diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index b34c6e6..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,32 +0,0 @@ -# To contribute improvements to CI/CD templates, please follow the Development guide at: -# https://docs.gitlab.com/ee/development/cicd/templates.html -# This specific template is located at: -# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform.gitlab-ci.yml - -include: - - template: Terraform/Base.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Terraform/Base.gitlab-ci.yml - - template: Jobs/SAST-IaC.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml - -stages: - - validate - - test - - build - # - deploy - -fmt: - extends: .terraform:fmt - needs: [] - -validate: - extends: .terraform:validate - needs: [] - -build: - extends: .terraform:build - -# deploy: -# extends: .terraform:deploy -# dependencies: -# - build -# environment: -# name: $TF_STATE_NAME diff --git a/domain.tf b/domain.tf new file mode 100644 index 0000000..b068c37 --- /dev/null +++ b/domain.tf @@ -0,0 +1,132 @@ +terraform { + required_providers { + namecheap = { + source = "namecheap/namecheap" + version = "~> 2.1.0" + } + } + + backend "http" { + address = "https://asciireactor.com/api/v4/projects/101/terraform/state/industry-domain" + lock_address = "https://asciireactor.com/api/v4/projects/101/terraform/state/industry-domain/lock" + unlock_address = "https://asciireactor.com/api/v4/projects/101/terraform/state/industry-domain/lock" + lock_method = "POST" + unlock_method = "DELETE" + retry_wait_min = 5 + } +} + +provider "namecheap" {} + +variable "protonmail-domainkey-id" { + type = string + default = "dr2jx5mioyzdmwndxrlrsgzx3nne5vtshiheypfxy7llz4e2hwrcq" +} + +locals { + address = { + cname = { + "www" = "othoulrich.com." + "code" = "othoulrich.com." + "protonmail._domainkey" = join(".",[ + "protonmail.domainkey", + var.protonmail-domainkey-id, + "domains.proton.ch." + ]) + "protonmail2._domainkey" = join(".",[ + "protonmail2.domainkey", + var.protonmail-domainkey-id, + "domains.proton.ch." + ]) + "protonmail3._domainkey" = join(".",[ + "protonmail3.domainkey", + var.protonmail-domainkey-id, + "domains.proton.ch." + ]) + } + txt = { + "@.0" = join("=",[ + "protonmail-verification", + "6568aab64dccc1e888741cf9874730f7fc884a00" + ]) + "@.1" = "v=spf1 include:_spf.protonmail.ch mx ~all" + } + mx = { + "@.0" = "mail.protonmail.ch." + "@.1" = "mailsec.protonmail.ch." + } + alias = { + "@.0" = "fw-0.saline.o4data.net." + } + } +} + +resource "namecheap_domain_records" "top" { + domain = "othoulrich.com" + mode = "OVERWRITE" + email_type = "MX" + + + record { + address = local.address.alias["@.0"] + hostname = "@" + type = "ALIAS" + ttl = 300 + } + + record { + address = local.address.cname["www"] + hostname = "www" + type = "CNAME" + } + + record { + address = local.address.cname["code"] + hostname = "code" + type = "CNAME" + } + + record { + address = local.address.mx["@.0"] + hostname = "@" + type = "MX" + } + + record { + address = local.address.mx["@.1"] + hostname = "@" + mx_pref = 20 + type = "MX" + } + + record { + address = local.address.txt["@.0"] + hostname = "@" + type = "TXT" + } + + record { + address = local.address.txt["@.1"] + hostname = "@" + type = "TXT" + } + + record { + address = local.address.cname["protonmail._domainkey"] + hostname = "protonmail._domainkey" + type = "CNAME" + } + + record { + address = local.address.cname["protonmail2._domainkey"] + hostname = "protonmail2._domainkey" + type = "CNAME" + } + + record { + address = local.address.cname["protonmail3._domainkey"] + hostname = "protonmail3._domainkey" + type = "CNAME" + } + +}