Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
77d2c7b3
Commit
77d2c7b3
authored
Dec 28, 2020
by
Kristian Klausen
🎉
Committed by
Frederik Schwan
Dec 31, 2020
Browse files
tf-stage1/archlinux: Drop MTA-STS, MX, SPF and TLS-RPT templating
We need to keep the balance between automation and readability.
parent
f02c9674
Changes
2
Hide whitespace changes
Inline
Side-by-side
tf-stage1/archlinux.tf
View file @
77d2c7b3
...
...
@@ -156,29 +156,41 @@ locals {
# Example:
# "_github-challenge-archlinux" = { value = "824af4446e" }
archlinux_org_txt
=
{
luna
=
{
value
=
"v=spf1 ip4:5.9.250.164 ip6:2a01:4f8:160:3033::2 ~all"
}
"luna._domainkey.lists"
=
{
ttl
=
600
,
value
=
"v=DKIM1; k=rsa; s=email;
\"
\"
p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0+4XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4/EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH+jjdqzNqAG9d4lNvkTs6RRzPF3KhhY+XljaeysEyDSS4ap4E0DYcduSIX
\"
\"
oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP+S+FqDRy2woCaQb/VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll/rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV+zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h+UvfCGgz35dtlnzd/noGhNARg0Z+kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg
\"
\"
kTx/sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W+EAUsGG5653Vzmp3FJRWp1tWJwRJ0M/aZ3ka/G1iTx3rNNcadVk+4q3gz3KnlAlun+m58y8pNWKjYuxmu9xkDRwM/33rv98j0R8HZO7HFL+1vjKkxSEuzmnTQ2O9F76/OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62+1F1M8U2Xn7u84dYLUCAwEAAQ=="
}
"luna2._domainkey"
=
{
ttl
=
600
,
value
=
"v=DKIM1; k=rsa; s=email;
\"
\"
p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0+4XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4/EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH+jjdqzNqAG9d4lNvkTs6RRzPF3KhhY+XljaeysEyDSS4ap4E0DYcduSIX
\"
\"
oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP+S+FqDRy2woCaQb/VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll/rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV+zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h+UvfCGgz35dtlnzd/noGhNARg0Z+kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg
\"
\"
kTx/sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W+EAUsGG5653Vzmp3FJRWp1tWJwRJ0M/aZ3ka/G1iTx3rNNcadVk+4q3gz3KnlAlun+m58y8pNWKjYuxmu9xkDRwM/33rv98j0R8HZO7HFL+1vjKkxSEuzmnTQ2O9F76/OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62+1F1M8U2Xn7u84dYLUCAwEAAQ=="
}
mail
=
{
value
=
"v=spf1 ip4:95.216.189.61 ip6:2a01:4f9:c010:3052::1 ~all"
,
ttl
=
600
}
"dkim-ed25519._domainkey"
=
{
ttl
=
600
,
value
=
"v=DKIM1; k=ed25519;
\"
\"
p=XOHB7b7V1puX+FryNIhsjXHYIFqk+q6JRu4XQ7Jc8MQ="
}
"dkim-rsa._domainkey"
=
{
ttl
=
600
,
value
=
"v=DKIM1; k=rsa;
\"
\"
p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1GjGrEczq7iHZbvT7wa4ltJz2jwSndUGdRHgfEPnGBeevOXEAlEFr4zsdkfZEaNaQLIhZNpvKAt/A+kkyalkj4u9AnxqeNsNmZflFl6TKgvh0tWNEP3+XNxfdQ7zfml4WggL/YdAjXngg42oZEUsnS/6iozOFn7bNvzqBx5PFJ21pgyuR8DWyLaeOt+p55dVed7DCKnKi11Xjiu7k
\"
\"
H68W8rose7g8Fv9fecBatEE4jwloOXsjh+tH0iab1NSSSpIq6EdgcPrpmrllN3/n2J/kCGK6ztISB6vR7xWgvgHSMjmEL0GPWzohGPrw2UQhZhrNV8dJpiLRYmfK+rXaKF0Kqag/F0e4C4jCKFX7NYFcYXYRlN5QlDFjZvUmOILlgnZ8w/SdZUKzpLObGuwnANLG+WSOjw42p9mXVGN6AfOQPu8OjRjS1MyhcdDIbUvZiQjbmiVJ5frpYZ39BTg
\"
\"
CIzYLJJ5932+3gnwROu1OeljWkpBkfHZXPzADus80l3Vxsk91XZVB36rN8tyuMownR/M4HNC7ZE/EBwOnn1mGH7bLd6pva8u5Qy8Y6LrDdYea5Kk7aZ2WJSSRTV+nkPvOEIx+DfsIWNfmkVWzmuVky96fRvwOCuh38w8zpmlqzhDuGSQrBaLFXwAC7LYQ6kPDHzrjQhs99ScR0ix6YclrmpimMcCAwEAAQ=="
}
"_dmarc"
=
{
value
=
"v=DMARC1; p=none; rua=mailto:dmarc-reports@archlinux.org; ruf=mailto:dmarc-reports@archlinux.org;"
}
"_github-challenge-archlinux"
=
{
value
=
"824af4446e"
}
"_github-challenge-archlinux.www"
=
{
value
=
"b53f311f86"
}
}
# MTA-STS policy id (generated with: date +%s)
archlinux_org_mtssts_policy_id
=
"1608210175"
# TLS-RPT + MTA-STS + SPF
"_smtp._tls"
=
{
value
=
"v=TLSRPTv1;rua=mailto:postmaster@archlinux.org"
}
"_smtp._tls.aur"
=
{
value
=
"v=TLSRPTv1;rua=mailto:postmaster@archlinux.org"
}
"_smtp._tls.master-key"
=
{
value
=
"v=TLSRPTv1;rua=mailto:postmaster@archlinux.org"
}
"_smtp._tls.lists"
=
{
value
=
"v=TLSRPTv1;rua=mailto:postmaster@archlinux.org"
}
# Generated with: date +%s
"_mta-sts"
=
{
value
=
"v=STSv1; id=1608210175"
}
"@"
=
{
value
=
"v=spf1 ip4:95.216.189.61 ip6:2a01:4f9:c010:3052::1 ~all"
,
ttl
=
600
}
mail
=
{
value
=
"v=spf1 ip4:95.216.189.61 ip6:2a01:4f9:c010:3052::1 ~all"
,
ttl
=
600
}
aur
=
{
value
=
"v=spf1 ip4:95.216.189.61 ip6:2a01:4f9:c010:3052::1 ~all"
,
ttl
=
600
}
master
-
key
=
{
value
=
"v=spf1 ip4:95.216.189.61 ip6:2a01:4f9:c010:3052::1 ~all"
,
ttl
=
600
}
lists
=
{
value
=
"v=spf1 ip4:5.9.250.164 ip6:2a01:4f8:160:3033::2 ~all"
}
luna
=
{
value
=
"v=spf1 ip4:5.9.250.164 ip6:2a01:4f8:160:3033::2 ~all"
}
}
# This
setup MTA-STS, TLS-RPT, MX and SPF for archlinux.org
# This
creates archlinux.org MX DNS entries
# Valid parameters are:
# - mx (mandatory)
# - ttl (optional)
#
archlinux_org_mail
=
{
"@"
=
{
mx
=
"mail"
}
"aur"
=
{
mx
=
"mail"
}
"master-key"
=
{
mx
=
"mail"
}
"lists"
=
{
mx
=
"luna"
}
# Example:
# "lists" = { mx = "luna", ttl = 600 }
archlinux_org_mx
=
{
"@"
=
{
mx
=
"mail"
,
ttl
=
600
}
aur
=
{
mx
=
"mail"
,
ttl
=
600
}
master
-
key
=
{
mx
=
"mail"
,
ttl
=
600
}
lists
=
{
mx
=
"luna"
,
ttl
=
600
}
}
# This creates archlinux.org A/AAAA DNS entries in addition to those already specified by the VPSes.
...
...
@@ -274,6 +286,15 @@ locals {
"static.conf"
=
{
value
=
"redirect"
}
status
=
{
value
=
"stats.uptimerobot.com."
}
svn
=
{
value
=
"gemini"
}
# MTA-STS
mta
-
sts
=
{
value
=
"mail"
}
"mta-sts.aur"
=
{
value
=
"mail"
}
"_mta-sts.aur"
=
{
value
=
"_mta-sts"
}
"mta-sts.master-key"
=
{
value
=
"mail"
}
"_mta-sts.master-key"
=
{
value
=
"_mta-sts"
}
"mta-sts.lists"
=
{
value
=
"mail"
}
"_mta-sts.lists"
=
{
value
=
"_mta-sts"
}
}
# This creates pkgbuild.comA/AAAA DNS entries in addition to those already specified by the VPSes.
...
...
tf-stage1/templates.tf
View file @
77d2c7b3
...
...
@@ -48,54 +48,16 @@ resource "hetznerdns_record" "archlinux_org_txt" {
type
=
"TXT"
}
resource
"hetznerdns_record"
"archlinux_org_mtasts_cname"
{
for_each
=
local
.
archlinux_org_mail
zone_id
=
hetznerdns_zone
.
archlinux
.
id
name
=
"_mta-sts
${
each
.
key
==
"@"
?
""
:
".
${
each
.
key
}
"
}
"
value
=
"mail"
type
=
"CNAME"
}
resource
"hetznerdns_record"
"archlinux_org__mtasts_txt"
{
for_each
=
local
.
archlinux_org_mail
zone_id
=
hetznerdns_zone
.
archlinux
.
id
name
=
"_mta-sts
${
each
.
key
==
"@"
?
""
:
".
${
each
.
key
}
"
}
"
ttl
=
600
value
=
"
\"
v=STSv1; id=
${
local
.
archlinux_org_mtssts_policy_id
}
\"
"
type
=
"TXT"
}
resource
"hetznerdns_record"
"archlinux_org_smtp_tlsrpt_txt"
{
for_each
=
local
.
archlinux_org_mail
zone_id
=
hetznerdns_zone
.
archlinux
.
id
name
=
"_smtp._tls
${
each
.
key
==
"@"
?
""
:
".
${
each
.
key
}
"
}
"
value
=
"
\"
v=TLSRPTv1;rua=mailto:postmaster@archlinux.org
\"
"
type
=
"TXT"
}
resource
"hetznerdns_record"
"archlinux_org_mx"
{
for_each
=
local
.
archlinux_org_m
ail
for_each
=
local
.
archlinux_org_m
x
zone_id
=
hetznerdns_zone
.
archlinux
.
id
name
=
each
.
key
ttl
=
600
ttl
=
lookup
(
local
.
archlinux_org_mx
[
each
.
key
],
"ttl"
,
null
)
value
=
"10
${
each
.
value
.
mx
}
"
type
=
"MX"
}
resource
"hetznerdns_record"
"archlinux_org_mail_txt"
{
for_each
=
local
.
archlinux_org_mail
zone_id
=
hetznerdns_zone
.
archlinux
.
id
name
=
each
.
key
ttl
=
600
value
=
local
.
archlinux_org_txt
[
each
.
value
.
mx
].
value
type
=
"TXT"
}
resource
"hetznerdns_record"
"archlinux_org_a"
{
for_each
=
local
.
archlinux_org_a_aaaa
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment