From 1775e24a45dfd0811038441dc1663abc5bb080b4 Mon Sep 17 00:00:00 2001
From: michael <michael@balsillie.net>
Date: Fri, 29 Nov 2024 01:35:04 -0500
Subject: [PATCH] add more dns records

---
 terraform/cloudflare/main.tf                 | 17 +++++-
 terraform/cloudflare/variable_definitions.tf | 24 +++++++++
 terraform/cloudflare/variables.auto.tfvars   | 57 +++++++++++---------
 3 files changed, 73 insertions(+), 25 deletions(-)

diff --git a/terraform/cloudflare/main.tf b/terraform/cloudflare/main.tf
index de99f09..716dc45 100644
--- a/terraform/cloudflare/main.tf
+++ b/terraform/cloudflare/main.tf
@@ -8,7 +8,7 @@ terraform {
     }
   }
   backend "local" {
-    path = pathexpand("~/Backups/tfstate/cloudflare.tfstate")
+    # path = pathexpand("~/Backups/tfstate/cloudflare.tfstate")
   }
 }
 
@@ -23,6 +23,10 @@ locals {
     for index, record in distinct(var.dns_records) : # 'distint' removes duplicate values from a list
       tostring(index) => record
   }
+  mx_records = {
+    for index, record in distinct(var.mx_records) : # 'distint' removes duplicate values from a list
+      tostring(index) => record
+  }
 }
 
 resource "cloudflare_zone" "balsillie_net" {
@@ -47,4 +51,15 @@ resource "cloudflare_record" "dns_records" {
     ttl       = each.value.ttl
 }
 
+resource "cloudflare_record" "mx_records" {
+    for_each  = local.mx_records
+    zone_id   = cloudflare_zone.balsillie_net.id
+    proxied   = false
+    name      = each.value.name
+    type      = each.value.type
+    content   = each.value.content
+    priority  = each.value.priority
+    ttl       = each.value.ttl
+}
+
 # TODO update the SOA record when dns_records resource was changed
\ No newline at end of file
diff --git a/terraform/cloudflare/variable_definitions.tf b/terraform/cloudflare/variable_definitions.tf
index b85806e..bbc7979 100644
--- a/terraform/cloudflare/variable_definitions.tf
+++ b/terraform/cloudflare/variable_definitions.tf
@@ -15,3 +15,27 @@ variable "dns_records" {
     }))
     default     = []
 }
+
+variable "mx_records" {
+    description = "DNS MX records to create"
+    type = list(object({
+        name     = string
+        type     = string
+        content  = string
+        priority = number
+        ttl      = number
+    }))
+    default     = []
+}
+
+variable "caa_records" {
+    description = "DNS CAA records to create"
+    type = list(object({
+        name     = string
+        type     = string
+        content  = string
+        # priority = number
+        ttl      = number
+    }))
+    default     = []
+}
\ No newline at end of file
diff --git a/terraform/cloudflare/variables.auto.tfvars b/terraform/cloudflare/variables.auto.tfvars
index f67ea3a..c5757b1 100644
--- a/terraform/cloudflare/variables.auto.tfvars
+++ b/terraform/cloudflare/variables.auto.tfvars
@@ -1,26 +1,35 @@
 dns_records = [
-    { name = "@",       type = "A", content = "5.161.254.39", ttl = 60 },
-    { name = "www",     type = "A", content = "5.161.254.39", ttl = 60 },
-    { name = "cloud",   type = "A", content = "5.161.254.39", ttl = 60 },
-    { name = "hetzner", type = "A", content = "5.161.254.39", ttl = 60 },
-    { name = "imap",    type = "A", content = "5.161.254.39", ttl = 60 },
-    { name = "sieve",   type = "A", content = "5.161.254.39", ttl = 60 },
-    { name = "smtp",    type = "A", content = "5.161.254.39", ttl = 60 },
-    { name = "auth",                type = "CNAME", content = "hetzner", ttl = 60 },
-    { name = "autoconfig",          type = "CNAME", content = "hetzner", ttl = 60 },
-    { name = "autodiscover",        type = "CNAME", content = "hetzner", ttl = 60 },
-    { name = "code",                type = "CNAME", content = "hetzner", ttl = 60 },
-    { name = "discord-bridge",      type = "CNAME", content = "hetzner", ttl = 60 },
-    { name = "im",                  type = "CNAME", content = "hetzner", ttl = 60 },
-    { name = "matrix",              type = "CNAME", content = "hetzner", ttl = 60 },
-    { name = "matrix-auth",         type = "CNAME", content = "hetzner", ttl = 60 },
-    { name = "matrix-federation",   type = "CNAME", content = "hetzner", ttl = 60 },
-    { name = "matrix-sync",         type = "CNAME", content = "hetzner", ttl = 60 },
-    { name = "mta-sts",             type = "CNAME", content = "hetzner", ttl = 60 },
-    { name = "notify",              type = "CNAME", content = "hetzner", ttl = 60 },
-    { name = "office",              type = "CNAME", content = "hetzner", ttl = 60 },
-    { name = "signal-bridge",       type = "CNAME", content = "hetzner", ttl = 60 },
-    { name = "social",              type = "CNAME", content = "hetzner", ttl = 60 },
-    { name = "turn",                type = "CNAME", content = "hetzner", ttl = 60 },
-    { name = "whatsapp-bridge",     type = "CNAME", content = "hetzner", ttl = 60 }
+    { name = "@",                   type = "TXT",   content = "\"v=spf1 +ip4:5.161.254.39 -all\"", ttl = 60 },
+    { name = "@",                   type = "TXT",   content = "\"openpgp4fpr:2362b71cc210e435244d63dae81ed7810d966cd4\"", ttl = 60 },
+    { name = "_dmarc",              type = "TXT",   content = "\"v=DMARC1; p=reject; rua=mailto:postmaster@balsillie.net; ruf=mailto:postmaster@balsillie.net; sp=reject; fo=1; aspf=s; adkim=s; ri=259200\"", ttl = 60 },
+    { name = "mail._domainkey",     type = "TXT",   content = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+URc62p2hXgTgt+1NEo8tCm1SWYPXlnsO9vQdz3SqM6SUXyV/nuLzHQBriJwEnL7sXlmMvfu7JkY4wx/q4nZUVqJ6P8tV4qqRTlPYf9EOtzdPetvz24NVcI8Jh1qo06K/JXTPwGssSDnacfC6B14Q06JPC+1Kx28pOu8XLZSJpwIDAQAB\"", ttl = 60 },
+    { name = "@",                   type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "www",                 type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "cloud",               type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "imap",                type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "sieve",               type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "smtp",                type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "auth",                type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "autoconfig",          type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "autodiscover",        type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "code",                type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "im",                  type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "matrix",              type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "matrix-auth",         type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "matrix-federation",   type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "matrix-sync",         type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "mta-sts",             type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "notify",              type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "office",              type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "social",              type = "A",     content = "5.161.254.39", ttl = 60 },
+    { name = "turn",                type = "A",     content = "5.161.254.39", ttl = 60 }
 ]
+
+mx_records = [
+    { name = "@",   type = "MX",    content = "smtp.balsillie.net.", priority = 0, ttl = 60 }
+]
+
+caa_records = [
+    { name = "@",   type = "CAA",   content = "0 issuewild ';'", ttl = 60 },
+    { name = "@",   type = "CAA",   content = "0 issue \"letsencrypt.org\"", ttl = 60 }
+]
\ No newline at end of file