fixes for tf and mail

2026-02-09 04:19:19 -08:00 · 2025-12-04 02:44:38 -08:00 · 2025-12-04 02:44:38 -08:00 · 4c6f2aa34a
commit 4c6f2aa34a
parent cf9ec64e69
9 changed files with 145 additions and 35 deletions
--- a/tf/gmail.tf
+++ b/tf/gmail.tf
@ -13,13 +13,14 @@ module "inskip-gmail" {
  zone_name          = local.zones.inskip
  dkim               = local.dkims.inskip
 }
-/*module "dork-gmail" {
+module "dork-gmail" {
+  enable             = false
  source             = "./gmail_dns"
  cloudflare_api_key = var.cloudflare_api_key
  zone_id            = local.zone_ids.dork
  zone_name          = local.zones.dork
  dkim               = local.dkims.dork
-}*/
+}
 module "kittywitch-gmail" {
  source             = "./gmail_dns"
  cloudflare_api_key = var.cloudflare_api_key
--- a/tf/gmail_dns/main.tf
+++ b/tf/gmail_dns/main.tf
@ -1,4 +1,5 @@
 resource "cloudflare_record" "gmail_mx_1_aspmx" {
+  count    = var.enable ? 1 : 0
  name     = var.zone_name
  priority = 1
  proxied  = false
@ -9,6 +10,7 @@ resource "cloudflare_record" "gmail_mx_1_aspmx" {
 }

 resource "cloudflare_record" "gmail_mx_5_alt1" {
+  count    = var.enable ? 1 : 0
  name     = var.zone_name
  priority = 5
  proxied  = false
@ -19,6 +21,7 @@ resource "cloudflare_record" "gmail_mx_5_alt1" {
 }

 resource "cloudflare_record" "gmail_mx_5_alt2" {
+  count    = var.enable ? 1 : 0
  name     = var.zone_name
  priority = 5
  proxied  = false
@ -29,6 +32,7 @@ resource "cloudflare_record" "gmail_mx_5_alt2" {
 }

 resource "cloudflare_record" "gmail_mx_10_alt3" {
+  count    = var.enable ? 1 : 0
  name     = var.zone_name
  priority = 10
  proxied  = false
@ -38,6 +42,7 @@ resource "cloudflare_record" "gmail_mx_10_alt3" {
  zone_id  = var.zone_id
 }
 resource "cloudflare_record" "gmail_mx_10_alt4" {
+  count    = var.enable ? 1 : 0
  name     = var.zone_name
  priority = 10
  proxied  = false
@ -48,6 +53,7 @@ resource "cloudflare_record" "gmail_mx_10_alt4" {
 }

 resource "cloudflare_record" "gmail_dkim" {
+  count   = var.enable ? 1 : 0
  name    = "google._domainkey"
  proxied = false
  ttl     = 3600
@ -57,10 +63,11 @@ resource "cloudflare_record" "gmail_dkim" {
 }

 resource "cloudflare_record" "gmail_spf" {
+  count   = var.enable ? 1 : 0
  name    = var.zone_name
  proxied = false
  ttl     = 3600
  type    = "TXT"
  value   = "v=spf1 include:_spf.google.com -all"
  zone_id = var.zone_id
-}
+}
--- a/tf/gmail_dns/variables.tf
+++ b/tf/gmail_dns/variables.tf
@ -11,4 +11,9 @@ variable "dkim" {

 variable "zone_name" {
  type = string
-}
+}
+
+variable "enable" {
+  type    = bool
+  default = true
+}
--- a/tf/services.tf
+++ b/tf/services.tf
@ -88,6 +88,15 @@ resource "cloudflare_record" "music" {
  zone_id = local.zone_ids.kittywitch
 }

+resource "cloudflare_record" "webmail" {
+  name    = "webmail"
+  proxied = false
+  ttl     = 3600
+  type    = "CNAME"
+  value   = "rinnosukeinskip.me"
+  zone_id = local.zone_ids.kittywitch
+}
+
 resource "cloudflare_record" "dork_mail_mx" {
  name     = "@"
  proxied  = false
@ -107,4 +116,86 @@ resource "cloudflare_record" "dork_mail_spf" {
  zone_id = local.zone_ids.dork
 }

+resource "cloudflare_record" "dork_mail_dkim" {
+  name    = "rinnosuke._domainkey"
+  proxied = false
+  ttl     = 10800
+  type    = "TXT"
+  value   = "v=DKIM1; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfSxe5JNdrSyHoPuESnOles7KxP5NtHD60YZ7SXLANNkEb8/tSHmg4nGqLhqKrA7+gcrurjowibDYs4hAM/ozkMNch53n2ZVKRl1ExMSRAPlGl5ZNCGGYVuRQlTMGvek2tIp3GbxafGF6QWSG1sA63fI9pxGosf/qc3wX5gtHxmKB9jn1Q6d9SDuJN72StIRjl81zaJFQJswvKx5keNvbW9oOP/xBVFPbnNZq52f/MsIpo4R33Vk0CrFvj5lnEKh5t6Bx1XUpJnkzQE934h+x1B+ypLkAPpLw4VnbDBMNc/ZkGbfJuM9YsasoEYgeoAtWKkyJV2WKZfppo1pUtR7swIDAQAB"
+  zone_id = local.zone_ids.dork
+}

+resource "cloudflare_record" "dork_mail_dmarc" {
+  name    = "_dmarc"
+  proxied = false
+  ttl     = 10800
+  type    = "TXT"
+  value   = "v=DMARC1; p=none"
+  zone_id = local.zone_ids.dork
+}
+
+resource "cloudflare_record" "dork_mail_submission_autodiscover" {
+  name    = "_submission._tcp"
+  proxied = false
+  ttl     = 3600
+  type    = "SRV"
+
+  data {
+    service  = "_submissions"
+    proto    = "_tcp"
+    priority = 5
+    weight   = 0
+    port     = 587
+    target   = "rinnosuke.inskip.me"
+  }
+  zone_id = local.zone_ids.dork
+}
+resource "cloudflare_record" "dork_mail_submissions_autodiscover" {
+  name    = "_submissions._tcp"
+  proxied = false
+  ttl     = 3600
+  type    = "SRV"
+
+  data {
+    service  = "_submissions"
+    proto    = "_tcp"
+    priority = 5
+    weight   = 0
+    port     = 465
+    target   = "rinnosuke.inskip.me"
+  }
+  zone_id = local.zone_ids.dork
+}
+
+resource "cloudflare_record" "dork_mail_imap_autodiscover" {
+  name    = "_imap._tcp"
+  proxied = false
+  ttl     = 3600
+  type    = "SRV"
+
+  data {
+    service  = "_imap"
+    proto    = "_tcp"
+    priority = 5
+    weight   = 0
+    port     = 143
+    target   = "rinnosuke.inskip.me"
+  }
+  zone_id = local.zone_ids.dork
+}
+resource "cloudflare_record" "dork_mail_imaps_autodiscover" {
+  name    = "_imaps._tcp"
+  proxied = false
+  ttl     = 3600
+  type    = "SRV"
+
+  data {
+    service  = "_imaps"
+    proto    = "_tcp"
+    priority = 5
+    weight   = 0
+    port     = 993
+    target   = "rinnosuke.inskip.me"
+  }
+  zone_id = local.zone_ids.dork
+}
--- a/tf/terraform.tfstate
+++ b/tf/terraform.tfstate