archlinux.tf 18.7 KB
Newer Older
1
terraform {
2
  backend "pg" {
3
    schema_name = "terraform_remote_state_stage1"
4
  }
5
6
}

7
8
9
10
11
12
13
data "external" "vault_hetzner" {
  program = [
    "${path.module}/../misc/get_key.py", "misc/vault_hetzner.yml",
    "hetzner_cloud_api_key",
    "hetzner_dns_api_key",
    "--format", "json"
  ]
14
}
15

16
17
data "hcloud_image" "archlinux" {
  with_selector = "custom_image=archlinux"
18
19
  most_recent   = true
  with_status   = ["available"]
20
21
22
}

provider "hcloud" {
23
24
25
26
27
28
29
  token = data.external.vault_hetzner.result.hetzner_cloud_api_key
}

provider "hetznerdns" {
  apitoken = data.external.vault_hetzner.result.hetzner_dns_api_key
}

30
locals {
31
32
33
34
35
36
37
38
39
40
41
42
  # These are the Hetzner Cloud VPSes.
  # Every entry creates:
  #   - the machine
  #   - the rdns entries
  #   - A and AAAA entries
  #
  # Valid parameters are:
  #   - server_type (mandatory)
  #   - domain (mandatory)
  #   = ttl (optional, applies to the dns entries)
  #   - zone (optionel, required for pkgbuild.com machines)
  #
43
44
45
46
47
48
  # Example:
  # "archlinux.org" = {
  #   server_type = "cpx11"
  #   domain      = "@"
  #   ttl         = 600
  # }
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  machines = {
    "archlinux.org" = {
      server_type = "cpx11"
      domain      = "@"
    }
    "accounts.archlinux.org" = {
      server_type = "cx11"
      domain      = "accounts"
    }
    "aur-dev.archlinux.org" = {
      server_type = "cx11"
      domain      = "aur-dev"
    }
    "aur.archlinux.org" = {
      server_type = "cpx41"
      domain      = "aur"
    }
    "bbs.archlinux.org" = {
      server_type = "cx21"
      domain      = "bbs"
    }
    "bugs.archlinux.org" = {
      server_type = "cx11"
      domain      = "bugs"
    }
    "gitlab.archlinux.org" = {
      server_type = "cx51"
      domain      = "gitlab"
    }
    "homedir.archlinux.org" = {
      server_type = "cx11"
      domain      = "homedir"
    }
    "mail.archlinux.org" = {
      server_type = "cx11"
      domain      = "mail"
    }
    "mailman3.archlinux.org" = {
      server_type = "cx11"
      domain      = "mailman3"
    }
    "matrix.archlinux.org" = {
      server_type = "cpx31"
      domain      = "matrix"
    }
    "monitoring.archlinux.org" = {
      server_type = "cx11"
      domain      = "monitoring"
    }
    "openpgpkey.archlinux.org" = {
      server_type = "cx11"
      domain      = "openpgpkey"
    }
    "patchwork.archlinux.org" = {
      server_type = "cx11"
      domain      = "patchwork"
    }
    "phrik.archlinux.org" = {
      server_type = "cx11"
      domain      = "phrik"
    }
    "quassel.archlinux.org" = {
      server_type = "cx11"
      domain      = "quassel"
    }
    "redirect.archlinux.org" = {
      server_type = "cx11"
      domain      = "redirect"
    }
    "reproducible.archlinux.org" = {
      server_type = "cx11"
      domain      = "reproducible"
    }
    "security.archlinux.org" = {
      server_type = "cx11"
      domain      = "security"
    }
    "svn2gittest.archlinux.org" = {
      server_type = "cx11"
      domain      = "svn2gittest"
    }
    "wiki.archlinux.org" = {
131
      server_type = "cpx21"
132
133
134
135
136
137
      domain      = "wiki"
    }
    "mirror.pkgbuild.com" = {
      server_type = "cx11"
      domain      = "mirror"
      zone        = hetznerdns_zone.pkgbuild.id
138
    }
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
  }

  # This creates gitlab pages varification entries.
  # Every line consists of "key" = "value":
  #   - key equals the pages subdomain
  #   - value equals the pages verification code
  #
  archlinux_org_gitlab_pages = {
    "conf"           = "60a06a1c02e42b36c3b4919f4d6de6bf"
    "whatcanwedofor" = "b5f8011047c1610ace52e754b568c834"
  }

  # This creates archlinux.org A/AAAA DNS entries in addition to those already specified by the VPSes.
  # The VPSes already get a default domain assigned based on their domain parameter.
  # Thus the domains in local.archlinux_org_a_aaaa are additional domains or domains assigned to dedicated servers.
  #
  # The entry name corresponds to the subdomain.
  # '@' is the root doman (archlinux.org).
  # Valid parameters are:
  #   - ipv4_address (mandatory)
  #   - ipv6_address (mandatory)
  #   = ttl (optional)
  #
162
163
164
165
166
167
  # Example:
  # apollo = {
  #   ipv4_address = "138.201.81.199"
  #   ipv6_address = "2a01:4f8:172:1d86::1"
  #   ttl          = 600
  # }
168
  archlinux_org_a_aaaa = {
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
    apollo = {
      ipv4_address = "138.201.81.199"
      ipv6_address = "2a01:4f8:172:1d86::1"
    }
    aur4 = {
      ipv4_address = "5.9.250.164"
      ipv6_address = "2a01:4f8:160:3033::2"
    }
    dragon = {
      ipv4_address = "195.201.167.210"
      ipv6_address = "2a01:4f8:13a:102a::2"
    }
    gemini = {
      ipv4_address = "49.12.124.107"
      ipv6_address = "2a01:4f8:242:5614::2"
    }
    lists = {
      ipv4_address = "5.9.250.164"
      ipv6_address = "2a01:4f8:160:3033::2"
    }
    luna = {
      ipv4_address = "5.9.250.164"
      ipv6_address = "2a01:4f8:160:3033::2"
    }
    master-key = {
194
195
      ipv4_address = hcloud_server.machine["archlinux.org"].ipv4_address
      ipv6_address = hcloud_server.machine["archlinux.org"].ipv6_address
196
    }
197
198
199
    pages = {
      ipv4_address = hcloud_floating_ip.gitlab_pages.ip_address
      ipv6_address = var.gitlab_pages_ipv6
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
    }
    runner1 = {
      ipv4_address = "84.17.49.250"
      ipv6_address = "2a02:6ea0:c719::2"
    }
    runner2 = {
      ipv4_address = "147.75.80.217"
      ipv6_address = "2604:1380:2001:4500::3"
    }
    secure-runner1 = {
      ipv4_address = "116.202.134.150"
      ipv6_address = "2a01:4f8:231:4e1e::2"
    }
    state = {
      ipv4_address = "116.203.16.252"
      ipv6_address = "2a01:4f8:c2c:474::1"
    }
    www = {
218
219
      ipv4_address = hcloud_server.machine["archlinux.org"].ipv4_address
      ipv6_address = hcloud_server.machine["archlinux.org"].ipv6_address
220
221
222
    }
  }

223
224
225
226
227
  # This creates archlinux.org CNAME DNS entries.
  # Valid parameters are:
  #   - value (mandatory, the target for the CNAME "redirect")
  #   = ttl (optional)
  #
228
229
  # Example:
  # dev                      = { value = "www", ttl = 600 }
230
231
  archlinux_org_cname = {
    archive                  = { value = "gemini" }
232
    dev                      = { value = "www" }
233
234
235
    g2kjxsblac7x             = { value = "gv-i5y6mnrelvpfiu.dv.googlehosted.com." }
    git                      = { value = "luna" }
    grafana                  = { value = "apollo" }
236
    ipxe                     = { value = "www" }
237
238
239
    "luna2._domainkey.aur"   = { value = "luna2._domainkey" }
    "luna2._domainkey.lists" = { value = "luna2._domainkey" }
    mailman                  = { value = "apollo" }
240
241
    packages                 = { value = "www" }
    planet                   = { value = "www" }
242
243
244
245
    projects                 = { value = "luna" }
    repos                    = { value = "gemini" }
    rsync                    = { value = "gemini" }
    sources                  = { value = "gemini" }
246
    "static.conf"            = { value = "redirect" }
247
248
249
    static                   = { value = "apollo" }
    status                   = { value = "stats.uptimerobot.com." }
    svn                      = { value = "gemini" }
250
251
  }

252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
  # This creates pkgbuild.comA/AAAA DNS entries in addition to those already specified by the VPSes.
  # The VPSes already get a default domain assigned based on their domain parameter.
  # Thus the domains in local.pkgbuild_com_a_aaaa are additional domains or domains assigned to dedicated servers.
  #
  # The entry name corresponds to the subdomain.
  # '@' is the root doman (pkgbuild.com).
  # Valid parameters are:
  #   - ipv4_address (mandatory)
  #   - ipv6_address (mandatory)
  #   = ttl (optional)
  #
  pkgbuild_com_a_aaaa = {
    "*" = {
      ipv4_address = "78.46.178.133"
      ipv6_address = "2a01:4f8:c2c:51e2::1"
267
    }
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
    "@" = {
      ipv4_address = "78.46.178.133"
      ipv6_address = "2a01:4f8:c2c:51e2::1"
    }
    "america.mirror" = {
      ipv4_address = "143.244.34.62"
      ipv6_address = "2a02:6ea0:cc0e::2"
    }
    "america.archive" = {
      ipv4_address = "143.244.34.62"
      ipv6_address = "2a02:6ea0:cc0e::2"
    }
    "asia.mirror" = {
      ipv4_address = "84.17.57.98"
      ipv6_address = "2a02:6ea0:d605::2"
    }
    "asia.archive" = {
      ipv4_address = "84.17.57.98"
      ipv6_address = "2a02:6ea0:d605::2"
    }
    "europe.mirror" = {
      ipv4_address = "89.187.191.12"
      ipv6_address = "2a02:6ea0:c237::2"
    }
    "europe.archive" = {
      ipv4_address = "89.187.191.12"
      ipv6_address = "2a02:6ea0:c237::2"
    }
    repro1 = {
      ipv4_address = "147.75.81.79"
      ipv6_address = "2604:1380:2001:4500::1"
    }
    repro2 = {
      ipv4_address = "212.102.38.209"
      ipv6_address = "2a02:6ea0:c238::2"
    }
    www = {
      ipv4_address = "78.46.178.133"
      ipv6_address = "2a01:4f8:c2c:51e2::1"
    }
  }
309
310
}

311
312
resource "hetznerdns_zone" "archlinux" {
  name = "archlinux.org"
313
  ttl  = 86400
314
315
316
317
}

resource "hetznerdns_zone" "pkgbuild" {
  name = "pkgbuild.com"
318
  ttl  = 86400
319
320
321
322
}

resource "hetznerdns_record" "pkgbuild_com_origin_caa" {
  zone_id = hetznerdns_zone.pkgbuild.id
323
324
325
  name    = "@"
  value   = "0 issue \"letsencrypt.org\""
  type    = "CAA"
326
327
328
329
}

resource "hetznerdns_record" "pkgbuild_com_origin_mx" {
  zone_id = hetznerdns_zone.pkgbuild.id
330
331
332
  name    = "@"
  value   = "0 ."
  type    = "MX"
333
334
335
336
}

resource "hetznerdns_record" "pkgbuild_com_origin_ns3" {
  zone_id = hetznerdns_zone.pkgbuild.id
337
338
339
  name    = "@"
  value   = "robotns3.second-ns.com."
  type    = "NS"
340
341
342
343
}

resource "hetznerdns_record" "pkgbuild_com_origin_ns2" {
  zone_id = hetznerdns_zone.pkgbuild.id
344
345
346
  name    = "@"
  value   = "robotns2.second-ns.de."
  type    = "NS"
347
348
349
350
}

resource "hetznerdns_record" "pkgbuild_com_origin_ns1" {
  zone_id = hetznerdns_zone.pkgbuild.id
351
352
353
  name    = "@"
  value   = "ns1.first-ns.de."
  type    = "NS"
354
355
}

356
357
358
359
360
361
362
363
364
# TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
# https://github.com/timohirt/terraform-provider-hetznerdns/issues/20
# https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/62#note_4040
# resource "hetznerdns_record" "pkgbuild_com_origin_soa" {
#   zone_id = hetznerdns_zone.pkgbuild.id
#   name = "@"
#   value = "ns1.first-ns.de. dns.hetzner.com. 2020090604 14400 1800 604800 86400"
#   type = "SOA"
# }
365

366

367
368
resource "hetznerdns_record" "pkgbuild_com_origin_txt" {
  zone_id = hetznerdns_zone.pkgbuild.id
369
370
371
  name    = "@"
  value   = "\"v=spf1 -all\""
  type    = "TXT"
372
373
374
375
}

resource "hetznerdns_record" "archlinux_org_origin_caa" {
  zone_id = hetznerdns_zone.archlinux.id
376
377
378
  name    = "@"
  value   = "0 issue \"letsencrypt.org\""
  type    = "CAA"
379
380
381
382
}

resource "hetznerdns_record" "archlinux_org_origin_ns3" {
  zone_id = hetznerdns_zone.archlinux.id
383
384
385
  name    = "@"
  value   = "robotns3.second-ns.com."
  type    = "NS"
386
387
388
389
}

resource "hetznerdns_record" "archlinux_org_origin_ns2" {
  zone_id = hetznerdns_zone.archlinux.id
390
391
392
  name    = "@"
  value   = "robotns2.second-ns.de."
  type    = "NS"
393
394
395
396
}

resource "hetznerdns_record" "archlinux_org_origin_ns1" {
  zone_id = hetznerdns_zone.archlinux.id
397
398
399
  name    = "@"
  value   = "ns1.first-ns.de."
  type    = "NS"
400
401
}

402
403
404
405
406
407
408
409
410
# TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
# https://github.com/timohirt/terraform-provider-hetznerdns/issues/20
# https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/62#note_4040
#; resource "hetznerdns_record" "archlinux_org_origin_soa" {
#   zone_id = hetznerdns_zone.archlinux.id
#   name = "@"
#   value = "ns1.first-ns.de. ibiru.archlinux.org. 2020072502 7200 900 1209600 86400"
#   type = "SOA"
# }
411
412
413

resource "hetznerdns_record" "archlinux_org_origin_apollo_domainkey_txt" {
  zone_id = hetznerdns_zone.archlinux.id
414
  name    = "apollo._domainkey"
415
  ttl     = 600
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
416
  value   = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvZIf8SbjC53RDCbMjTEpo0FCuMSShlKWdwWjY1J+RpT3CL/21z4nXqVBYF1orkUScH8Nlabocraqk8lmpNBlKCUV77lk9mRsLkWhg+XjhvQXL1xfH8zAg1CntEZuaIMLUQ+5Gkw6BlO1qDRkmXS9UtV8Jt1rhjRtSrgN5lhztOCbQLRAtzKty/nMeClqsfT3nL2hbDeh+b/rYc\" \"l2veZAqiGcR2/0bnKlt+Nb5lOBY3oZiYLmZ5g+l9UXVjGUq9jGAooIWpQvuRPmin3RX31kXfr1A+mDBEexiOL1dDST2Zx7i9puXbqYH0u0IxBpweHCO5UqWx52mdXBuhs+DCo/JoZAHU/6eRzK+Sps50LgLFSzJJNfGXk5PUKdww2GHbkK3mCYfoFCpB0SADzl42+1w6YZk1yXoPdOHtChfQpCgjtddf1W8Q09pYO1/bn4l0erdFQsWb1K\" \"4wEVOCn+hHWbV42V+J3TyGxQ4AM8KQ1OPvUEabyTyqcO4evBaH7/S2wA91Z9QDjTbKmlNovs5zoxuOM/mPGPUuQMvhjoAP+rg4AwJ3Xwd3GgUcqQflcokayUYdp7F3aKp1NWAR9ibseU/XBYsSF8Ucjqzf4DJFUfrgjHUr97st7g4HUCyXrQO4tyE0ytiX8OFjjIszWLmF+B7Vup9O7k+dNz2Vj2Vyzkq1UCAwEAAQ==\" "
417
  type    = "TXT"
418
419
420
421
}

resource "hetznerdns_record" "archlinux_org_lists_mx" {
  zone_id = hetznerdns_zone.archlinux.id
422
  name    = "lists"
423
  ttl     = 600
424
425
  value   = "10 luna"
  type    = "MX"
426
427
}

428
429
430
431
432
433
434
435
436
resource "hetznerdns_record" "archlinux_org_lists_txt" {
  zone_id = hetznerdns_zone.archlinux.id
  name    = "lists"
  ttl     = 600
  # lists.archlinux.org
  value = "\"v=spf1 ip4:5.9.250.164 ip6:2a01:4f8:160:3033::2 ~all\""
  type  = "TXT"
}

437
438
resource "hetznerdns_record" "archlinux_org_luna_txt" {
  zone_id = hetznerdns_zone.archlinux.id
439
  name    = "luna._domainkey"
440
  ttl     = 600
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
441
  value   = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0+4XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4/EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH+jjdqzNqAG9d4lNvkTs6RRzPF3KhhY+XljaeysEyDSS4ap4E0DYcduSIX\" \"oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP+S+FqDRy2woCaQb/VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll/rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV+zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h+UvfCGgz35dtlnzd/noGhNARg0Z+kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg\" \"kTx/sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W+EAUsGG5653Vzmp3FJRWp1tWJwRJ0M/aZ3ka/G1iTx3rNNcadVk+4q3gz3KnlAlun+m58y8pNWKjYuxmu9xkDRwM/33rv98j0R8HZO7HFL+1vjKkxSEuzmnTQ2O9F76/OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62+1F1M8U2Xn7u84dYLUCAwEAAQ==\" "
442
  type    = "TXT"
443
444
445
446
}

resource "hetznerdns_record" "archlinux_org_luna2_txt" {
  zone_id = hetznerdns_zone.archlinux.id
447
  name    = "luna2._domainkey"
448
  ttl     = 600
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
449
  value   = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0+4XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4/EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH+jjdqzNqAG9d4lNvkTs6RRzPF3KhhY+XljaeysEyDSS4ap4E0DYcduSIX\" \"oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP+S+FqDRy2woCaQb/VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll/rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV+zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h+UvfCGgz35dtlnzd/noGhNARg0Z+kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg\" \"kTx/sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W+EAUsGG5653Vzmp3FJRWp1tWJwRJ0M/aZ3ka/G1iTx3rNNcadVk+4q3gz3KnlAlun+m58y8pNWKjYuxmu9xkDRwM/33rv98j0R8HZO7HFL+1vjKkxSEuzmnTQ2O9F76/OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62+1F1M8U2Xn7u84dYLUCAwEAAQ==\" "
450
  type    = "TXT"
451
452
}

453
454
455
456
457
458
459
460
resource "hetznerdns_record" "archlinux_org_luna3_txt" {
  zone_id = hetznerdns_zone.archlinux.id
  name    = "luna"
  ttl     = 600
  value   = "\"v=spf1 include:lists.archlinux.org -all\""
  type    = "TXT"
}

461
resource "hetznerdns_record" "archlinux_org_mtasts_cname" {
462
463
  for_each = toset(["", ".aur", ".master-key", ".lists"])

464
  zone_id = hetznerdns_zone.archlinux.id
465
  name    = "mta-sts${each.value}"
466
467
468
469
470
  value   = "mail"
  type    = "CNAME"
}

resource "hetznerdns_record" "archlinux_org__mtasts_txt" {
471
472
  for_each = toset(["", ".aur", ".master-key", ".lists"])

473
  zone_id = hetznerdns_zone.archlinux.id
474
  name    = "_mta-sts${each.value}"
475
476
477
478
479
480
  ttl     = 600
  # date +%s
  value = "\"v=STSv1; id=1608210175\""
  type  = "TXT"
}

481
482
483
resource "hetznerdns_record" "archlinux_org_origin_mx" {
  for_each = toset(["@", "aur", "master-key"])

484
  zone_id = hetznerdns_zone.archlinux.id
485
  name    = each.value
486
  ttl     = 600
487
488
  value   = "10 mail"
  type    = "MX"
489
490
}

491
492
493
resource "hetznerdns_record" "archlinux_org_origin_txt" {
  for_each = toset(["@", "aur", "mail", "master-key"])

494
  zone_id = hetznerdns_zone.archlinux.id
495
  name    = each.value
496
  ttl     = 600
497
498
499
  # mail.archlinux.org
  value = "\"v=spf1 ip4:95.216.189.61 ip6:2a01:4f9:c010:3052::1 ~all\""
  type  = "TXT"
500
501
}

502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
resource "hetznerdns_record" "archlinux_org_domainkey_dkim-ed25519_txt" {
  zone_id = hetznerdns_zone.archlinux.id
  name    = "dkim-ed25519._domainkey"
  ttl     = 600
  value   = "\"v=DKIM1; k=ed25519; \" \"p=XOHB7b7V1puX+FryNIhsjXHYIFqk+q6JRu4XQ7Jc8MQ=\" "
  type    = "TXT"
}

resource "hetznerdns_record" "archlinux_org_domainkey_dkim-rsa_txt" {
  zone_id = hetznerdns_zone.archlinux.id
  name    = "dkim-rsa._domainkey"
  ttl     = 600
  value   = "\"v=DKIM1; k=rsa; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1GjGrEczq7iHZbvT7wa4ltJz2jwSndUGdRHgfEPnGBeevOXEAlEFr4zsdkfZEaNaQLIhZNpvKAt/A+kkyalkj4u9AnxqeNsNmZflFl6TKgvh0tWNEP3+XNxfdQ7zfml4WggL/YdAjXngg42oZEUsnS/6iozOFn7bNvzqBx5PFJ21pgyuR8DWyLaeOt+p55dVed7DCKnKi11Xjiu7k\" \"H68W8rose7g8Fv9fecBatEE4jwloOXsjh+tH0iab1NSSSpIq6EdgcPrpmrllN3/n2J/kCGK6ztISB6vR7xWgvgHSMjmEL0GPWzohGPrw2UQhZhrNV8dJpiLRYmfK+rXaKF0Kqag/F0e4C4jCKFX7NYFcYXYRlN5QlDFjZvUmOILlgnZ8w/SdZUKzpLObGuwnANLG+WSOjw42p9mXVGN6AfOQPu8OjRjS1MyhcdDIbUvZiQjbmiVJ5frpYZ39BTg\" \"CIzYLJJ5932+3gnwROu1OeljWkpBkfHZXPzADus80l3Vxsk91XZVB36rN8tyuMownR/M4HNC7ZE/EBwOnn1mGH7bLd6pva8u5Qy8Y6LrDdYea5Kk7aZ2WJSSRTV+nkPvOEIx+DfsIWNfmkVWzmuVky96fRvwOCuh38w8zpmlqzhDuGSQrBaLFXwAC7LYQ6kPDHzrjQhs99ScR0ix6YclrmpimMcCAwEAAQ==\" "
  type    = "TXT"
}

518
519
520
521
522
523
524
resource "hetznerdns_record" "archlinux_org_dmarc_txt" {
  zone_id = hetznerdns_zone.archlinux.id
  name    = "_dmarc"
  value   = "\"v=DMARC1; p=none; rua=mailto:dmarc-reports@archlinux.org; ruf=mailto:dmarc-reports@archlinux.org;\""
  type    = "TXT"
}

Kristian Klausen's avatar
Kristian Klausen committed
525
resource "hetznerdns_record" "archlinux_org_smtp_tlsrpt_txt" {
526
527
  for_each = toset(["", ".aur", ".master-key", ".lists"])

Kristian Klausen's avatar
Kristian Klausen committed
528
  zone_id = hetznerdns_zone.archlinux.id
529
  name    = "_smtp._tls${each.value}"
Kristian Klausen's avatar
Kristian Klausen committed
530
531
532
533
  value   = "\"v=TLSRPTv1;rua=mailto:postmaster@archlinux.org\""
  type    = "TXT"
}

534
535
resource "hetznerdns_record" "archlinux_org_matrix_tcp_srv" {
  zone_id = hetznerdns_zone.archlinux.id
536
537
538
  name    = "_matrix._tcp"
  value   = "10 0 8448 matrix"
  type    = "SRV"
539
540
541
542
}

resource "hetznerdns_record" "archlinux_org_github_challenge_archlinux" {
  zone_id = hetznerdns_zone.archlinux.id
543
544
545
  name    = "_github-challenge-archlinux"
  value   = "\"824af4446e\""
  type    = "TXT"
546
547
548
549
}

resource "hetznerdns_record" "archlinux_org_github_challenge_archlinux_www" {
  zone_id = hetznerdns_zone.archlinux.id
550
551
552
  name    = "_github-challenge-archlinux.www"
  value   = "\"b53f311f86\""
  type    = "TXT"
553
554
}

555
556
557
resource "hcloud_floating_ip" "gitlab_pages" {
  type        = "ipv4"
  description = "GitLab Pages"
558
  server_id   = hcloud_server.machine["gitlab.archlinux.org"].id
559
560
561
562
563
564
}

variable "gitlab_pages_ipv6" {
  default = "2a01:4f8:c2c:5d2d::2"
}

565
resource "hcloud_volume" "gitlab" {
566
567
  name      = "gitlab"
  size      = 1000
568
  server_id = hcloud_server.machine["gitlab.archlinux.org"].id
569
}
570

571
resource "hcloud_volume" "mirror" {
572
573
  name      = "mirror"
  size      = 100
574
  server_id = hcloud_server.machine["mirror.pkgbuild.com"].id
575
576
577
}

resource "hcloud_volume" "homedir" {
578
579
  name      = "homedir"
  size      = 100
580
  server_id = hcloud_server.machine["homedir.archlinux.org"].id
581
582
}