id
467
  name    = "@"
468
  value   = "oxygen.ns.hetzner.com."
469
  type    = "NS"
470
  ttl     = 86400
471
472
473
474
}

resource "hetznerdns_record" "archlinux_org_origin_ns1" {
  zone_id = hetznerdns_zone.archlinux.id
475
  name    = "@"
476
  value   = "hydrogen.ns.hetzner.com."
477
  type    = "NS"
478
  ttl     = 86400
479
480
}

481
482
483
484
485
486
# TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
# https://github.com/timohirt/terraform-provider-hetznerdns/issues/20
# https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/62#note_4040
#; resource "hetznerdns_record" "archlinux_org_origin_soa" {
#   zone_id = hetznerdns_zone.archlinux.id
#   name = "@"
487
#   value = "hydrogen.ns.hetzner.com. hetzner.archlinux.org. 2021070703 3600 1800 604800 3600"
488
489
#   type = "SOA"
# }
490

491
resource "hcloud_floating_ip" "gitlab_pages" {
492
493
494
495
  type              = "ipv4"
  description       = "GitLab Pages"
  server_id         = hcloud_server.machine["gitlab.archlinux.org"].id
  delete_protection = true
496
497
498
499
500
501
}

variable "gitlab_pages_ipv6" {
  default = "2a01:4f8:c2c:5d2d::2"
}

502
resource "hcloud_volume" "mirror" {
503
504
505
506
  name              = "mirror"
  size              = 100
  server_id         = hcloud_server.machine["mirror.pkgbuild.com"].id
  delete_protection = true
507
508
509
}

resource "hcloud_volume" "homedir" {
510
511
512
513
  name              = "homedir"
  size              = 100
  server_id         = hcloud_server.machine["homedir.archlinux.org"].id
  delete_protection = true
514
}
515
516

resource "hcloud_volume" "monitoring" {
517
518
519
520
  name              = "monitoring"
  size              = 200
  server_id         = hcloud_server.machine["monitoring.archlinux.org"].id
  delete_protection = true
521
}
Kristian Klausen's avatar
Kristian Klausen committed
522
523

resource "hcloud_volume" "debuginfod" {
524
525
526
527
  name              = "debuginfod"
  size              = 25
  server_id         = hcloud_server.machine["debuginfod.archlinux.org"].id
  delete_protection = true
Kristian Klausen's avatar
Kristian Klausen committed
528
}