From 0239c02c6d302bba484567216abfce23e0801ad3 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Sat, 17 Jun 2023 22:34:46 +0200
Subject: [PATCH] add powerdns terraform records

---
 terraform/dns/geokunis2_nl.tf | 142 ++++++++++++++++++++++++++++++++++
 terraform/dns/kun_is.tf       |  38 +++++++++
 terraform/dns/main.tf         |  22 ++++++
 terraform/dns/pim_kunis_nl.tf |  54 +++++++++++++
 terraform/dns/pizzapim_nl.tf  |  54 +++++++++++++
 5 files changed, 310 insertions(+)
 create mode 100644 terraform/dns/geokunis2_nl.tf
 create mode 100644 terraform/dns/kun_is.tf
 create mode 100644 terraform/dns/main.tf
 create mode 100644 terraform/dns/pim_kunis_nl.tf
 create mode 100644 terraform/dns/pizzapim_nl.tf

diff --git a/terraform/dns/geokunis2_nl.tf b/terraform/dns/geokunis2_nl.tf
new file mode 100644
index 0000000..8e5e8d9
--- /dev/null
+++ b/terraform/dns/geokunis2_nl.tf
@@ -0,0 +1,142 @@
+resource "powerdns_zone" "geokunis2_nl" {
+  name         = "geokunis2.nl."
+  kind         = "Native"
+  nameservers  = ["ns.geokunis2.nl.", "ns0.transip.net.", "ns1.transip.nl.", "ns2.transip.eu."]
+  soa_edit_api = "DEFAULT"
+}
+
+resource "powerdns_record" "geokunis2_nl_a" {
+  zone    = powerdns_zone.geokunis2_nl.name
+  name    = "geokunis2.nl."
+  type    = "A"
+  records = ["84.245.14.149"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "geokunis2_nl_aaaa" {
+  zone    = powerdns_zone.geokunis2_nl.name
+  name    = "geokunis2.nl."
+  type    = "AAAA"
+  records = ["2a02:58:19a:f730:b62e:99ff:fe77:1bda"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "geokunis2_nl_caa" {
+  zone    = powerdns_zone.geokunis2_nl.name
+  name    = "geokunis2.nl."
+  type    = "CAA"
+  records = ["0 issue \"letsencrypt.org\""]
+  ttl     = 60
+}
+
+resource "powerdns_record" "jenl_geokunis2_nl_a" {
+  zone    = powerdns_zone.geokunis2_nl.name
+  name    = "jenl.geokunis2.nl."
+  type    = "A"
+  records = ["217.123.41.225"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "wg_geokunis2_nl_a" {
+  zone    = powerdns_zone.geokunis2_nl.name
+  name    = "wg.geokunis2.nl."
+  type    = "A"
+  records = ["84.245.14.149"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "wg_geokunis2_nl_aaaa" {
+  zone    = powerdns_zone.geokunis2_nl.name
+  name    = "wg.geokunis2.nl."
+  type    = "AAAA"
+  records = ["2a02:58:1:e::1afb"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "wg4_geokunis2_nl_a" {
+  zone    = powerdns_zone.geokunis2_nl.name
+  name    = "wg.geokunis2.nl."
+  type    = "A"
+  records = ["84.245.14.149"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "wg6_geokunis2_nl_aaaa" {
+  zone    = powerdns_zone.geokunis2_nl.name
+  name    = "wg6.geokunis2.nl."
+  type    = "AAAA"
+  records = ["2a02:58:1:e::1afb"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "tuindersweijde_geokunis2_nl_a" {
+  zone    = powerdns_zone.geokunis2_nl.name
+  name    = "tuindersweijde.geokunis2.nl."
+  type    = "A"
+  records = ["84.245.14.149"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "ns_geokunis2_nl_a" {
+  zone    = powerdns_zone.geokunis2_nl.name
+  name    = "ns.geokunis2.nl."
+  type    = "A"
+  records = ["84.245.14.149"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "ns_geokunis2_nl_aaaa" {
+  zone    = powerdns_zone.geokunis2_nl.name
+  name    = "ns.geokunis2.nl."
+  type    = "AAAA"
+  records = ["2a02:58:19a:f730:c8fe:c0ff:feff:ee07"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "geokunis2_nl_txt" {
+  zone    = powerdns_zone.geokunis2_nl.name
+  name    = "geokunis2.nl."
+  type    = "TXT"
+  records = ["\"protonmail-verification=e712bb186d5278b3775b413b8851ffc7740e845b\"", "\"sl-verification=sgrkojlcdgroiyjihxfleicgtpzgcb\"", "\"v=spf1 include:simplelogin.co ~all\""]
+  ttl     = 60
+}
+
+resource "powerdns_record" "geokunis2_nl_mx" {
+  zone    = powerdns_zone.geokunis2_nl.name
+  name    = "geokunis2.nl."
+  type    = "MX"
+  records = ["10 mx1.simplelogin.co.", "20 mx2.simplelogin.co."]
+  ttl     = 60
+}
+
+resource "powerdns_record" "dkim02__domainkey_geokunis2_nl_cname" {
+  zone    = powerdns_zone.geokunis2_nl.name
+  name    = "dkim02._domainkey.geokunis2.nl."
+  type    = "CNAME"
+  records = ["dkim02._domainkey.simplelogin.co."]
+  ttl     = 60
+}
+
+resource "powerdns_record" "dkim__domainkey_geokunis2_nl_cname" {
+  zone    = powerdns_zone.geokunis2_nl.name
+  name    = "dkim._domainkey.geokunis2.nl."
+  type    = "CNAME"
+  records = ["dkim._domainkey.simplelogin.co."]
+  ttl     = 60
+}
+
+resource "powerdns_record" "dkim03__domainkey_geokunis2_nl_cname" {
+  zone    = powerdns_zone.geokunis2_nl.name
+  name    = "dkim03._domainkey.geokunis2.nl."
+  type    = "CNAME"
+  records = ["dkim03._domainkey.simplelogin.co."]
+  ttl     = 60
+}
+
+resource "powerdns_record" "_dmarc_geokunis2_nl_txt" {
+  zone    = powerdns_zone.geokunis2_nl.name
+  name    = "_dmarc.geokunis2.nl."
+  type    = "TXT"
+  records = ["\"v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=s\""]
+  ttl     = 60
+}
diff --git a/terraform/dns/kun_is.tf b/terraform/dns/kun_is.tf
new file mode 100644
index 0000000..9dd60a3
--- /dev/null
+++ b/terraform/dns/kun_is.tf
@@ -0,0 +1,38 @@
+resource "powerdns_zone" "kun_is" {
+  name         = "kun.is."
+  kind         = "Native"
+  nameservers  = ["ns1.kun.is.", "ns2.kun.is."]
+  soa_edit_api = "DEFAULT"
+}
+
+resource "powerdns_record" "ns_kun_is_a" {
+  zone    = powerdns_zone.kun_is.name
+  name    = "ns.kun.is."
+  type    = "A"
+  records = ["84.245.14.149"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "ns1_kun_is_a" {
+  zone    = powerdns_zone.kun_is.name
+  name    = "ns1.kun.is."
+  type    = "A"
+  records = ["84.245.14.149"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "ns2_kun_is_a" {
+  zone    = powerdns_zone.kun_is.name
+  name    = "ns2.kun.is."
+  type    = "A"
+  records = ["84.245.14.149"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "wildcard_kun_is_a" {
+  zone    = powerdns_zone.kun_is.name
+  name    = "*.kun.is."
+  type    = "A"
+  records = ["84.245.14.149"]
+  ttl     = 60
+}
diff --git a/terraform/dns/main.tf b/terraform/dns/main.tf
new file mode 100644
index 0000000..4510d7e
--- /dev/null
+++ b/terraform/dns/main.tf
@@ -0,0 +1,22 @@
+terraform {
+  backend "pg" {
+    schema_name = "hermes_dns"
+    conn_str    = "postgres://terraform@10.42.0.1/terraform_state"
+  }
+
+  required_providers {
+    powerdns = {
+      source  = "pan-net/powerdns"
+      version = "1.5.0"
+    }
+  }
+}
+
+data "external" "secrets" {
+  program = ["cat", pathexpand("~/.tfvars.json")]
+}
+
+provider "powerdns" {
+  server_url = "http://hermes.dmz:3000"
+  api_key    = data.external.secrets.result.powerdns_api_key
+}
diff --git a/terraform/dns/pim_kunis_nl.tf b/terraform/dns/pim_kunis_nl.tf
new file mode 100644
index 0000000..455561f
--- /dev/null
+++ b/terraform/dns/pim_kunis_nl.tf
@@ -0,0 +1,54 @@
+resource "powerdns_zone" "pim_kunis_nl" {
+  name         = "pim.kunis.nl."
+  kind         = "Native"
+  nameservers  = ["ns.pim.kunis.nl."]
+  soa_edit_api = "DEFAULT"
+}
+
+resource "powerdns_record" "pim_kunis_nl_a" {
+  zone    = powerdns_zone.pim_kunis_nl.name
+  name    = "pim.kunis.nl."
+  type    = "A"
+  records = ["84.245.14.149"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "pim_kunis_nl_txt" {
+  zone    = powerdns_zone.pim_kunis_nl.name
+  name    = "pim.kunis.nl."
+  type    = "TXT"
+  records = ["\"v=spf1 ~all\""]
+  ttl     = 60
+}
+
+resource "powerdns_record" "_dmarc_pim_kunis_nl_txt" {
+  zone    = powerdns_zone.pim_kunis_nl.name
+  name    = "_dmarc.pim.kunis.nl."
+  type    = "TXT"
+  records = ["\"v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;\""]
+  ttl     = 60
+}
+
+resource "powerdns_record" "ns_pim_kunis_nl_a" {
+  zone    = powerdns_zone.pim_kunis_nl.name
+  name    = "ns.pim.kunis.nl."
+  type    = "A"
+  records = ["84.245.14.149"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "ns_pim_kunis_nl_aaaa" {
+  zone    = powerdns_zone.pim_kunis_nl.name
+  name    = "ns.pim.kunis.nl."
+  type    = "AAAA"
+  records = ["2a02:58:19a:f730:c8fe:c0ff:feff:ee07"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "wildcard_pim_kunis_nl_a" {
+  zone    = powerdns_zone.pim_kunis_nl.name
+  name    = "*.pim.kunis.nl."
+  type    = "A"
+  records = ["84.245.14.149"]
+  ttl     = 60
+}
diff --git a/terraform/dns/pizzapim_nl.tf b/terraform/dns/pizzapim_nl.tf
new file mode 100644
index 0000000..574000b
--- /dev/null
+++ b/terraform/dns/pizzapim_nl.tf
@@ -0,0 +1,54 @@
+resource "powerdns_zone" "pizzapim_nl" {
+  name         = "pizzapim.nl."
+  kind         = "Native"
+  nameservers  = ["ns.pizzapim.nl.", "ns0.transip.net.", "ns1.transip.nl.", "ns2.transip.eu."]
+  soa_edit_api = "DEFAULT"
+}
+
+resource "powerdns_record" "pizzapim_nl_a" {
+  zone    = powerdns_zone.pizzapim_nl.name
+  name    = "pizzapim.nl."
+  type    = "A"
+  records = ["84.245.14.149"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "pizzapim_nl_txt" {
+  zone    = powerdns_zone.pizzapim_nl.name
+  name    = "pizzapim.nl."
+  type    = "TXT"
+  records = ["\"v=spf1 ~all\""]
+  ttl     = 60
+}
+
+resource "powerdns_record" "pizzapim_nl_caa" {
+  zone    = powerdns_zone.pizzapim_nl.name
+  name    = "pizzapim.nl."
+  type    = "CAA"
+  records = ["0 issue \"letsencrypt.org\""]
+  ttl     = 60
+}
+
+resource "powerdns_record" "_dmarc_pizzapim_nl_txt" {
+  zone    = powerdns_zone.pizzapim_nl.name
+  name    = "_dmarc.pizzapim.nl."
+  type    = "TXT"
+  records = ["\"v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;\""]
+  ttl     = 60
+}
+
+resource "powerdns_record" "ns_pizzapim_nl_a" {
+  zone    = powerdns_zone.pizzapim_nl.name
+  name    = "ns.pizzapim.nl."
+  type    = "A"
+  records = ["84.245.14.149"]
+  ttl     = 60
+}
+
+resource "powerdns_record" "ns_pizzapim_nl_aaaa" {
+  zone    = powerdns_zone.pizzapim_nl.name
+  name    = "ns.pizzapim.nl."
+  type    = "AAAA"
+  records = ["2a02:58:19a:f730:c8fe:c0ff:feff:ee07"]
+  ttl     = 60
+}