archlinux.tf 17.4 KB
Newer Older
1
terraform {
2
  backend "pg" {
3
    schema_name = "terraform_remote_state_stage1"
4
  }
5
6
}

7
8
data "external" "vault_hetzner" {
  program = [
9
    "${path.module}/../misc/get_key.py", "${path.module}/../misc/vaults/vault_hetzner.yml",
10
11
12
13
    "hetzner_cloud_api_key",
    "hetzner_dns_api_key",
    "--format", "json"
  ]
14
}
15

16
17
data "hcloud_image" "archlinux" {
  with_selector = "custom_image=archlinux"
18
19
  most_recent   = true
  with_status   = ["available"]
20
21
22
}

provider "hcloud" {
23
24
25
26
27
28
29
  token = data.external.vault_hetzner.result.hetzner_cloud_api_key
}

provider "hetznerdns" {
  apitoken = data.external.vault_hetzner.result.hetzner_dns_api_key
}

30
locals {
31
32
33
34
35
36
37
38
  # These are the Hetzner Cloud VPSes.
  # Every entry creates:
  #   - the machine
  #   - the rdns entries
  #   - A and AAAA entries
  #
  # Valid parameters are:
  #   - server_type (mandatory)
39
  #   - domain (optional, creates dns entry <domain>.archlinux.org pointing to the machine)
Frederik Schwan's avatar
Frederik Schwan committed
40
  #   - ttl (optional, applies to the dns entries)
41
  #   - zone (optional, required for pkgbuild.com machines)
42
  #
43
44
45
46
  # Example:
  # "archlinux.org" = {
  #   server_type = "cpx11"
  #   domain      = "@"
47
  #   ttl         = 3600
48
  # }
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
  machines = {
    "archlinux.org" = {
      server_type = "cpx11"
      domain      = "@"
    }
    "accounts.archlinux.org" = {
      server_type = "cx11"
      domain      = "accounts"
    }
    "aur.archlinux.org" = {
      server_type = "cpx41"
      domain      = "aur"
    }
    "bbs.archlinux.org" = {
      server_type = "cx21"
      domain      = "bbs"
    }
    "bugs.archlinux.org" = {
      server_type = "cx11"
      domain      = "bugs"
    }
    "gitlab.archlinux.org" = {
71
      server_type = "cpx41"
72
73
74
75
76
77
      domain      = "gitlab"
    }
    "homedir.archlinux.org" = {
      server_type = "cx11"
      domain      = "homedir"
    }
78
    "lists.archlinux.org" = {
Evangelos Foutras's avatar
Evangelos Foutras committed
79
      server_type = "cpx11"
80
      domain      = "lists"
81
    }
82
83
84
85
86
87
88
89
    "mail.archlinux.org" = {
      server_type = "cx11"
      domain      = "mail"
    }
    "mailman3.archlinux.org" = {
      server_type = "cx11"
      domain      = "mailman3"
    }
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
90
91
92
93
    "man.archlinux.org" = {
      server_type = "cx11"
      domain      = "man"
    }
94
95
96
97
98
    "matrix.archlinux.org" = {
      server_type = "cpx31"
      domain      = "matrix"
    }
    "monitoring.archlinux.org" = {
99
      server_type = "cx31"
100
101
      domain      = "monitoring"
    }
102
103
104
105
    "dashboards.archlinux.org" = {
      server_type = "cx11"
      domain      = "dashboards"
    }
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
    "patchwork.archlinux.org" = {
      server_type = "cx11"
      domain      = "patchwork"
    }
    "phrik.archlinux.org" = {
      server_type = "cx11"
      domain      = "phrik"
    }
    "quassel.archlinux.org" = {
      server_type = "cx11"
      domain      = "quassel"
    }
    "redirect.archlinux.org" = {
      server_type = "cx11"
      domain      = "redirect"
    }
    "reproducible.archlinux.org" = {
      server_type = "cx11"
      domain      = "reproducible"
    }
    "security.archlinux.org" = {
      server_type = "cx11"
      domain      = "security"
    }
    "wiki.archlinux.org" = {
131
      server_type = "cpx21"
132
133
134
135
136
137
      domain      = "wiki"
    }
    "mirror.pkgbuild.com" = {
      server_type = "cx11"
      domain      = "mirror"
      zone        = hetznerdns_zone.pkgbuild.id
138
    }
139
140
141
    "md.archlinux.org" = {
      server_type = "cx11"
      domain      = "md"
Jelle van der Waa's avatar
Jelle van der Waa committed
142
143
144
145
    },
    "gluebuddy.archlinux.org" = {
      server_type = "cx11"
      domain      = "gluebuddy"
Kristian Klausen's avatar
Kristian Klausen committed
146
147
148
    },
    "debuginfod.archlinux.org" = {
      server_type = "cx11"
149
      domain      = "debuginfod-old"
150
    }
151
152
153
154
155
    "buildbot.pkgbuild.com" = {
      server_type = "cx21"
      domain      = "buildbot"
      zone        = hetznerdns_zone.pkgbuild.id
    }
156
157
  }

158
  # This creates gitlab pages verification entries.
159
160
161
162
163
  # Every line consists of "key" = "value":
  #   - key equals the pages subdomain
  #   - value equals the pages verification code
  #
  archlinux_org_gitlab_pages = {
164
165
166
167
168
    "conf"                  = "60a06a1c02e42b36c3b4919f4d6de6bf"
    "whatcanidofor"         = "d9e45851002a623e10f6954ff9a85d21"
    "openpgpkey"            = "7533dfbf3947a5730d9cbcc1e5e63102"
    "openpgpkey.master-key" = "5c7f9c249885c62287dd75d0c1dd99d8"
    "bugs-old"              = "1f3308c8d5763eecb4f9013291aeeac4"
169
    "tu-bylaws.aur"         = "bbafd3ed82f336e0c52d3eb9774b2432"
170
    "reproducible-notes"    = "8c657f2f2720db1c3db63be89605cf0d"
171
    "terms"                 = "0b62a71af2aa85fb491295b543b4c3d2"
172
173
  }

174
175
176
177
178
179
  # This creates archlinux.org TXT DNS entries
  # Valid parameters are:
  #   - ttl (optional)
  #   - value (mandatory)
  #
  # Example:
180
  # "_github-challenge-archlinux" = { ttl = 3600, value = "824af4446e" }
181
  archlinux_org_txt = {
182
183
184
185
    "dkim-ed25519._domainkey.lists" = { value = "v=DKIM1; k=ed25519;p=ongbdFgt5Vimg/VRRbbSVRU4lBCkcYNaPA4K3JS/DnY=" }
    "dkim-rsa._domainkey.lists"     = { value = "v=DKIM1; k=rsa; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4M+y3ZeB9eI3GVgcrvMcI1SYOveH7P5TTRstaCHTlE/aRTiCzu5h6zKwwxEiK6NR5ugbHpBtfFnfnsl1eoaXVFBQfNdDNglHllJOZGVxTnyrFjRJUk9zN+PV/Haz73nAe1hOAENgV8NKnTok1ntaOYSH1AEj4yTswfQkuN23NPrQc1eyy3+hGC+lYpud3xAAl+oT4QE76PaLgk6Hz\" \"HOvZmAPGD3azJZRbobninZZXTAEvZFuPkfpWeUreDU9Hk9VX3zOmnqTN+YjIS5CdV6+Ghem3dCkmR9j3gOZBeBUYD7b+cinTYe/PZO2OG/LWCwN11EYyf1LSBGhBJCF9HPGiGIdhy5T62nKvwDQS0bj1HL+y6pXZdv2C7KgH+lAZ0idpOQ2TtV5e0tlVdryY4QXY9m7mSQ84WsoEdGDsetOhiTEKuqyGnDoYa0wYbM5477LL6EOzS0x3ZC/mbOg\" \"B+FSdzmLWCH/WjuzMNpw9WU+u4BucwVbYcnZ1vAxQQOEnA/Ku9drRHMFixBwodQuMA78j8ICCMJKlUiXmbbL7OFoXBArYJ7lgVs7mlaoEaqzDPCyqs1lJ9kOxdNoZj5zdxERcQhLm+Yo/948i6Js/nkWT0eAjNlHxZuCg3B4z7L4lRZpaGt+vHdcGUIeDKW34O0dWxPwIUmQA4CwmhUB0HWL9UcCAwEAAQ==" }
    "dkim-ed25519._domainkey"       = { value = "v=DKIM1; k=ed25519; p=XOHB7b7V1puX+FryNIhsjXHYIFqk+q6JRu4XQ7Jc8MQ=" }
    "dkim-rsa._domainkey"           = { value = "v=DKIM1; k=rsa; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1GjGrEczq7iHZbvT7wa4ltJz2jwSndUGdRHgfEPnGBeevOXEAlEFr4zsdkfZEaNaQLIhZNpvKAt/A+kkyalkj4u9AnxqeNsNmZflFl6TKgvh0tWNEP3+XNxfdQ7zfml4WggL/YdAjXngg42oZEUsnS/6iozOFn7bNvzqBx5PFJ21pgyuR8DWyLaeOt+p55dVed7DCKnKi11Xjiu7k\" \"H68W8rose7g8Fv9fecBatEE4jwloOXsjh+tH0iab1NSSSpIq6EdgcPrpmrllN3/n2J/kCGK6ztISB6vR7xWgvgHSMjmEL0GPWzohGPrw2UQhZhrNV8dJpiLRYmfK+rXaKF0Kqag/F0e4C4jCKFX7NYFcYXYRlN5QlDFjZvUmOILlgnZ8w/SdZUKzpLObGuwnANLG+WSOjw42p9mXVGN6AfOQPu8OjRjS1MyhcdDIbUvZiQjbmiVJ5frpYZ39BTg\" \"CIzYLJJ5932+3gnwROu1OeljWkpBkfHZXPzADus80l3Vxsk91XZVB36rN8tyuMownR/M4HNC7ZE/EBwOnn1mGH7bLd6pva8u5Qy8Y6LrDdYea5Kk7aZ2WJSSRTV+nkPvOEIx+DfsIWNfmkVWzmuVky96fRvwOCuh38w8zpmlqzhDuGSQrBaLFXwAC7LYQ6kPDHzrjQhs99ScR0ix6YclrmpimMcCAwEAAQ==" }
186

187
188
189
190
    "_dmarc"                          = { value = "v=DMARC1; p=none; rua=mailto:dmarc-reports@archlinux.org; ruf=mailto:dmarc-reports@archlinux.org;" }
    "_github-challenge-archlinux"     = { value = "824af4446e" }
    "_github-challenge-archlinux.www" = { value = "b53f311f86" }

191
192
193
194
195
196
    # TLS-RPT + MTA-STS + SPF
    "_smtp._tls"            = { value = "v=TLSRPTv1;rua=mailto:postmaster@archlinux.org" }
    "_smtp._tls.aur"        = { value = "v=TLSRPTv1;rua=mailto:postmaster@archlinux.org" }
    "_smtp._tls.master-key" = { value = "v=TLSRPTv1;rua=mailto:postmaster@archlinux.org" }
    "_smtp._tls.lists"      = { value = "v=TLSRPTv1;rua=mailto:postmaster@archlinux.org" }
    # Generated with: date +%s
197
198
199
200
201
202
    "_mta-sts"   = { value = "v=STSv1; id=1608210175" }
    "@"          = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all" }
    "mail"       = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all" }
    "aur"        = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all" }
    "master-key" = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all" }
    lists        = { value = "v=spf1 ip4:${hcloud_server.machine["lists.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["lists.archlinux.org"].ipv6_address} ~all" }
203
  }
204

205
  # This creates archlinux.org MX DNS entries
206
207
  # Valid parameters are:
  #   - mx (mandatory)
208
  #   - ttl (optional)
209
  #
210
  # Example:
211
  # "lists" = { mx = "lists", ttl = 3600 }
212
  archlinux_org_mx = {
213
214
215
216
    "@"        = { mx = "mail" }
    aur        = { mx = "mail" }
    master-key = { mx = "mail" }
    lists      = { mx = "lists" }
217
218
  }

219
220
221
222
223
224
225
226
227
  # This creates archlinux.org A/AAAA DNS entries in addition to those already specified by the VPSes.
  # The VPSes already get a default domain assigned based on their domain parameter.
  # Thus the domains in local.archlinux_org_a_aaaa are additional domains or domains assigned to dedicated servers.
  #
  # The entry name corresponds to the subdomain.
  # '@' is the root doman (archlinux.org).
  # Valid parameters are:
  #   - ipv4_address (mandatory)
  #   - ipv6_address (mandatory)
Frederik Schwan's avatar
Frederik Schwan committed
228
  #   - ttl (optional)
229
  #
230
  # Example:
231
232
233
  # gemini = {
  #   ipv4_address = "49.12.124.107"
  #   ipv6_address = "2a01:4f8:242:5614::2"
234
  #   ttl          = 3600
235
  # }
236
  archlinux_org_a_aaaa = {
237
238
239
240
    aur4 = {
      ipv4_address = "5.9.250.164"
      ipv6_address = "2a01:4f8:160:3033::2"
    }
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
241
242
243
244
    build = {
      ipv4_address = "135.181.138.48"
      ipv6_address = "2a01:4f9:3a:120f::2"
    }
245
246
247
248
    gemini = {
      ipv4_address = "49.12.124.107"
      ipv6_address = "2a01:4f8:242:5614::2"
    }
249
250
251
252
    master-key = {
      ipv4_address = hcloud_server.machine["archlinux.org"].ipv4_address
      ipv6_address = hcloud_server.machine["archlinux.org"].ipv6_address
    }
253
254
255
    pages = {
      ipv4_address = hcloud_floating_ip.gitlab_pages.ip_address
      ipv6_address = var.gitlab_pages_ipv6
256
257
    }
    runner1 = {
258
259
      ipv4_address = "138.199.19.15"
      ipv6_address = "2a02:6ea0:c72e::2"
260
261
262
263
264
265
266
267
268
269
270
271
272
    }
    runner2 = {
      ipv4_address = "147.75.80.217"
      ipv6_address = "2604:1380:2001:4500::3"
    }
    secure-runner1 = {
      ipv4_address = "116.202.134.150"
      ipv6_address = "2a01:4f8:231:4e1e::2"
    }
    state = {
      ipv4_address = "116.203.16.252"
      ipv6_address = "2a01:4f8:c2c:474::1"
    }
273
274
275
276
    www = {
      ipv4_address = hcloud_server.machine["archlinux.org"].ipv4_address
      ipv6_address = hcloud_server.machine["archlinux.org"].ipv6_address
    }
277
278
  }

279
280
281
  # This creates archlinux.org CNAME DNS entries.
  # Valid parameters are:
  #   - value (mandatory, the target for the CNAME "redirect")
Frederik Schwan's avatar
Frederik Schwan committed
282
  #   - ttl (optional)
283
  #
284
  # Example:
285
  # dev                      = { value = "www", ttl = 3600 }
286
  archlinux_org_cname = {
287
288
289
290
291
292
    archive       = { value = "gemini" }
    dev           = { value = "www" }
    g2kjxsblac7x  = { value = "gv-i5y6mnrelvpfiu.dv.googlehosted.com." }
    ipxe          = { value = "www" }
    mailman       = { value = "redirect" }
    packages      = { value = "www" }
293
    ping          = { value = "redirect" }
294
295
296
297
298
299
300
    planet        = { value = "www" }
    repos         = { value = "gemini" }
    rsync         = { value = "gemini" }
    sources       = { value = "gemini" }
    "static.conf" = { value = "redirect" }
    status        = { value = "stats.uptimerobot.com." }
    svn           = { value = "gemini" }
301
    coc           = { value = "redirect" }
302
    git           = { value = "redirect" }
303
304
305
306

    # MTA-STS
    mta-sts               = { value = "mail" }
    "mta-sts.aur"         = { value = "mail" }
307
    "_mta-sts.aur"        = { value = "_mta-sts" }
308
    "mta-sts.master-key"  = { value = "mail" }
309
    "_mta-sts.master-key" = { value = "_mta-sts" }
310
    "mta-sts.lists"       = { value = "mail" }
311
    "_mta-sts.lists"      = { value = "_mta-sts" }
312
313
  }

314
  # This creates pkgbuild.com A/AAAA DNS entries in addition to those already specified by the VPSes.
315
316
317
318
319
320
321
322
  # The VPSes already get a default domain assigned based on their domain parameter.
  # Thus the domains in local.pkgbuild_com_a_aaaa are additional domains or domains assigned to dedicated servers.
  #
  # The entry name corresponds to the subdomain.
  # '@' is the root doman (pkgbuild.com).
  # Valid parameters are:
  #   - ipv4_address (mandatory)
  #   - ipv6_address (mandatory)
Frederik Schwan's avatar
Frederik Schwan committed
323
  #   - ttl (optional)
324
325
326
  #
  pkgbuild_com_a_aaaa = {
    "@" = {
327
328
      ipv4_address = hcloud_server.machine["homedir.archlinux.org"].ipv4_address
      ipv6_address = hcloud_server.machine["homedir.archlinux.org"].ipv6_address
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
    }
    "america.mirror" = {
      ipv4_address = "143.244.34.62"
      ipv6_address = "2a02:6ea0:cc0e::2"
    }
    "america.archive" = {
      ipv4_address = "143.244.34.62"
      ipv6_address = "2a02:6ea0:cc0e::2"
    }
    "asia.mirror" = {
      ipv4_address = "84.17.57.98"
      ipv6_address = "2a02:6ea0:d605::2"
    }
    "asia.archive" = {
      ipv4_address = "84.17.57.98"
      ipv6_address = "2a02:6ea0:d605::2"
    }
    "europe.mirror" = {
      ipv4_address = "89.187.191.12"
      ipv6_address = "2a02:6ea0:c237::2"
    }
    "europe.archive" = {
      ipv4_address = "89.187.191.12"
      ipv6_address = "2a02:6ea0:c237::2"
    }
    repro1 = {
      ipv4_address = "147.75.81.79"
      ipv6_address = "2604:1380:2001:4500::1"
    }
    repro2 = {
      ipv4_address = "212.102.38.209"
      ipv6_address = "2a02:6ea0:c238::2"
    }
    www = {
363
364
      ipv4_address = hcloud_server.machine["homedir.archlinux.org"].ipv4_address
      ipv6_address = hcloud_server.machine["homedir.archlinux.org"].ipv6_address
365
366
    }
  }
367
368
369
370
371
372
373

  # Domains served by machines in the geo_mirrors group
  geo_domains = {
    "geo.mirror.pkgbuild.com" = {
      zone_id = hetznerdns_zone.pkgbuild.id
      name    = "geo.mirror"
    }
374
375
376
377
    "debuginfod.archlinux.org" = {
      zone_id = hetznerdns_zone.archlinux.id
      name    = "debuginfod"
    }
378
  }
379
380
}

381
382
resource "hetznerdns_zone" "archlinux" {
  name = "archlinux.org"
383
  ttl  = 3600
384
385
386
387
}

resource "hetznerdns_zone" "pkgbuild" {
  name = "pkgbuild.com"
388
  ttl  = 3600
389
390
391
392
}

resource "hetznerdns_record" "pkgbuild_com_origin_caa" {
  zone_id = hetznerdns_zone.pkgbuild.id
393
394
395
  name    = "@"
  value   = "0 issue \"letsencrypt.org\""
  type    = "CAA"
396
397
398
399
}

resource "hetznerdns_record" "pkgbuild_com_origin_mx" {
  zone_id = hetznerdns_zone.pkgbuild.id
400
401
402
  name    = "@"
  value   = "0 ."
  type    = "MX"
403
404
405
406
}

resource "hetznerdns_record" "pkgbuild_com_origin_ns3" {
  zone_id = hetznerdns_zone.pkgbuild.id
407
  name    = "@"
408
  value   = "helium.ns.hetzner.de."
409
  type    = "NS"
410
  ttl     = 86400
411
412
413
414
}

resource "hetznerdns_record" "pkgbuild_com_origin_ns2" {
  zone_id = hetznerdns_zone.pkgbuild.id
415
  name    = "@"
416
  value   = "oxygen.ns.hetzner.com."
417
  type    = "NS"
418
  ttl     = 86400
419
420
421
422
}

resource "hetznerdns_record" "pkgbuild_com_origin_ns1" {
  zone_id = hetznerdns_zone.pkgbuild.id
423
  name    = "@"
424
  value   = "hydrogen.ns.hetzner.com."
425
  type    = "NS"
426
  ttl     = 86400
427
428
}

429
430
431
432
433
434
# TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
# https://github.com/timohirt/terraform-provider-hetznerdns/issues/20
# https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/62#note_4040
# resource "hetznerdns_record" "pkgbuild_com_origin_soa" {
#   zone_id = hetznerdns_zone.pkgbuild.id
#   name = "@"
435
#   value = "hydrogen.ns.hetzner.com. hetzner.archlinux.org. 2021070703 3600 1800 604800 3600"
436
437
#   type = "SOA"
# }
438
439
440

resource "hetznerdns_record" "pkgbuild_com_origin_txt" {
  zone_id = hetznerdns_zone.pkgbuild.id
441
442
443
  name    = "@"
  value   = "\"v=spf1 -all\""
  type    = "TXT"
444
445
446
447
}

resource "hetznerdns_record" "archlinux_org_origin_caa" {
  zone_id = hetznerdns_zone.archlinux.id
448
449
450
  name    = "@"
  value   = "0 issue \"letsencrypt.org\""
  type    = "CAA"
451
452
453
454
}

resource "hetznerdns_record" "archlinux_org_origin_ns3" {
  zone_id = hetznerdns_zone.archlinux.id
455
  name    = "@"
456
  value   = "helium.ns.hetzner.de."
457
  type    = "NS"
458
  ttl     = 86400
459
460
461
462
}

resource "hetznerdns_record" "archlinux_org_origin_ns2" {
  zone_id = hetznerdns_zone.archlinux.id
463
  name    = "@"
464
  value   = "oxygen.ns.hetzner.com."
465
  type    = "NS"
466
  ttl     = 86400
467
468
469
470
}

resource "hetznerdns_record" "archlinux_org_origin_ns1" {
  zone_id = hetznerdns_zone.archlinux.id
471
  name    = "@"
472
  value   = "hydrogen.ns.hetzner.com."
473
  type    = "NS"
474
  ttl     = 86400
475
476
}

477
478
479
480
481
482
# TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
# https://github.com/timohirt/terraform-provider-hetznerdns/issues/20
# https://gitlab.archlinux.org/archlinux/infrastructure/-/merge_requests/62#note_4040
#; resource "hetznerdns_record" "archlinux_org_origin_soa" {
#   zone_id = hetznerdns_zone.archlinux.id
#   name = "@"
483
#   value = "hydrogen.ns.hetzner.com. hetzner.archlinux.org. 2021070703 3600 1800 604800 3600"
484
485
#   type = "SOA"
# }
486

487
resource "hcloud_floating_ip" "gitlab_pages" {
488
489
490
491
  type              = "ipv4"
  description       = "GitLab Pages"
  server_id         = hcloud_server.machine["gitlab.archlinux.org"].id
  delete_protection = true
492
493
494
495
496
497
}

variable "gitlab_pages_ipv6" {
  default = "2a01:4f8:c2c:5d2d::2"
}

498
resource "hcloud_volume" "mirror" {
499
500
501
502
  name              = "mirror"
  size              = 100
  server_id         = hcloud_server.machine["mirror.pkgbuild.com"].id
  delete_protection = true
503
504
505
}

resource "hcloud_volume" "homedir" {
506
507
508
509
  name              = "homedir"
  size              = 100
  server_id         = hcloud_server.machine["homedir.archlinux.org"].id
  delete_protection = true
510
}
511
512

resource "hcloud_volume" "monitoring" {
513
514
515
516
  name              = "monitoring"
  size              = 200
  server_id         = hcloud_server.machine["monitoring.archlinux.org"].id
  delete_protection = true
517
}
Kristian Klausen's avatar
Kristian Klausen committed
518
519

resource "hcloud_volume" "debuginfod" {
520
521
522
523
  name              = "debuginfod"
  size              = 25
  server_id         = hcloud_server.machine["debuginfod.archlinux.org"].id
  delete_protection = true
Kristian Klausen's avatar
Kristian Klausen committed
524
}