💾 Archived View for tilde.pink › ~nagi › tf-ovh.gmi captured on 2024-03-21 at 16:09:17. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2024-02-05)

-=-=-=-=-=-=-

Terraform OVH external DNS records

2023-10-22

Environment replication is always very useful, and I've always made sure that all my operations and work can be automated and replicated. For example, I've written Terraform configuration files for OVH DNS entries.

This turned out to be more useful than expected, given that I had to change server, I had to move everything and the automations saved me a lot of time, especially those linked to the machine's IP address.

Requirements

The Terraform OVH provider requires certain environment variables:

To access them, simply go to

OVH's API token creation page

.

Use cases

For

theobori.cafe

, I used the following configurations.

terraform {
  required_providers {
    ovh = {
      source  = "ovh/ovh"
      version = "0.34.0"
    }
  }
}

provider "ovh" {
  endpoint = "ovh-eu"
}

variable "domain" {
  type        = string
  description = "The managed domain name"
}

variable "subdomains" {
  type        = set(string)
  description = "The subdomains directly link to var.domain_name"
  default = [
    "www",
    "status",
    "cringe",
    "etherpad",
    "search",
    "mail",
    "cloud"
  ]
}

variable "host" {
  type        = string
  description = "The target host IPv4 address"
  sensitive   = true
}

variable "host_ipv6" {
  type        = string
  description = "The target host IPv6 address"
  default     = null
  sensitive   = true
}

variable "dkim_key" {
  type        = string
  description = "The TXT DNS entry containing the DKIM key"
  default     = null
  sensitive   = true
}

variable "smtp_tlsa" {
  type        = string
  description = "The SMTP TLS fingerprint"
  default     = null
  sensitive   = true
}

resource "ovh_domain_zone_record" "domain" {
  zone      = var.domain
  fieldtype = "A"
  target    = var.host
}

resource "ovh_domain_zone_record" "www_domain" {
  zone      = var.domain
  subdomain = "www"
  fieldtype = "A"
  target    = var.host
}

resource "ovh_domain_zone_record" "mail" {
  zone      = var.domain
  fieldtype = "MX"
  ttl       = 300
  target    = "10 mail"
}

resource "ovh_domain_zone_record" "dmarc" {
  zone      = var.domain
  subdomain = "_dmarc"
  fieldtype = "TXT"
  target    = "v=DMARC1; p=none; rua=mailto:dmarc@${var.domain}"
}

resource "ovh_domain_zone_record" "spf" {
  for_each = toset(
    [
      "",
      "www"
    ]
  )

  zone      = var.domain
  subdomain = each.key
  fieldtype = "TXT"
  target    = "v=spf1 a mx -all"
}

resource "ovh_domain_zone_record" "www_txt" {
  zone      = var.domain
  fieldtype = "TXT"
  target    = "1|www.${var.domain}"
}

resource "ovh_domain_zone_record" "dkim_key" {
  count = var.dkim_key == null ? 0 : 1

  zone      = var.domain
  subdomain = "dkim._domainkey"
  fieldtype = "TXT"
  target    = var.dkim_key
}

resource "ovh_domain_zone_record" "subdomain_entries" {
  for_each = var.subdomains

  zone      = var.domain
  subdomain = each.key
  fieldtype = "A"
  target    = var.host
}

resource "ovh_domain_zone_record" "mail_ipv6" {
  count = var.host_ipv6 == null ? 0 : 1

  zone      = var.domain
  subdomain = "mail"
  fieldtype = "AAAA"
  target    = var.host_ipv6
}

resource "ovh_domain_zone_record" "smtp_fingerprint_tlsa" {
  count = var.smtp_tlsa == null ? 0 : 1

  zone      = var.domain
  subdomain = "_25._tcp.mail"
  fieldtype = "TLSA"
  target    = var.smtp_tlsa
}

resource "ovh_domain_zone_record" "autodiscover" {
  zone      = var.domain
  subdomain = "autodiscover"
  fieldtype = "CNAME"
  target    = "mail"
}

resource "ovh_domain_zone_record" "autoconfig" {
  zone      = var.domain
  subdomain = "autoconfig"
  fieldtype = "CNAME"
  target    = "mail"
}

Links

https://github.com/theobori-cafe/dns