archlinux.tf 18.7 KB
Newer Older
1
terraform {
2
  backend "pg" {
3
    schema_name = "terraform_remote_state_stage1"
4
  }
5
6
}

7
8
9
10
11
12
13
data "external" "vault_hetzner" {
  program = [
    "${path.module}/../misc/get_key.py", "misc/vault_hetzner.yml",
    "hetzner_cloud_api_key",
    "hetzner_dns_api_key",
    "--format", "json"
  ]
14
}
15

16
17
data "hcloud_image" "archlinux" {
  with_selector = "custom_image=archlinux"
18
19
  most_recent   = true
  with_status   = ["available"]
20
21
22
}

provider "hcloud" {
23
24
25
26
27
28
29
  token = data.external.vault_hetzner.result.hetzner_cloud_api_key
}

provider "hetznerdns" {
  apitoken = data.external.vault_hetzner.result.hetzner_dns_api_key
}

30
locals {
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
  # These are the Hetzner Cloud VPSes.
  # Every entry creates:
  #   - the machine
  #   - the rdns entries
  #   - A and AAAA entries
  #
  # Valid parameters are:
  #   - server_type (mandatory)
  #   - domain (mandatory)
  #   = ttl (optional, applies to the dns entries)
  #   - zone (optionel, required for pkgbuild.com machines)
  #
  machines = {
    "archlinux.org" = {
      server_type = "cpx11"
      domain      = "@"
47
      ttl         = 600
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
    }
    "accounts.archlinux.org" = {
      server_type = "cx11"
      domain      = "accounts"
    }
    "aur-dev.archlinux.org" = {
      server_type = "cx11"
      domain      = "aur-dev"
    }
    "aur.archlinux.org" = {
      server_type = "cpx41"
      domain      = "aur"
    }
    "bbs.archlinux.org" = {
      server_type = "cx21"
      domain      = "bbs"
    }
    "bugs.archlinux.org" = {
      server_type = "cx11"
      domain      = "bugs"
    }
    "gitlab.archlinux.org" = {
      server_type = "cx51"
      domain      = "gitlab"
    }
    "homedir.archlinux.org" = {
      server_type = "cx11"
      domain      = "homedir"
    }
    "mail.archlinux.org" = {
      server_type = "cx11"
      domain      = "mail"
      ttl         = 600
    }
    "mailman3.archlinux.org" = {
      server_type = "cx11"
      domain      = "mailman3"
    }
    "matrix.archlinux.org" = {
      server_type = "cpx31"
      domain      = "matrix"
    }
    "monitoring.archlinux.org" = {
      server_type = "cx11"
      domain      = "monitoring"
    }
    "openpgpkey.archlinux.org" = {
      server_type = "cx11"
      domain      = "openpgpkey"
    }
    "patchwork.archlinux.org" = {
      server_type = "cx11"
      domain      = "patchwork"
101
      ttl         = 600
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
    }
    "phrik.archlinux.org" = {
      server_type = "cx11"
      domain      = "phrik"
    }
    "quassel.archlinux.org" = {
      server_type = "cx11"
      domain      = "quassel"
    }
    "redirect.archlinux.org" = {
      server_type = "cx11"
      domain      = "redirect"
    }
    "reproducible.archlinux.org" = {
      server_type = "cx11"
      domain      = "reproducible"
    }
    "security.archlinux.org" = {
      server_type = "cx11"
      domain      = "security"
122
      ttl         = 600
123
124
125
126
127
128
    }
    "svn2gittest.archlinux.org" = {
      server_type = "cx11"
      domain      = "svn2gittest"
    }
    "wiki.archlinux.org" = {
129
      server_type = "cpx21"
130
      domain      = "wiki"
131
      ttl         = 600
132
133
134
135
136
    }
    "mirror.pkgbuild.com" = {
      server_type = "cx11"
      domain      = "mirror"
      zone        = hetznerdns_zone.pkgbuild.id
137
    }
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
  }

  # This creates gitlab pages varification entries.
  # Every line consists of "key" = "value":
  #   - key equals the pages subdomain
  #   - value equals the pages verification code
  #
  archlinux_org_gitlab_pages = {
    "conf"           = "60a06a1c02e42b36c3b4919f4d6de6bf"
    "whatcanwedofor" = "b5f8011047c1610ace52e754b568c834"
  }

  # This creates archlinux.org A/AAAA DNS entries in addition to those already specified by the VPSes.
  # The VPSes already get a default domain assigned based on their domain parameter.
  # Thus the domains in local.archlinux_org_a_aaaa are additional domains or domains assigned to dedicated servers.
  #
  # The entry name corresponds to the subdomain.
  # '@' is the root doman (archlinux.org).
  # Valid parameters are:
  #   - ipv4_address (mandatory)
  #   - ipv6_address (mandatory)
  #   = ttl (optional)
  #
  archlinux_org_a_aaaa = {
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
    apollo = {
      ipv4_address = "138.201.81.199"
      ipv6_address = "2a01:4f8:172:1d86::1"
      ttl          = 600
    }
    aur4 = {
      ipv4_address = "5.9.250.164"
      ipv6_address = "2a01:4f8:160:3033::2"
    }
    dragon = {
      ipv4_address = "195.201.167.210"
      ipv6_address = "2a01:4f8:13a:102a::2"
    }
    gemini = {
      ipv4_address = "49.12.124.107"
      ipv6_address = "2a01:4f8:242:5614::2"
    }
    lists = {
      ipv4_address = "5.9.250.164"
      ipv6_address = "2a01:4f8:160:3033::2"
    }
    luna = {
      ipv4_address = "5.9.250.164"
      ipv6_address = "2a01:4f8:160:3033::2"
      ttl          = 600
    }
    master-key = {
189
190
      ipv4_address = hcloud_server.machine["archlinux.org"].ipv4_address
      ipv6_address = hcloud_server.machine["archlinux.org"].ipv6_address
191
192
      ttl          = 600
    }
193
194
195
    pages = {
      ipv4_address = hcloud_floating_ip.gitlab_pages.ip_address
      ipv6_address = var.gitlab_pages_ipv6
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
    }
    runner1 = {
      ipv4_address = "84.17.49.250"
      ipv6_address = "2a02:6ea0:c719::2"
    }
    runner2 = {
      ipv4_address = "147.75.80.217"
      ipv6_address = "2604:1380:2001:4500::3"
    }
    secure-runner1 = {
      ipv4_address = "116.202.134.150"
      ipv6_address = "2a01:4f8:231:4e1e::2"
    }
    state = {
      ipv4_address = "116.203.16.252"
      ipv6_address = "2a01:4f8:c2c:474::1"
    }
    www = {
214
215
      ipv4_address = hcloud_server.machine["archlinux.org"].ipv4_address
      ipv6_address = hcloud_server.machine["archlinux.org"].ipv6_address
216
217
218
219
      ttl          = 600
    }
  }

220
221
222
223
224
225
226
  # This creates archlinux.org CNAME DNS entries.
  # Valid parameters are:
  #   - value (mandatory, the target for the CNAME "redirect")
  #   = ttl (optional)
  #
  archlinux_org_cname = {
    archive                  = { value = "gemini" }
227
    dev                      = { value = "www", ttl = 600 }
228
229
230
    g2kjxsblac7x             = { value = "gv-i5y6mnrelvpfiu.dv.googlehosted.com." }
    git                      = { value = "luna" }
    grafana                  = { value = "apollo" }
231
    ipxe                     = { value = "www", ttl = 600 }
232
233
234
    "luna2._domainkey.aur"   = { value = "luna2._domainkey" }
    "luna2._domainkey.lists" = { value = "luna2._domainkey" }
    mailman                  = { value = "apollo" }
235
236
    packages                 = { value = "www", ttl = 600 }
    planet                   = { value = "www", ttl = 600 }
237
238
239
240
    projects                 = { value = "luna" }
    repos                    = { value = "gemini" }
    rsync                    = { value = "gemini" }
    sources                  = { value = "gemini" }
241
    "static.conf"            = { value = "redirect" }
242
243
244
    static                   = { value = "apollo" }
    status                   = { value = "stats.uptimerobot.com." }
    svn                      = { value = "gemini" }
245
246
  }

247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
  # This creates pkgbuild.comA/AAAA DNS entries in addition to those already specified by the VPSes.
  # The VPSes already get a default domain assigned based on their domain parameter.
  # Thus the domains in local.pkgbuild_com_a_aaaa are additional domains or domains assigned to dedicated servers.
  #
  # The entry name corresponds to the subdomain.
  # '@' is the root doman (pkgbuild.com).
  # Valid parameters are:
  #   - ipv4_address (mandatory)
  #   - ipv6_address (mandatory)
  #   = ttl (optional)
  #
  pkgbuild_com_a_aaaa = {
    "*" = {
      ipv4_address = "78.46.178.133"
      ipv6_address = "2a01:4f8:c2c:51e2::1"
262
    }
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
    "@" = {
      ipv4_address = "78.46.178.133"
      ipv6_address = "2a01:4f8:c2c:51e2::1"
    }
    "america.mirror" = {
      ipv4_address = "143.244.34.62"
      ipv6_address = "2a02:6ea0:cc0e::2"
    }
    "america.archive" = {
      ipv4_address = "143.244.34.62"
      ipv6_address = "2a02:6ea0:cc0e::2"
    }
    "asia.mirror" = {
      ipv4_address = "84.17.57.98"
      ipv6_address = "2a02:6ea0:d605::2"
    }
    "asia.archive" = {
      ipv4_address = "84.17.57.98"
      ipv6_address = "2a02:6ea0:d605::2"
    }
    "europe.mirror" = {
      ipv4_address = "89.187.191.12"
      ipv6_address = "2a02:6ea0:c237::2"
    }
    "europe.archive" = {
      ipv4_address = "89.187.191.12"
      ipv6_address = "2a02:6ea0:c237::2"
    }
    repro1 = {
      ipv4_address = "147.75.81.79"
      ipv6_address = "2604:1380:2001:4500::1"
    }
    repro2 = {
      ipv4_address = "212.102.38.209"
      ipv6_address = "2a02:6ea0:c238::2"
    }
    www = {
      ipv4_address = "78.46.178.133"
      ipv6_address = "2a01:4f8:c2c:51e2::1"
    }
  }
304
305
}

306
307
resource "hetznerdns_zone" "archlinux" {
  name = "archlinux.org"
308
  ttl  = 86400
309
310
311
312
}

resource "hetznerdns_zone" "pkgbuild" {
  name = "pkgbuild.com"
313
  ttl  = 86400
314
315
316
317
}

resource "hetznerdns_record" "pkgbuild_com_origin_caa" {
  zone_id = hetznerdns_zone.pkgbuild.id
318
319
320
  name    = "@"
  value   = "0 issue \"letsencrypt.org\""
  type    = "CAA"
321
322
323
324
}

resource "hetznerdns_record" "pkgbuild_com_origin_mx" {
  zone_id = hetznerdns_zone.pkgbuild.id
325
326
327
  name    = "@"
  value   = "0 ."
  type    = "MX"
328
329
330
331
}

resource "hetznerdns_record" "pkgbuild_com_origin_ns3" {
  zone_id = hetznerdns_zone.pkgbuild.id
332
333
334
  name    = "@"
  value   = "robotns3.second-ns.com."
  type    = "NS"
335
336
337
338
}

resource "hetznerdns_record" "pkgbuild_com_origin_ns2" {
  zone_id = hetznerdns_zone.pkgbuild.id
339
340
341
  name    = "@"
  value   = "robotns2.second-ns.de."
  type    = "NS"
342
343
344
345
}

resource "hetznerdns_record" "pkgbuild_com_origin_ns1" {
  zone_id = hetznerdns_zone.pkgbuild.id
346
347
348
  name    = "@"
  value   = "ns1.first-ns.de."
  type    = "NS"
349
350
}

351
352
353
354
355
356
357
358
359
# TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
# https://github.com/timohirt/terraform-provider-hetznerdns/issues/20
# https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/62#note_4040
# resource "hetznerdns_record" "pkgbuild_com_origin_soa" {
#   zone_id = hetznerdns_zone.pkgbuild.id
#   name = "@"
#   value = "ns1.first-ns.de. dns.hetzner.com. 2020090604 14400 1800 604800 86400"
#   type = "SOA"
# }
360

361

362
363
resource "hetznerdns_record" "pkgbuild_com_origin_txt" {
  zone_id = hetznerdns_zone.pkgbuild.id
364
365
366
  name    = "@"
  value   = "\"v=spf1 -all\""
  type    = "TXT"
367
368
369
370
}

resource "hetznerdns_record" "archlinux_org_origin_caa" {
  zone_id = hetznerdns_zone.archlinux.id
371
372
373
  name    = "@"
  value   = "0 issue \"letsencrypt.org\""
  type    = "CAA"
374
375
376
377
}

resource "hetznerdns_record" "archlinux_org_origin_ns3" {
  zone_id = hetznerdns_zone.archlinux.id
378
379
380
  name    = "@"
  value   = "robotns3.second-ns.com."
  type    = "NS"
381
382
383
384
}

resource "hetznerdns_record" "archlinux_org_origin_ns2" {
  zone_id = hetznerdns_zone.archlinux.id
385
386
387
  name    = "@"
  value   = "robotns2.second-ns.de."
  type    = "NS"
388
389
390
391
}

resource "hetznerdns_record" "archlinux_org_origin_ns1" {
  zone_id = hetznerdns_zone.archlinux.id
392
393
394
  name    = "@"
  value   = "ns1.first-ns.de."
  type    = "NS"
395
396
}

397
398
399
400
401
402
403
404
405
# TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
# https://github.com/timohirt/terraform-provider-hetznerdns/issues/20
# https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/62#note_4040
#; resource "hetznerdns_record" "archlinux_org_origin_soa" {
#   zone_id = hetznerdns_zone.archlinux.id
#   name = "@"
#   value = "ns1.first-ns.de. ibiru.archlinux.org. 2020072502 7200 900 1209600 86400"
#   type = "SOA"
# }
406
407
408

resource "hetznerdns_record" "archlinux_org_origin_apollo_domainkey_txt" {
  zone_id = hetznerdns_zone.archlinux.id
409
  name    = "apollo._domainkey"
410
  ttl     = 600
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
411
  value   = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvZIf8SbjC53RDCbMjTEpo0FCuMSShlKWdwWjY1J+RpT3CL/21z4nXqVBYF1orkUScH8Nlabocraqk8lmpNBlKCUV77lk9mRsLkWhg+XjhvQXL1xfH8zAg1CntEZuaIMLUQ+5Gkw6BlO1qDRkmXS9UtV8Jt1rhjRtSrgN5lhztOCbQLRAtzKty/nMeClqsfT3nL2hbDeh+b/rYc\" \"l2veZAqiGcR2/0bnKlt+Nb5lOBY3oZiYLmZ5g+l9UXVjGUq9jGAooIWpQvuRPmin3RX31kXfr1A+mDBEexiOL1dDST2Zx7i9puXbqYH0u0IxBpweHCO5UqWx52mdXBuhs+DCo/JoZAHU/6eRzK+Sps50LgLFSzJJNfGXk5PUKdww2GHbkK3mCYfoFCpB0SADzl42+1w6YZk1yXoPdOHtChfQpCgjtddf1W8Q09pYO1/bn4l0erdFQsWb1K\" \"4wEVOCn+hHWbV42V+J3TyGxQ4AM8KQ1OPvUEabyTyqcO4evBaH7/S2wA91Z9QDjTbKmlNovs5zoxuOM/mPGPUuQMvhjoAP+rg4AwJ3Xwd3GgUcqQflcokayUYdp7F3aKp1NWAR9ibseU/XBYsSF8Ucjqzf4DJFUfrgjHUr97st7g4HUCyXrQO4tyE0ytiX8OFjjIszWLmF+B7Vup9O7k+dNz2Vj2Vyzkq1UCAwEAAQ==\" "
412
  type    = "TXT"
413
414
415
416
}

resource "hetznerdns_record" "archlinux_org_lists_mx" {
  zone_id = hetznerdns_zone.archlinux.id
417
  name    = "lists"
418
  ttl     = 600
419
420
  value   = "10 luna"
  type    = "MX"
421
422
}

423
424
425
426
427
428
429
430
431
resource "hetznerdns_record" "archlinux_org_lists_txt" {
  zone_id = hetznerdns_zone.archlinux.id
  name    = "lists"
  ttl     = 600
  # lists.archlinux.org
  value = "\"v=spf1 ip4:5.9.250.164 ip6:2a01:4f8:160:3033::2 ~all\""
  type  = "TXT"
}

432
433
resource "hetznerdns_record" "archlinux_org_luna_txt" {
  zone_id = hetznerdns_zone.archlinux.id
434
  name    = "luna._domainkey"
435
  ttl     = 600
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
436
  value   = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0+4XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4/EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH+jjdqzNqAG9d4lNvkTs6RRzPF3KhhY+XljaeysEyDSS4ap4E0DYcduSIX\" \"oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP+S+FqDRy2woCaQb/VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll/rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV+zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h+UvfCGgz35dtlnzd/noGhNARg0Z+kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg\" \"kTx/sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W+EAUsGG5653Vzmp3FJRWp1tWJwRJ0M/aZ3ka/G1iTx3rNNcadVk+4q3gz3KnlAlun+m58y8pNWKjYuxmu9xkDRwM/33rv98j0R8HZO7HFL+1vjKkxSEuzmnTQ2O9F76/OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62+1F1M8U2Xn7u84dYLUCAwEAAQ==\" "
437
  type    = "TXT"
438
439
440
441
}

resource "hetznerdns_record" "archlinux_org_luna2_txt" {
  zone_id = hetznerdns_zone.archlinux.id
442
  name    = "luna2._domainkey"
443
  ttl     = 600
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
444
  value   = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0+4XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4/EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH+jjdqzNqAG9d4lNvkTs6RRzPF3KhhY+XljaeysEyDSS4ap4E0DYcduSIX\" \"oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP+S+FqDRy2woCaQb/VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll/rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV+zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h+UvfCGgz35dtlnzd/noGhNARg0Z+kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg\" \"kTx/sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W+EAUsGG5653Vzmp3FJRWp1tWJwRJ0M/aZ3ka/G1iTx3rNNcadVk+4q3gz3KnlAlun+m58y8pNWKjYuxmu9xkDRwM/33rv98j0R8HZO7HFL+1vjKkxSEuzmnTQ2O9F76/OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62+1F1M8U2Xn7u84dYLUCAwEAAQ==\" "
445
  type    = "TXT"
446
447
}

448
449
450
451
452
453
454
455
resource "hetznerdns_record" "archlinux_org_luna3_txt" {
  zone_id = hetznerdns_zone.archlinux.id
  name    = "luna"
  ttl     = 600
  value   = "\"v=spf1 include:lists.archlinux.org -all\""
  type    = "TXT"
}

456
resource "hetznerdns_record" "archlinux_org_mtasts_cname" {
457
458
  for_each = toset(["", ".aur", ".master-key", ".lists"])

459
  zone_id = hetznerdns_zone.archlinux.id
460
  name    = "mta-sts${each.value}"
461
462
463
464
465
  value   = "mail"
  type    = "CNAME"
}

resource "hetznerdns_record" "archlinux_org__mtasts_txt" {
466
467
  for_each = toset(["", ".aur", ".master-key", ".lists"])

468
  zone_id = hetznerdns_zone.archlinux.id
469
  name    = "_mta-sts${each.value}"
470
471
472
473
474
475
  ttl     = 600
  # date +%s
  value = "\"v=STSv1; id=1608210175\""
  type  = "TXT"
}

476
477
478
resource "hetznerdns_record" "archlinux_org_origin_mx" {
  for_each = toset(["@", "aur", "master-key"])

479
  zone_id = hetznerdns_zone.archlinux.id
480
  name    = each.value
481
  ttl     = 600
482
483
  value   = "10 mail"
  type    = "MX"
484
485
}

486
487
488
resource "hetznerdns_record" "archlinux_org_origin_txt" {
  for_each = toset(["@", "aur", "mail", "master-key"])

489
  zone_id = hetznerdns_zone.archlinux.id
490
  name    = each.value
491
  ttl     = 600
492
493
494
  # mail.archlinux.org
  value = "\"v=spf1 ip4:95.216.189.61 ip6:2a01:4f9:c010:3052::1 ~all\""
  type  = "TXT"
495
496
}

497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
resource "hetznerdns_record" "archlinux_org_domainkey_dkim-ed25519_txt" {
  zone_id = hetznerdns_zone.archlinux.id
  name    = "dkim-ed25519._domainkey"
  ttl     = 600
  value   = "\"v=DKIM1; k=ed25519; \" \"p=XOHB7b7V1puX+FryNIhsjXHYIFqk+q6JRu4XQ7Jc8MQ=\" "
  type    = "TXT"
}

resource "hetznerdns_record" "archlinux_org_domainkey_dkim-rsa_txt" {
  zone_id = hetznerdns_zone.archlinux.id
  name    = "dkim-rsa._domainkey"
  ttl     = 600
  value   = "\"v=DKIM1; k=rsa; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1GjGrEczq7iHZbvT7wa4ltJz2jwSndUGdRHgfEPnGBeevOXEAlEFr4zsdkfZEaNaQLIhZNpvKAt/A+kkyalkj4u9AnxqeNsNmZflFl6TKgvh0tWNEP3+XNxfdQ7zfml4WggL/YdAjXngg42oZEUsnS/6iozOFn7bNvzqBx5PFJ21pgyuR8DWyLaeOt+p55dVed7DCKnKi11Xjiu7k\" \"H68W8rose7g8Fv9fecBatEE4jwloOXsjh+tH0iab1NSSSpIq6EdgcPrpmrllN3/n2J/kCGK6ztISB6vR7xWgvgHSMjmEL0GPWzohGPrw2UQhZhrNV8dJpiLRYmfK+rXaKF0Kqag/F0e4C4jCKFX7NYFcYXYRlN5QlDFjZvUmOILlgnZ8w/SdZUKzpLObGuwnANLG+WSOjw42p9mXVGN6AfOQPu8OjRjS1MyhcdDIbUvZiQjbmiVJ5frpYZ39BTg\" \"CIzYLJJ5932+3gnwROu1OeljWkpBkfHZXPzADus80l3Vxsk91XZVB36rN8tyuMownR/M4HNC7ZE/EBwOnn1mGH7bLd6pva8u5Qy8Y6LrDdYea5Kk7aZ2WJSSRTV+nkPvOEIx+DfsIWNfmkVWzmuVky96fRvwOCuh38w8zpmlqzhDuGSQrBaLFXwAC7LYQ6kPDHzrjQhs99ScR0ix6YclrmpimMcCAwEAAQ==\" "
  type    = "TXT"
}

513
514
515
516
517
518
519
resource "hetznerdns_record" "archlinux_org_dmarc_txt" {
  zone_id = hetznerdns_zone.archlinux.id
  name    = "_dmarc"
  value   = "\"v=DMARC1; p=none; rua=mailto:dmarc-reports@archlinux.org; ruf=mailto:dmarc-reports@archlinux.org;\""
  type    = "TXT"
}

Kristian Klausen's avatar
Kristian Klausen committed
520
resource "hetznerdns_record" "archlinux_org_smtp_tlsrpt_txt" {
521
522
  for_each = toset(["", ".aur", ".master-key", ".lists"])

Kristian Klausen's avatar
Kristian Klausen committed
523
  zone_id = hetznerdns_zone.archlinux.id
524
  name    = "_smtp._tls${each.value}"
Kristian Klausen's avatar
Kristian Klausen committed
525
526
527
528
  value   = "\"v=TLSRPTv1;rua=mailto:postmaster@archlinux.org\""
  type    = "TXT"
}

529
530
resource "hetznerdns_record" "archlinux_org_matrix_tcp_srv" {
  zone_id = hetznerdns_zone.archlinux.id
531
532
533
  name    = "_matrix._tcp"
  value   = "10 0 8448 matrix"
  type    = "SRV"
534
535
536
537
}

resource "hetznerdns_record" "archlinux_org_github_challenge_archlinux" {
  zone_id = hetznerdns_zone.archlinux.id
538
539
540
  name    = "_github-challenge-archlinux"
  value   = "\"824af4446e\""
  type    = "TXT"
541
542
543
544
}

resource "hetznerdns_record" "archlinux_org_github_challenge_archlinux_www" {
  zone_id = hetznerdns_zone.archlinux.id
545
546
547
  name    = "_github-challenge-archlinux.www"
  value   = "\"b53f311f86\""
  type    = "TXT"
548
549
}

550
551
552
resource "hcloud_floating_ip" "gitlab_pages" {
  type        = "ipv4"
  description = "GitLab Pages"
553
  server_id   = hcloud_server.machine["gitlab.archlinux.org"].id
554
555
556
557
558
559
}

variable "gitlab_pages_ipv6" {
  default = "2a01:4f8:c2c:5d2d::2"
}

560
resource "hcloud_volume" "gitlab" {
561
562
  name      = "gitlab"
  size      = 1000
563
  server_id = hcloud_server.machine["gitlab.archlinux.org"].id
564
}
565

566
resource "hcloud_volume" "mirror" {
567
568
  name      = "mirror"
  size      = 100
569
  server_id = hcloud_server.machine["mirror.pkgbuild.com"].id
570
571
572
}

resource "hcloud_volume" "homedir" {
573
574
  name      = "homedir"
  size      = 100
575
  server_id = hcloud_server.machine["homedir.archlinux.org"].id
576
577
}