terraform { required_providers { dns = { source = "hashicorp/dns" version = "3.2.3" } } backend "s3" { bucket = "treehouse-state" key = "tfstate" region = "us-southeast-1" endpoint = "us-southeast-1.linodeobjects.com" skip_credentials_validation = true skip_region_validation = true } } provider "dns" { update { server = "ns1.as207960.net" key_name = "treehouse.systems." key_algorithm = "hmac-sha512" key_secret = var.secret } } // Treehouse cluster: kn-linode-dallas // TODO(ariadne): Use linode data source to pull the kubernetes ingress // IP addresses for this resource "dns_a_record_set" "kn_linode_dallas_ingress_v4" { zone = "treehouse.systems." name = "kn-linode-dallas.ingress" addresses = ["50.116.20.32"] ttl = 3600 } resource "dns_aaaa_record_set" "kn_linode_dallas_ingress_v6" { zone = "treehouse.systems." name = "kn-linode-dallas.ingress" addresses = ["2600:3c00::f03c:93ff:fee2:d097"] ttl = 3600 } // Treehouse cluster: kn-oci-sanjose // TODO(ariadne): decommission me resource "dns_a_record_set" "kn_oci_sanjose_ingress_v4" { zone = "treehouse.systems." name = "kn-oci-sanjose.ingress" addresses = ["152.67.234.163"] ttl = 3600 } resource "dns_aaaa_record_set" "kn_oci_sanjose_ingress_v6" { zone = "treehouse.systems." name = "kn-oci-sanjose.ingress" addresses = ["2603:c024:c000:100::80"] ttl = 3600 } // Treehouse services: Gitea resource "dns_a_record_set" "gitea_v4" { zone = "treehouse.systems." name = "gitea" addresses = ["104.250.236.2"] ttl = 3600 } resource "dns_aaaa_record_set" "gitea_v6" { zone = "treehouse.systems." name = "gitea" addresses = ["2602:fd37:1:0:104:250:236:2"] ttl = 3600 } resource "dns_cname_record" "woodpecker_cname" { zone = "treehouse.systems." name = "woodpecker" cname = "gitea.treehouse.systems." ttl = 3600 } // Treehouse services: Mastodon (running on kn-linode-dallas) resource "dns_cname_record" "social_cname" { zone = "treehouse.systems." name = "social" cname = "kn-linode-dallas.ingress.treehouse.systems." ttl = 3600 } resource "dns_cname_record" "cache_cname" { zone = "treehouse.systems." name = "cache" cname = "treehousesystems.b-cdn.net." ttl = 3600 } // Treehouse services: Discord redirector. // TODO(ariadne): This is really now treehouse.systems/discord, but // we need to keep this one for a while until it can be fully // decommissioned. resource "dns_cname_record" "discord_cname" { zone = "treehouse.systems." name = "discord" cname = "kn-oci-sanjose.ingress.treehouse.systems." ttl = 3600 } // Treehouse services: Minecraft (OVH, managed by Kenneth) resource "dns_cname_record" "minecraft_cname" { zone = "treehouse.systems." name = "survival.minecraft" cname = "survival.treehouse.fork.run." ttl = 3600 } // Apex domain settings. resource "dns_a_record_set" "apex_v4" { zone = "treehouse.systems." addresses = ["152.67.234.163"] ttl = 3600 } resource "dns_aaaa_record_set" "apex_v6" { zone = "treehouse.systems." addresses = ["2603:c024:c000:100::80"] ttl = 3600 } resource "dns_mx_record_set" "apex_mx" { zone = "treehouse.systems." mx { preference = 5 exchange = "mx1.mailbun.net." } ttl = 3600 } resource "dns_txt_record_set" "apex_spf" { zone = "treehouse.systems." txt = ["v=spf1 a mx include:spf.mailbun.net ~all"] ttl = 3600 } resource "dns_txt_record_set" "apex_dmarc" { zone = "treehouse.systems." name = "_dmarc" txt = ["v=DMARC1; p=none; fo=1; rua=mailto:admin@treehouse.systems"] ttl = 3600 } resource "dns_txt_record_set" "apex_domainkey" { zone = "treehouse.systems." name = "mailbun._domainkey" txt = ["v=DKIM1; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJGZN1aCAUd8CqyQA7Akzkvns+Wq/w70ft2xr0B8jFp0DtW8BtyLLAsErpIp5ZTDgReYGgL7cNcSsNQRn+d6ZaOBGlC/gH1T3KYfbsvavOdnbGx9gofi6x8I5QOOLhp7epK5YkaP/Igg58Zm0ni3jdeMCuX+qkJVqn2WVv8IcRtIA3zJrTYOW3lGCj1ieezl5ref+43mFvcUqidToR9XyHNmi1RowmWAofbZASXkNqZiR1P2Jw3s7q6p0fAEz6bODNOmngIlRAaKjBfDVezsaTeQJwsMg9g58GigVTSb9gMHRZon61yxWcCJtcivPug7xAVlVU+MMkDr7MfvUke5KQIDAQAB"] ttl = 3600 }