From f07eab2efe0c2fb9e13a24b74a95d1e6d4aedade Mon Sep 17 00:00:00 2001 From: Massaki Archambault Date: Sat, 17 Feb 2024 01:41:51 -0500 Subject: [PATCH] move to cloudflare --- terraform/.terraform.lock.hcl | 39 ++++--- terraform/main.tf | 103 +++++++++++------- .../parameters-external-secrets-policy.json | 0 .../main.tf | 0 .../variables.tf | 0 terraform/modules/cloudflare_site/main.tf | 25 +++++ .../modules/cloudflare_site/variables.tf | 9 ++ terraform/modules/do_dns/main.tf | 30 ----- terraform/modules/do_dns/variables.tf | 16 --- 9 files changed, 116 insertions(+), 106 deletions(-) rename terraform/modules/{aws-parameters-external-secrets => aws_parameters_external_secrets}/iam-policies/parameters-external-secrets-policy.json (100%) rename terraform/modules/{aws-parameters-external-secrets => aws_parameters_external_secrets}/main.tf (100%) rename terraform/modules/{aws-parameters-external-secrets => aws_parameters_external_secrets}/variables.tf (100%) create mode 100644 terraform/modules/cloudflare_site/main.tf create mode 100644 terraform/modules/cloudflare_site/variables.tf delete mode 100644 terraform/modules/do_dns/main.tf delete mode 100644 terraform/modules/do_dns/variables.tf diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index a995441..c98022f 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -1,27 +1,26 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. -provider "registry.terraform.io/digitalocean/digitalocean" { - version = "2.26.0" - constraints = "~> 2.0" +provider "registry.terraform.io/cloudflare/cloudflare" { + version = "4.23.0" + constraints = "~> 4.0" hashes = [ - "h1:u4iQgY0Z/TLGqZiejnhU+CFob45+AcY8vW6oKHh+whY=", - "zh:10fc569e4669f1589b02e8d7e43398f2140872c3e74d11429ad74d7c0464176e", - "zh:402be0350250b133db11780704f26226a176ba6fa5016aef2be08f79e76edaa6", - "zh:506b886bf77ebad868283310dc886d40a793a98534dab7278eca826d0cdd7049", - "zh:745c82487f8fbfea15de975682bb6ba70ea79acfd783feeee9702a6b42e689c8", - "zh:85ed296ca9fe707afec0b2ca9263ef167e784e474a13d631c051fdbb90ad324d", - "zh:87d1eea592c70508df371793834e4aa73cc7cbd830ce8509950c26172734201e", - "zh:8c72fc549941c69aac988d2908d8922ea1a48338f73e8d2f8e5fb57fb6ac1197", - "zh:8d6b692e5351c92acf0bbc34865136ce7d961f82546c5cbe47f0050a088d46a8", - "zh:92cb56af41969755d803ff8d528f63012fa51e2c5e83861c1fd92df4dc680688", - "zh:9820f10523f7c6bca62c0eb12d8c923bf303846d679778158032e9c2e6ad29b6", - "zh:9ba0fe7fe519509acdc69d9d9d8a5bd0c06673d5730474ec15d6dfc81f790d31", - "zh:a670d7f7deae78285e469d8ff350629c8d34fdc6b0da05ff0b855c7846ff9342", - "zh:bb8bf49bdb163757b214c6f645b25e6a3eb9952ec6d1fb3dade56da33cd26460", - "zh:c347ed08e2b929718eb7c97406574b28c8e08a5c00068a40a9dd934ab487ef6b", - "zh:e4e423fdbcf1cc86c585738a0ea8a29413ac0e478dc338dee5594257a13f2fb3", - "zh:ee42adc96a03b94d0bdfd226bf691687d4b38e46eb81570674ae7a86cd58e3a6", + "h1:mwME7g0VS3glSXFJi1xAmhnluStIJ/yxmORP2grrkb0=", + "zh:034aae9f29e51b008eb5ff62bcfea4078d92d74fd8eb6e0f1833395002bf483d", + "zh:0e4f72b52647791e34894c231c7d17b55c701fb4ff9d8aeb8355031378b20910", + "zh:248ecf3820a65870a8a811a90488a77a8fcc49ee6e3099734328912250c4145a", + "zh:750114d16fefb3ce6cfc81fc4d86ab3746062dccd3fc5556a6dff39d600d55f3", + "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", + "zh:8fe4b545d8c90eb55b75ede1bc5a6bb1483a00466364cd08b1096abddc52e34b", + "zh:ba203d96d07a313dd77933ff29d09110c1dc5100a44aa540c2c73ea280215c85", + "zh:be22358de9729068edc462985c2c99c4d49eec87c6662e75e7216962b0b47a12", + "zh:c55add4c66855191020b5ed61fe8561403eac9d3f55f343876f1f0a5e2ccf1bc", + "zh:c57034c34a10317715264b9455a74b53b2604a3cb206f2c5089ae61b5e8e18fa", + "zh:c95b026d652cb2f90b526cdc79dc22faa0789a049e55b5f2a41412ac45bca2ec", + "zh:ca49437e5462c060b64d0ebf7a7d1370f55139afdb6a23f032694d363b44243b", + "zh:d52788bd6ca087fa72ae9d22c09693c3f5ce5502a00e2c195bea5f420735006c", + "zh:e43da4d400951310020969bd5952483c05de824d67fdcdddc76ec9d97de0d18e", + "zh:ff150dddcbb0d623ff1948d1359fa956519f0672f832faedb121fc809e9c4c22", ] } diff --git a/terraform/main.tf b/terraform/main.tf index 0d5f612..2ba0d33 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,51 +1,74 @@ terraform { - backend "kubernetes" { - secret_suffix = "state" - config_path = "~/.kube/config" - labels = { - "app.kubernetes.io/managed-by": "terraform" - } + backend "kubernetes" { + secret_suffix = "state" + config_path = "~/.kube/config" + labels = { + "app.kubernetes.io/managed-by" : "terraform" } + } } provider "kubernetes" { - config_path = "~/.kube/config" + config_path = "~/.kube/config" } -module "aws-parameters-external-secrets" { - source = "./modules/aws-parameters-external-secrets" +module "aws_parameters_external_secrets" { + source = "./modules/aws_parameters_external_secrets" } -module "do_dns" { - source = "./modules/do_dns" - root_domain_name = "badjware.dev" - root_domain_ip = "104.152.168.30" +module "cloudflare_records" { + source = "./modules/cloudflare_site" - records = { - "mail" = { - type = "CNAME" - value = "@" - } - "public" = { - type = "CNAME" - value = "@" - } - "cloud" = { - type = "A" - value = "159.203.54.249" - } - "code" = { - type = "A" - value = "159.203.54.249" - } - "drone" = { - type = "A" - value = "159.203.54.249" - } - "grafana" = { - type = "A" - value = "159.203.54.249" - } - } -} \ No newline at end of file + dns_zone = "badjware.dev" + dns_records = [ + { + name = "@" + type = "A" + value = "104.152.168.30" + + proxied = false + }, + { + name = "@" + type = "MX" + value = "mail.badjware.dev" + priority = 0 + + proxied = false + }, + { + name = "mail" + type = "CNAME" + value = "badjware.dev" + + proxied = false + }, + { + name = "cloud" + type = "CNAME" + value = "home.badjware.dev" + }, + { + name = "code" + type = "CNAME" + value = "home.badjware.dev" + }, + { + name = "grafana" + type = "A" + type = "CNAME" + value = "home.badjware.dev" + }, + { + name = "hass" + type = "CNAME" + value = "home.badjware.dev" + }, + { + name = "chat" + type = "CNAME" + value = "home.badjware.dev" + }, + ] +} diff --git a/terraform/modules/aws-parameters-external-secrets/iam-policies/parameters-external-secrets-policy.json b/terraform/modules/aws_parameters_external_secrets/iam-policies/parameters-external-secrets-policy.json similarity index 100% rename from terraform/modules/aws-parameters-external-secrets/iam-policies/parameters-external-secrets-policy.json rename to terraform/modules/aws_parameters_external_secrets/iam-policies/parameters-external-secrets-policy.json diff --git a/terraform/modules/aws-parameters-external-secrets/main.tf b/terraform/modules/aws_parameters_external_secrets/main.tf similarity index 100% rename from terraform/modules/aws-parameters-external-secrets/main.tf rename to terraform/modules/aws_parameters_external_secrets/main.tf diff --git a/terraform/modules/aws-parameters-external-secrets/variables.tf b/terraform/modules/aws_parameters_external_secrets/variables.tf similarity index 100% rename from terraform/modules/aws-parameters-external-secrets/variables.tf rename to terraform/modules/aws_parameters_external_secrets/variables.tf diff --git a/terraform/modules/cloudflare_site/main.tf b/terraform/modules/cloudflare_site/main.tf new file mode 100644 index 0000000..3174144 --- /dev/null +++ b/terraform/modules/cloudflare_site/main.tf @@ -0,0 +1,25 @@ +terraform { + required_providers { + cloudflare = { + source = "cloudflare/cloudflare" + version = "~> 4.0" + } + } +} + +data "cloudflare_zone" "zone" { + name = var.dns_zone +} + +resource "cloudflare_record" "records" { + count = length(var.dns_records) + + zone_id = data.cloudflare_zone.zone.zone_id + name = var.dns_records[count.index].name + type = var.dns_records[count.index].type + value = var.dns_records[count.index].value + ttl = lookup(var.dns_records[count.index], "ttl", null) + priority = lookup(var.dns_records[count.index], "priority", null) + + proxied = lookup(var.dns_records[count.index], "proxied", true) +} diff --git a/terraform/modules/cloudflare_site/variables.tf b/terraform/modules/cloudflare_site/variables.tf new file mode 100644 index 0000000..5550e86 --- /dev/null +++ b/terraform/modules/cloudflare_site/variables.tf @@ -0,0 +1,9 @@ +variable "dns_zone" { + description = "The dns zone" + type = string +} + +variable "dns_records" { + description = "A map containing the dns record configuration" + type = list(map(any)) +} diff --git a/terraform/modules/do_dns/main.tf b/terraform/modules/do_dns/main.tf deleted file mode 100644 index d9e03bb..0000000 --- a/terraform/modules/do_dns/main.tf +++ /dev/null @@ -1,30 +0,0 @@ -terraform { - required_providers { - digitalocean = { - source = "digitalocean/digitalocean" - version = "~> 2.0" - } - } -} - -resource "digitalocean_domain" "root" { - name = var.root_domain_name - ip_address = var.root_domain_ip -} - -resource "digitalocean_record" "mx_root" { - domain = digitalocean_domain.root.name - type = "MX" - name = "@" - priority = 0 - value = "mail.${digitalocean_domain.root.name}." -} - -resource "digitalocean_record" "records" { - for_each = var.records - - domain = digitalocean_domain.root.name - type = each.value.type - name = each.key - value = each.value.value -} diff --git a/terraform/modules/do_dns/variables.tf b/terraform/modules/do_dns/variables.tf deleted file mode 100644 index 42f31de..0000000 --- a/terraform/modules/do_dns/variables.tf +++ /dev/null @@ -1,16 +0,0 @@ -variable "root_domain_name" { - type = string - description = "The DNS root domain" -} - -variable "root_domain_ip" { - type = string - description = "The ip the root domain points to" -} - -# https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/record -variable "records" { - type = map(map(string)) - description = "A map of DNS records to install" - default = {} -} \ No newline at end of file