home/hermes
Archived
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: home:e4c430cbd9e905948683d59d71999d9fbdaa558f
Branches Tags
home:master
...
compare: home:3d57370222400fd082a92ae3ffcee174712a6308
Branches Tags
home:master

3 commits
e4c430cbd9 ... 3d57370222

Author SHA1 Message Date
Pim Kunis
3d57370222 re-add forgotten domains 2023-06-17 23:15:37 +02:00
Pim Kunis
0239c02c6d add powerdns terraform records 2023-06-17 22:34:46 +02:00
Pim Kunis
47436d79e1 move from nsd to powerdns 2023-06-17 22:21:53 +02:00
19 changed files with 499 additions and 204 deletions
Show stats Expand all files Collapse all files

12
ansible/hermes.yml
View file

@ -2,16 +2,24 @@
hosts: all hosts: all
gather_facts: no gather_facts: no
roles: roles:
- cloudinit-wait - cloudinit_wait
- name: Install services - name: Install services
hosts: all hosts: all
pre_tasks: pre_tasks:
- name: Delete externally managed environment file
shell:
cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
register: rm
changed_when: "rm.rc == 0"
failed_when: "false"
- name: Copy resolv.conf - name: Copy resolv.conf
copy: copy:
src: resolv.conf src: resolv.conf
dest: /etc/resolv.conf dest: /etc/resolv.conf
roles: roles:
- {role: apt, tags: apt} - {role: apt, tags: apt}
- {role: dnsmasq, tags: dnsmasq} - {role: dnsmasq, tags: dnsmasq}
- {role: nsd, tags: nsd} - {role: powerdns, tags: powerdns}

129
ansible/inventory/host_vars/hermes.yml
View file

@ -1,63 +1,84 @@
apt_install_packages: apt_install_packages:
- qemu-guest-agent - qemu-guest-agent
- dnsutils - dnsutils
- pdns-server
- pdns-backend-pgsql
- postgresql-client
ssh_ca_dir: /root/ssh_ca ssh_ca_dir: /root/ssh_ca
ssh_ca_user_ca_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKOClnK6/Hj8INjEgULY/lD2FM/nbiJHqaSXtEw4+Fj User Certificate Authority for DMZ" ssh_ca_user_ca_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKOClnK6/Hj8INjEgULY/lD2FM/nbiJHqaSXtEw4+Fj User Certificate Authority for DMZ"
ssh_ca_host_ca_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x Host Certficate Authority for DMZ" ssh_ca_host_ca_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x Host Certficate Authority for DMZ"
ssh_ca_user_ca_private_key: !vault | ssh_ca_user_ca_private_key: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
64343164666336316635323733353839373835316465653038333062386438363131353566626130 64343164666336316635323733353839373835316465653038333062386438363131353566626130
6531653835313838396638366330386331383533303435300a306333363238633864623864393665 6531653835313838396638366330386331383533303435300a306333363238633864623864393665
31393036346532353134646466666465386633303061346662393430666532366137323866646561 31393036346532353134646466666465386633303061346662393430666532366137323866646561
3131653064323565370a656361326462336238333464353635303066323565633865663032313661 3131653064323565370a656361326462336238333464353635303066323565633865663032313661
38366238613361626161633862353938326365306634303166346461366531663063343264353533 38366238613361626161633862353938326365306634303166346461366531663063343264353533
61656630633734643639333738616566326531653264306134363837616365643039626262613433 61656630633734643639333738616566326531653264306134363837616365643039626262613433
61656361326234313130386533363761366665383064643735316133313133643865616536306466 61656361326234313130386533363761366665383064643735316133313133643865616536306466
33303733663834646435303935633436383632306330616264343263303861313635383866636163 33303733663834646435303935633436383632306330616264343263303861313635383866636163
39653064373966643437636530326235653131616366396563386139333837616535616135323337 39653064373966643437636530326235653131616366396563386139333837616535616135323337
66626161336539356637373138613464376133373234353863383330313362623236633462386234 66626161336539356637373138613464376133373234353863383330313362623236633462386234
31386635613936306262346264343732623761303331623831353061343035626361623639326530 31386635613936306262346264343732623761303331623831353061343035626361623639326530
62643139663733666662623039396461623334666565663439613430353364626162653731303535 62643139663733666662623039396461623334666565663439613430353364626162653731303535
32396638393534363533303039343938346339656266303766613931316337333635373664643461 32396638393534363533303039343938346339656266303766613931316337333635373664643461
37303332386233663937636631373935613231356262346530323337393733373764613864616563 37303332386233663937636631373935613231356262346530323337393733373764613864616563
66383137393738316638393530616234653264613363383663366261303433636236326632323734 66383137393738316638393530616234653264613363383663366261303433636236326632323734
35616133386438613636663631653139386466303534636263393633633663303664326137373139 35616133386438613636663631653139386466303534636263393633633663303664326137373139
35626336653966396335623330663161333432306538316664376231616161353235353032633438 35626336653966396335623330663161333432306538316664376231616161353235353032633438
62363663613135616462323363333863376532623764663066616431636632653938666263383731 62363663613135616462323363333863376532623764663066616431636632653938666263383731
65666564656130383262373964386631643332323066386635643032663833306565643164376239 65666564656130383262373964386631643332323066386635643032663833306565643164376239
32383732393236336235363936303063663963343061306161643331623330326139663836323561 32383732393236336235363936303063663963343061306161643331623330326139663836323561
31353532313639613563393938643333326462653833623531613935363265333534663762333831 31353532313639613563393938643333326462653833623531613935363265333534663762333831
36376264636432656537313834373036623339306430333837323836303134323062306265356430 36376264636432656537313834373036623339306430333837323836303134323062306265356430
39663238363338666362663364643063613337646237356431383237616465643634313166643435 39663238363338666362663364643063613337646237356431383237616465643634313166643435
32623864313537336634373631396465643362333237646462336362656430653036656263613162 32623864313537336634373631396465643362333237646462336362656430653036656263613162
64306662313934643661333462306336333561626335303866306131326538653264343465633139 64306662313934643661333462306336333561626335303866306131326538653264343465633139
3466663135663239616135353764373532323935613233316132 3466663135663239616135353764373532323935613233316132
ssh_ca_host_ca_private_key: !vault | ssh_ca_host_ca_private_key: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
34613835376232653534353636303364613437666563653530363564346164656136643732626234 34613835376232653534353636303364613437666563653530363564346164656136643732626234
6430316165623933666461646639303435386433333335660a393538303835616366333066353665 6430316165623933666461646639303435386433333335660a393538303835616366333066353665
64663236353233383236656365356264653963366464303433313133386430646230363634353465 64663236353233383236656365356264653963366464303433313133386430646230363634353465
6365313836666534330a633832303963616162623631663732623236383665383333323032383364 6365313836666534330a633832303963616162623631663732623236383665383333323032383364
36313663366461643733373836326335386562663362326438353033376431356537326133646338 36313663366461643733373836326335386562663362326438353033376431356537326133646338
31623064303662616464343639346663323437333038346664393166333930336539373031313161 31623064303662616464343639346663323437333038346664393166333930336539373031313161
39343365373238383661343234666430336131323666313032333666306333366566336361383536 39343365373238383661343234666430336131323666313032333666306333366566336361383536
64626261363138323766306239303133376632386235666633363461303135613865343161356266 64626261363138323766306239303133376632386235666633363461303135613865343161356266
33333634613761616336653162396662633131333336613264663764333761633032313436376534 33333634613761616336653162396662633131333336613264663764333761633032313436376534
65376631383239666235313939363265643364376638623630373839303236633635356431356263 65376631383239666235313939363265643364376638623630373839303236633635356431356263
66366535656335326335616666316534366232353262336164663562613439623135303262356130 66366535656335326335616666316534366232353262336164663562613439623135303262356130
36316134366366623331393230396132366535356435613563663937376639653339343761306431 36316134366366623331393230396132366535356435613563663937376639653339343761306431
33353331306334336133316234326133663939636430376139376231383966346363303362386265 33353331306334336133316234326133663939636430376139376231383966346363303362386265
32356166363231613962383434333536356138623039663561313137653037663231666666646230 32356166363231613962383434333536356138623039663561313137653037663231666666646230
66323932333031626637616434383737623634353933613861326666313737636133333438656634 66323932333031626637616434383737623634353933613861326666313737636133333438656634
31363461373639366464343836333031313632346465346535303139623038633330356334633866 31363461373639366464343836333031313632346465346535303139623038633330356334633866
61303765353439303966623030303966656465353538323932343536393764616566386261306466 61303765353439303966623030303966656465353538323932343536393764616566386261306466
36343237393333376366303933373139353161376262333739353138666162663339393136303634 36343237393333376366303933373139353161376262333739353138666162663339393136303634
39383433323563666661313631613761343532373736386537626433323631323465623736653165 39383433323563666661313631613761343532373736386537626433323631323465623736653165
35356163356361346438366430636563656531363164306534353865393039643136366634323638 35356163356361346438366430636563656531363164306534353865393039643136366634323638
62656261396635353332376661353661353931663932386465643238343031376235363239303832 62656261396635353332376661353661353931663932386465643238343031376235363239303832
63393437613362623963306364356363396134623739656265326433356134303835356266326465 63393437613362623963306364356363396134623739656265326433356134303835356266326465
64623631353163653438376534316162666330663963363064326161656335383639356164393237 64623631353163653438376534316162666330663963363064326161656335383639356164393237
39346231666362313632363737623139373632376461373362656563616566633265653438393361 39346231666362313632363737623139373632376461373362656563616566633265653438393361
39393734393061653639313365633931373963666635316138663538356265386562373837393530 39393734393061653639313365633931373963666635316138663538356265386562373837393530
6537646639613534666533626339356335396634613765616664 6537646639613534666533626339356335396634613765616664
api_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
65376335393463353232386437613533396261383332653738323764633965393262363239376165
3566666139376135643833343535663130353631326466610a623161633238363338633461383434
63373365613765663830613565313164323938336338616666313365623261663037626132623531
3638653833626532300a656632356563613631633162643464356236396635633237376133323433
37363261376535306161393039396333656430323534616462393366643662306631306339346363
3065303163643732613435323561663035646365383237643464
postgresql_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
64646633623535383761356434643064383736626638333738323363393037393133363130623361
3965323132656263393365366131343732646239316564390a613263386166383438366162303561
63626162656337313034663830626432303437363764653336613338393038393737663238313737
3164323834393165380a393138363265393963613835376331623735303538316162343036306230
63633335343332313861393135366332313061353064306265653631613735336631653438383066
3034323733323333646532613233666333323363643534336233

5
ansible/requirements.yml
View file

@ -1,6 +1,9 @@
- name: apt - name: apt
src: https://github.com/sunscrapers/ansible-role-apt.git src: https://github.com/sunscrapers/ansible-role-apt.git
scm: git scm: git
- name: cloudinit-wait - name: cloudinit_wait
src: https://git.pim.kunis.nl/pim/ansible-role-cloudinit-wait src: https://git.pim.kunis.nl/pim/ansible-role-cloudinit-wait
scm: git scm: git
- name: postgresql_database
src: https://git.pim.kunis.nl/home/ansible-role-postgresql-database
scm: git

29
ansible/roles/nsd/files/nsd.conf
View file

@ -1,29 +0,0 @@
server:
ip-address: ens4
port: 53
server-count: 1
verbosity: 1
hide-version: yes
zonesdir: "/etc/nsd/zones"
ip-transparent: yes
ip-freebind: yes
zone:
name: pim.kunis.nl
zonefile: pim.kunis.nl
zone:
name: pizzapim.nl
zonefile: pizzapim.nl
provide-xfr: 87.253.155.96/27 NOKEY
provide-xfr: 157.97.168.160/27 NOKEY
zone:
name: geokunis2.nl
zonefile: geokunis2.nl
provide-xfr: 87.253.155.96/27 NOKEY
provide-xfr: 157.97.168.160/27 NOKEY
zone:
name: kun.is
zonefile: kun.is

36
ansible/roles/nsd/files/zones/geokunis2.nl
View file

@ -1,36 +0,0 @@
$ORIGIN geokunis2.nl.
$TTL 60
geokunis2.nl. IN SOA ns.geokunis2.nl. niels.kunis.nl. 2023052600 1800 3600 1209600 3600
NS ns.geokunis2.nl.
NS ns0.transip.net.
NS ns1.transip.nl.
NS ns2.transip.eu.
A 84.245.14.149
AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
CAA 0 issue "letsencrypt.org"
jenl IN A 217.123.41.225
wg IN A 84.245.14.149
wg IN AAAA 2a02:58:1:e::1afb
wg4 IN A 84.245.14.149
wg6 IN AAAA 2a02:58:1:e::1afb
kms IN A 84.245.14.149
tuindersweijde IN A 84.245.14.149
files IN A 84.245.14.149
files IN AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
ns A 84.245.14.149
AAAA 2a02:58:19a:f730:c8fe:c0ff:feff:ee07
cyberchef IN A 84.245.14.149
AAAA 2a02:58:19a:f730:c8fe:c0ff:feff:ee03
inbucket IN A 84.245.14.149
; proton shizzle
@ IN TXT "protonmail-verification=e712bb186d5278b3775b413b8851ffc7740e845b"
@ IN TXT "sl-verification=sgrkojlcdgroiyjihxfleicgtpzgcb"
@ IN MX 10 mx1.simplelogin.co.
@ IN MX 20 mx2.simplelogin.co.
@ IN TXT "v=spf1 include:simplelogin.co ~all"
dkim02._domainkey IN CNAME dkim02._domainkey.simplelogin.co.
dkim._domainkey IN CNAME dkim._domainkey.simplelogin.co.
dkim03._domainkey IN CNAME dkim03._domainkey.simplelogin.co.
_dmarc IN TXT "v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=s"

13
ansible/roles/nsd/files/zones/kun.is
View file

@ -1,13 +0,0 @@
$ORIGIN kun.is.
$TTL 60
kun.is. IN SOA ns1.kun.is. pim.kunis.nl. 2023051702 1800 3600 1209600 3600
NS ns1.kun.is.
NS ns2.kun.is.
ns1 A 84.245.14.149
ns2 A 84.245.14.149
pim A 84.245.14.149
* A 84.245.14.149

33
ansible/roles/nsd/files/zones/pim.kunis.nl
View file

@ -1,33 +0,0 @@
$ORIGIN pim.kunis.nl.
$TTL 60
pim.kunis.nl. IN SOA ns.pim.kunis.nl. pim.kunis.nl. 2023052000 1800 3600 1209600 3600
NS ns.pim.kunis.nl.
A 84.245.14.149
# AAAA 2a02:58:19a:f730:b62e:99ff:fe77:1bda
TXT "v=spf1 ~all"
_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;"
www IN A 84.245.14.149
ns IN A 84.245.14.149
IN AAAA 2a02:58:19a:f730:c8fe:c0ff:feff:ee07
social IN CNAME www.pim.kunis.nl.
dav IN CNAME www.pim.kunis.nl.
git IN CNAME www.pim.kunis.nl.
meet IN CNAME www.pim.kunis.nl.
rss IN CNAME www.pim.kunis.nl.
latex IN CNAME www.pim.kunis.nl.
md IN CNAME www.pim.kunis.nl.
swarm IN CNAME www.pim.kunis.nl.
traefik IN CNAME www.pim.kunis.nl.
syncthing IN CNAME www.pim.kunis.nl.
cloud IN CNAME www.pim.kunis.nl.
pihole IN CNAME www.pim.kunis.nl.
ntfy IN CNAME www.pim.kunis.nl.
apprise IN CNAME www.pim.kunis.nl.
uptime IN CNAME www.pim.kunis.nl.
concourse IN CNAME www.pim.kunis.nl.
discourse IN CNAME www.pim.kunis.nl.

18
ansible/roles/nsd/files/zones/pizzapim.nl
View file

@ -1,18 +0,0 @@
$ORIGIN pizzapim.nl.
$TTL 60
pizzapim.nl. IN SOA ns.pizzapim.nl. pim.kunis.nl. 2023050400 1800 3600 1209600 3600
NS ns.pizzapim.nl.
NS ns0.transip.net.
NS ns1.transip.nl.
NS ns2.transip.eu.
A 84.245.14.149
TXT "v=spf1 ~all"
CAA 0 issue "letsencrypt.org"
_dmarc IN TXT "v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;"
social IN A 84.245.14.149
ns IN A 84.245.14.149
AAAA 2a02:58:19a:f730:c8fe:c0ff:feff:ee07

18
ansible/roles/nsd/tasks/main.yml
View file

@ -1,18 +0,0 @@
- name: Install nsd
apt:
name: nsd
- name: Copy nsd.conf
copy:
src: "{{ role_path }}/files/nsd.conf"
dest: /etc/nsd/nsd.conf
register: config
- name: Copy zone directory
copy:
src: "{{ role_path }}/files/zones"
dest: /etc/nsd
register: zones
- name: Enable nsd
systemd:
name: nsd
enabled: true
state: "{{ 'restarted' if config.changed or zones.changed else 'started' }}"

5
ansible/roles/powerdns/api.conf.j2 Normal file
View file

@ -0,0 +1,5 @@
api=yes
api-key={{ api_key }}
webserver-address=0.0.0.0
webserver-port=3000
webserver-allow-from=0.0.0.0/0

5
ansible/roles/powerdns/gpgsql.conf.j2 Normal file
View file

@ -0,0 +1,5 @@
launch=gpgsql
gpgsql-host=thecloud.dmz
gpgsql-dbname=powerdns
gpgsql-user=powerdns
gpgsql-password={{ postgresql_password }}

4
ansible/roles/powerdns/handlers/main.yml Normal file
View file

@ -0,0 +1,4 @@
- name: restart powerdns
systemd:
name: pdns
state: restarted

2
ansible/roles/powerdns/overwrite.conf Normal file
View file

@ -0,0 +1,2 @@
local-address=192.168.30.7, 127.0.0.1, ::
default-soa-content=ns.@ noreply.@ 0 10800 3600 604800 3600

28
ansible/roles/powerdns/tasks/main.yml Normal file
View file

@ -0,0 +1,28 @@
- name: Remove BIND powerdns config
file:
path: /etc/powerdns/pdns.d/bind.conf
state: absent
notify: restart powerdns
- name: Copy postgresql powerdns config
template:
src: gpgsql.conf.j2
dest: /etc/powerdns/pdns.d/gpgsql.conf
notify: restart powerdns
- name: Add API powerdns config
template:
src: api.conf.j2
dest: /etc/powerdns/pdns.d/api.conf
notify: restart powerdns
- name: Overwrite powerdns config
copy:
src: overwrite.conf
dest: /etc/powerdns/pdns.d/overwrite.conf
notify: restart powerdns
- name: Start powerdns
systemd:
name: pdns
state: started

190
terraform/dns/geokunis2_nl.tf Normal file
View file

@ -0,0 +1,190 @@
resource "powerdns_zone" "geokunis2_nl" {
name = "geokunis2.nl."
kind = "Native"
nameservers = ["ns.geokunis2.nl.", "ns0.transip.net.", "ns1.transip.nl.", "ns2.transip.eu."]
soa_edit_api = "DEFAULT"
}
resource "powerdns_record" "geokunis2_nl_a" {
zone = powerdns_zone.geokunis2_nl.name
name = "geokunis2.nl."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}
resource "powerdns_record" "geokunis2_nl_aaaa" {
zone = powerdns_zone.geokunis2_nl.name
name = "geokunis2.nl."
type = "AAAA"
records = ["2a02:58:19a:f730:b62e:99ff:fe77:1bda"]
ttl = 60
}
resource "powerdns_record" "geokunis2_nl_caa" {
zone = powerdns_zone.geokunis2_nl.name
name = "geokunis2.nl."
type = "CAA"
records = ["0 issue \"letsencrypt.org\""]
ttl = 60
}
resource "powerdns_record" "jenl_geokunis2_nl_a" {
zone = powerdns_zone.geokunis2_nl.name
name = "jenl.geokunis2.nl."
type = "A"
records = ["217.123.41.225"]
ttl = 60
}
resource "powerdns_record" "wg_geokunis2_nl_a" {
zone = powerdns_zone.geokunis2_nl.name
name = "wg.geokunis2.nl."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}
resource "powerdns_record" "wg_geokunis2_nl_aaaa" {
zone = powerdns_zone.geokunis2_nl.name
name = "wg.geokunis2.nl."
type = "AAAA"
records = ["2a02:58:1:e::1afb"]
ttl = 60
}
resource "powerdns_record" "wg4_geokunis2_nl_a" {
zone = powerdns_zone.geokunis2_nl.name
name = "wg4.geokunis2.nl."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}
resource "powerdns_record" "wg6_geokunis2_nl_aaaa" {
zone = powerdns_zone.geokunis2_nl.name
name = "wg6.geokunis2.nl."
type = "AAAA"
records = ["2a02:58:1:e::1afb"]
ttl = 60
}
resource "powerdns_record" "tuindersweijde_geokunis2_nl_a" {
zone = powerdns_zone.geokunis2_nl.name
name = "tuindersweijde.geokunis2.nl."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}
resource "powerdns_record" "ns_geokunis2_nl_a" {
zone = powerdns_zone.geokunis2_nl.name
name = "ns.geokunis2.nl."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}
resource "powerdns_record" "ns_geokunis2_nl_aaaa" {
zone = powerdns_zone.geokunis2_nl.name
name = "ns.geokunis2.nl."
type = "AAAA"
records = ["2a02:58:19a:f730:c8fe:c0ff:feff:ee07"]
ttl = 60
}
resource "powerdns_record" "geokunis2_nl_txt" {
zone = powerdns_zone.geokunis2_nl.name
name = "geokunis2.nl."
type = "TXT"
records = ["\"protonmail-verification=e712bb186d5278b3775b413b8851ffc7740e845b\"", "\"sl-verification=sgrkojlcdgroiyjihxfleicgtpzgcb\"", "\"v=spf1 include:simplelogin.co ~all\""]
ttl = 60
}
resource "powerdns_record" "geokunis2_nl_mx" {
zone = powerdns_zone.geokunis2_nl.name
name = "geokunis2.nl."
type = "MX"
records = ["10 mx1.simplelogin.co.", "20 mx2.simplelogin.co."]
ttl = 60
}
resource "powerdns_record" "dkim02__domainkey_geokunis2_nl_cname" {
zone = powerdns_zone.geokunis2_nl.name
name = "dkim02._domainkey.geokunis2.nl."
type = "CNAME"
records = ["dkim02._domainkey.simplelogin.co."]
ttl = 60
}
resource "powerdns_record" "dkim__domainkey_geokunis2_nl_cname" {
zone = powerdns_zone.geokunis2_nl.name
name = "dkim._domainkey.geokunis2.nl."
type = "CNAME"
records = ["dkim._domainkey.simplelogin.co."]
ttl = 60
}
resource "powerdns_record" "dkim03__domainkey_geokunis2_nl_cname" {
zone = powerdns_zone.geokunis2_nl.name
name = "dkim03._domainkey.geokunis2.nl."
type = "CNAME"
records = ["dkim03._domainkey.simplelogin.co."]
ttl = 60
}
resource "powerdns_record" "_dmarc_geokunis2_nl_txt" {
zone = powerdns_zone.geokunis2_nl.name
name = "_dmarc.geokunis2.nl."
type = "TXT"
records = ["\"v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=s\""]
ttl = 60
}
resource "powerdns_record" "files_geokunis2_nl_a" {
zone = powerdns_zone.geokunis2_nl.name
name = "files.geokunis2.nl."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}
resource "powerdns_record" "files_geokunis2_nl_aaaa" {
zone = powerdns_zone.geokunis2_nl.name
name = "files.geokunis2.nl."
type = "AAAA"
records = ["2a02:58:19a:f730:b62e:99ff:fe77:1bda"]
ttl = 60
}
resource "powerdns_record" "cyberchef_geokunis2_nl_a" {
zone = powerdns_zone.geokunis2_nl.name
name = "cyberchef.geokunis2.nl."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}
resource "powerdns_record" "cyberchef_geokunis2_nl_aaaa" {
zone = powerdns_zone.geokunis2_nl.name
name = "cyberchef.geokunis2.nl."
type = "AAAA"
records = ["2a02:58:19a:f730:c8fe:c0ff:feff:ee03"]
ttl = 60
}
resource "powerdns_record" "inbucket_geokunis2_nl_a" {
zone = powerdns_zone.geokunis2_nl.name
name = "inbucket.geokunis2.nl."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}
resource "powerdns_record" "kms_geokunis2_nl_a" {
zone = powerdns_zone.geokunis2_nl.name
name = "kms.geokunis2.nl."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}

38
terraform/dns/kun_is.tf Normal file
View file

@ -0,0 +1,38 @@
resource "powerdns_zone" "kun_is" {
name = "kun.is."
kind = "Native"
nameservers = ["ns1.kun.is.", "ns2.kun.is."]
soa_edit_api = "DEFAULT"
}
resource "powerdns_record" "ns_kun_is_a" {
zone = powerdns_zone.kun_is.name
name = "ns.kun.is."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}
resource "powerdns_record" "ns1_kun_is_a" {
zone = powerdns_zone.kun_is.name
name = "ns1.kun.is."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}
resource "powerdns_record" "ns2_kun_is_a" {
zone = powerdns_zone.kun_is.name
name = "ns2.kun.is."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}
resource "powerdns_record" "wildcard_kun_is_a" {
zone = powerdns_zone.kun_is.name
name = "*.kun.is."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}

22
terraform/dns/main.tf Normal file
View file

@ -0,0 +1,22 @@
terraform {
backend "pg" {
schema_name = "hermes_dns"
conn_str = "postgres://terraform@10.42.0.1/terraform_state"
}
required_providers {
powerdns = {
source = "pan-net/powerdns"
version = "1.5.0"
}
}
}
data "external" "secrets" {
program = ["cat", pathexpand("~/.tfvars.json")]
}
provider "powerdns" {
server_url = "http://hermes.dmz:3000"
api_key = data.external.secrets.result.powerdns_api_key
}

54
terraform/dns/pim_kunis_nl.tf Normal file
View file

@ -0,0 +1,54 @@
resource "powerdns_zone" "pim_kunis_nl" {
name = "pim.kunis.nl."
kind = "Native"
nameservers = ["ns.pim.kunis.nl."]
soa_edit_api = "DEFAULT"
}
resource "powerdns_record" "pim_kunis_nl_a" {
zone = powerdns_zone.pim_kunis_nl.name
name = "pim.kunis.nl."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}
resource "powerdns_record" "pim_kunis_nl_txt" {
zone = powerdns_zone.pim_kunis_nl.name
name = "pim.kunis.nl."
type = "TXT"
records = ["\"v=spf1 ~all\""]
ttl = 60
}
resource "powerdns_record" "_dmarc_pim_kunis_nl_txt" {
zone = powerdns_zone.pim_kunis_nl.name
name = "_dmarc.pim.kunis.nl."
type = "TXT"
records = ["\"v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;\""]
ttl = 60
}
resource "powerdns_record" "ns_pim_kunis_nl_a" {
zone = powerdns_zone.pim_kunis_nl.name
name = "ns.pim.kunis.nl."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}
resource "powerdns_record" "ns_pim_kunis_nl_aaaa" {
zone = powerdns_zone.pim_kunis_nl.name
name = "ns.pim.kunis.nl."
type = "AAAA"
records = ["2a02:58:19a:f730:c8fe:c0ff:feff:ee07"]
ttl = 60
}
resource "powerdns_record" "wildcard_pim_kunis_nl_a" {
zone = powerdns_zone.pim_kunis_nl.name
name = "*.pim.kunis.nl."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}

62
terraform/dns/pizzapim_nl.tf Normal file
View file

@ -0,0 +1,62 @@
resource "powerdns_zone" "pizzapim_nl" {
name = "pizzapim.nl."
kind = "Native"
nameservers = ["ns.pizzapim.nl.", "ns0.transip.net.", "ns1.transip.nl.", "ns2.transip.eu."]
soa_edit_api = "DEFAULT"
}
resource "powerdns_record" "pizzapim_nl_a" {
zone = powerdns_zone.pizzapim_nl.name
name = "pizzapim.nl."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}
resource "powerdns_record" "pizzapim_nl_txt" {
zone = powerdns_zone.pizzapim_nl.name
name = "pizzapim.nl."
type = "TXT"
records = ["\"v=spf1 ~all\""]
ttl = 60
}
resource "powerdns_record" "pizzapim_nl_caa" {
zone = powerdns_zone.pizzapim_nl.name
name = "pizzapim.nl."
type = "CAA"
records = ["0 issue \"letsencrypt.org\""]
ttl = 60
}
resource "powerdns_record" "_dmarc_pizzapim_nl_txt" {
zone = powerdns_zone.pizzapim_nl.name
name = "_dmarc.pizzapim.nl."
type = "TXT"
records = ["\"v=DMARC1; p=reject; aspf=s; adkim=s; rua=mailto:wpux1bq8@ag.eu.dmarcian.com;\""]
ttl = 60
}
resource "powerdns_record" "ns_pizzapim_nl_a" {
zone = powerdns_zone.pizzapim_nl.name
name = "ns.pizzapim.nl."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}
resource "powerdns_record" "ns_pizzapim_nl_aaaa" {
zone = powerdns_zone.pizzapim_nl.name
name = "ns.pizzapim.nl."
type = "AAAA"
records = ["2a02:58:19a:f730:c8fe:c0ff:feff:ee07"]
ttl = 60
}
resource "powerdns_record" "social_pizzapim_nl_a" {
zone = powerdns_zone.pizzapim_nl.name
name = "social.pizzapim.nl."
type = "A"
records = ["84.245.14.149"]
ttl = 60
}