Skip to content

Commit

Permalink
feat: add improvmx domain alias
Browse files Browse the repository at this point in the history
  • Loading branch information
@sp3nx0r
sp3nx0r committed Sep 22, 2024
1 parent aeca1c7 commit 74d4b3b
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 19 deletions.
2 changes: 1 addition & 1 deletion terraform/cloudflare/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ terraform {
endpoints = {
s3 = "https://s3.securimancy.com"
}
key = "cloudflare.tfstate"
key = "cloudflare.tfstate"

region = "main"
skip_requesting_account_id = true # Skip AWS related checks and validations
Expand Down
50 changes: 37 additions & 13 deletions terraform/cloudflare/records.tf
View file
Original file line number Diff line number Diff line change
@@ -1,63 +1,87 @@
resource "cloudflare_record" "keybase_proof" {
name = "securimancy.com"
zone_id = lookup(data.cloudflare_zones.domain.zones[0], "id")
value = data.sops_file.cloudflare_secrets.data["cloudflare_keybase_verification"]
content = data.sops_file.cloudflare_secrets.data["cloudflare_keybase_verification"]
type = "TXT"
ttl = 1
}

resource "cloudflare_record" "email_security_spf" {
name = "securimancy.com"
zone_id = lookup(data.cloudflare_zones.domain.zones[0], "id")
value = "v=spf1 -all"
content = "v=spf1 include:spf.improvmx.com ~all"
type = "TXT"
ttl = 1
}

resource "cloudflare_record" "email_security_dkim" {
name = "*._domainkey"
zone_id = lookup(data.cloudflare_zones.domain.zones[0], "id")
value = "v=DKIM1; p="
type = "TXT"
ttl = 1
import {
to = cloudflare_record.improvmx_1
id = "4544485b6794e04ffda8d171c4b85fbc/29eea6bcfee76ed25a33329b08b7a2b6"
}
resource "cloudflare_record" "improvmx_1" {
name = "securimancy.com"
zone_id = lookup(data.cloudflare_zones.domain.zones[0], "id")
type = "MX"
ttl = 1
content = "mx1.improvmx.com"
priority = 10
allow_overwrite = false
}

resource "cloudflare_record" "improvmx_2" {
name = "securimancy.com"
zone_id = lookup(data.cloudflare_zones.domain.zones[0], "id")
type = "MX"
ttl = 1
content = "mx2.improvmx.com"
priority = 20
}

# ImprovMX only supports DKIM records on paid plans
# resource "cloudflare_record" "email_security_dkim" {
# name = "*._domainkey"
# zone_id = lookup(data.cloudflare_zones.domain.zones[0], "id")
# content = "v=DKIM1; p="
# type = "TXT"
# ttl = 1
# }

resource "cloudflare_record" "email_security_dmarc" {
name = "_dmarc"
zone_id = lookup(data.cloudflare_zones.domain.zones[0], "id")
value = "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;"
content = "v=DMARC1; p=none; sp=reject; adkim=r; aspf=s;"
type = "TXT"
ttl = 1
}

resource "cloudflare_record" "sendgrid_redirect" {
name = "em7278.securimancy.com"
zone_id = lookup(data.cloudflare_zones.domain.zones[0], "id")
value = "u24729611.wl112.sendgrid.net"
content = "u24729611.wl112.sendgrid.net"
type = "CNAME"
ttl = 1
}

resource "cloudflare_record" "sendgrid_domainkey_1" {
name = "s1._domainkey.securimancy.com"
zone_id = lookup(data.cloudflare_zones.domain.zones[0], "id")
value = "s1.domainkey.u24729611.wl112.sendgrid.net"
content = "s1.domainkey.u24729611.wl112.sendgrid.net"
type = "CNAME"
ttl = 1
}

resource "cloudflare_record" "sendgrid_domainkey_2" {
name = "s2._domainkey.securimancy.com"
zone_id = lookup(data.cloudflare_zones.domain.zones[0], "id")
value = "s2.domainkey.u24729611.wl112.sendgrid.net"
content = "s2.domainkey.u24729611.wl112.sendgrid.net"
type = "CNAME"
ttl = 1
}

resource "cloudflare_record" "bluesky" {
name = "_atproto"
zone_id = lookup(data.cloudflare_zones.domain.zones[0], "id")
value = "did=did:plc:6quh2ha5tx62idt72tdtms3e"
content = "did=did:plc:6quh2ha5tx62idt72tdtms3e"
type = "TXT"
ttl = 1
}
5 changes: 0 additions & 5 deletions terraform/cloudflare/zone.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,6 @@ resource "cloudflare_zone_settings_override" "cloudflare_settings" {
security_level = "medium"
# /speed/optimization
brotli = "on"
minify {
css = "on"
js = "on"
html = "on"
}
rocket_loader = "on"
# /caching/configuration
always_online = "off"
Expand Down

0 comments on commit 74d4b3b

Please sign in to comment.