[TERRAFORM] Terraform to TF subdirectory

tf/cloudflare-zones.tf

@@ -0,0 +1,46 @@
+locals {
+  account_id = "0467b993b65d8fd4a53fe24ed2fbb2a1"
+  zones = {
+    dork = "dork.dev"
+    gensokyo = "gensokyo.zone"
+    inskip = "inskip.me"
+    kittywitch = "kittywit.ch"
+  }
+  zone_ids = {
+    dork = cloudflare_zone.dork_zone.id
+    gensokyo = cloudflare_zone.gensokyo_zone.id
+    inskip = cloudflare_zone.inskip_zone.id
+    kittywitch = cloudflare_zone.kittywitch_zone.id
+  }
+}
+resource "cloudflare_zone" "dork_zone" {
+  account_id = local.account_id
+  paused     = false
+  plan       = "free"
+  type       = "full"
+  zone       = local.zones.dork
+}
+
+resource "cloudflare_zone" "gensokyo_zone" {
+  account_id = local.account_id
+  paused     = false
+  plan       = "free"
+  type       = "full"
+  zone       = local.zones.gensokyo
+}
+
+resource "cloudflare_zone" "inskip_zone" {
+  account_id = local.account_id
+  paused     = false
+  plan       = "free"
+  type       = "full"
+  zone       = local.zones.inskip
+}
+
+resource "cloudflare_zone" "kittywitch_zone" {
+  account_id = local.account_id
+  paused     = false
+  plan       = "free"
+  type       = "full"
+  zone       = local.zones.kittywitch
+}

tf/cloudflare.tf

@@ -0,0 +1,8 @@
+variable "cloudflare_api_key" {
+	sensitive = true
+}
+
+provider "cloudflare" {
+    email = "kat@inskip.me"
+    api_key = var.cloudflare_api_key
+}

tf/gensokyo.tf

@@ -0,0 +1,65 @@
+variable "cloudflare_apartment_tunnel" {
+    sensitive = true
+}
+
+resource "cloudflare_tunnel" "gensokyo_apartment_tunnel" {
+  account_id = local.account_id
+  name       = "Apartment"
+  secret     = var.cloudflare_apartment_tunnel
+  config_src = "local"
+}
+
+resource "cloudflare_record" "gensokyo_root" {
+  name    = local.zones.gensokyo
+  proxied = true
+  ttl     = 1
+  type    = "CNAME"
+  value   = cloudflare_tunnel.gensokyo_apartment_tunnel.cname
+  zone_id = local.zone_ids.gensokyo
+}
+
+resource "cloudflare_record" "gensokyo_home" {
+  name    = "home"
+  proxied = true
+  ttl     = 1
+  type    = "CNAME"
+  value   = cloudflare_tunnel.gensokyo_apartment_tunnel.cname
+  zone_id = local.zone_ids.gensokyo
+}
+
+resource "cloudflare_record" "gensokyo_id" {
+  name    = "id"
+  proxied = true
+  ttl     = 1
+  type    = "CNAME"
+  value   = cloudflare_tunnel.gensokyo_apartment_tunnel.cname
+  zone_id = local.zone_ids.gensokyo
+}
+
+resource "cloudflare_record" "gensokyo_login" {
+  name    = "login"
+  proxied = true
+  ttl     = 1
+  type    = "CNAME"
+  value   = cloudflare_tunnel.gensokyo_apartment_tunnel.cname
+  zone_id = local.zone_ids.gensokyo
+}
+
+resource "cloudflare_record" "gensokyo_warez" {
+  name    = "warez"
+  proxied = true
+  ttl     = 1
+  type    = "CNAME"
+  value   = cloudflare_tunnel.gensokyo_apartment_tunnel.cname
+  zone_id = local.zone_ids.gensokyo
+}
+
+resource "cloudflare_record" "gensokyo_z2m" {
+  name    = "z2m"
+  proxied = true
+  ttl     = 1
+  type    = "CNAME"
+  value   = cloudflare_tunnel.gensokyo_apartment_tunnel.cname
+  zone_id = local.zone_ids.gensokyo
+}
+

tf/gmail-dns/cf-provider.tf

@@ -0,0 +1,13 @@
+terraform {
+    required_providers {
+        cloudflare = {
+        source = "cloudflare/cloudflare"
+        version = "4.4.0"
+        }
+    }
+}
+
+provider "cloudflare" {
+    email = "kat@inskip.me"
+    api_key = var.cloudflare_api_key
+}

tf/gmail-dns/main.tf

@@ -0,0 +1,66 @@
+resource "cloudflare_record" "gmail_mx_1_aspmx" {
+  name    = var.zone_name
+  priority = 1
+  proxied  = false
+  ttl      = 3600
+  type     = "MX"
+  value    = "aspmx.l.google.com"
+  zone_id  = var.zone_id
+}
+
+resource "cloudflare_record" "gmail_mx_5_alt1" {
+  name    = var.zone_name
+  priority = 5
+  proxied  = false
+  ttl      = 3600
+  type     = "MX"
+  value    = "alt1.aspmx.l.google.com"
+  zone_id  = var.zone_id
+}
+
+resource "cloudflare_record" "gmail_mx_5_alt2" {
+  name    = var.zone_name
+  priority = 5
+  proxied  = false
+  ttl      = 3600
+  type     = "MX"
+  value    = "alt2.aspmx.l.google.com"
+  zone_id  = var.zone_id
+}
+
+resource "cloudflare_record" "gmail_mx_10_alt3" {
+  name    = var.zone_name
+  priority = 10
+  proxied  = false
+  ttl      = 3600
+  type     = "MX"
+  value    = "alt3.aspmx.l.google.com"
+  zone_id  = var.zone_id
+}
+resource "cloudflare_record" "gmail_mx_10_alt4" {
+  name    = var.zone_name
+  priority = 10
+  proxied  = false
+  ttl      = 3600
+  type     = "MX"
+  value    = "alt4.aspmx.l.google.com"
+  zone_id  = var.zone_id
+}
+
+resource "cloudflare_record" "gmail_dkim" {
+  name    = "google._domainkey"
+  proxied = false
+  ttl     = 3600
+  type    = "TXT"
+  value   = var.dkim
+  zone_id  = var.zone_id
+}
+
+resource "cloudflare_record" "gmail_spf" {
+  name    = var.zone_name
+  proxied = false
+  ttl     = 3600
+  type    = "TXT"
+  value   = "v=spf1 include:_spf.google.com -all"
+  zone_id  = var.zone_id
+}

tf/gmail-dns/variables.tf

@@ -0,0 +1,14 @@
+variable "cloudflare_api_key" {
+	sensitive = true
+}
+variable "zone_id" {
+    type = string
+}
+
+variable "dkim" {
+    type = string
+}
+
+variable "zone_name" {
+    type = string
+}

tf/gmail.tf

@@ -0,0 +1,29 @@
+locals {
+    dkims = {
+        inskip = "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxag/EmXQ89XQmLrBDPpPtZ7EtEJT0hgvWf/+AFiOfBOm902tq9NbTTvRJ2dLeBLPaV+hNvq2Alc7UfkKUDlLTWQjeuiC6aOnRKQQg3LZ2W25U3AlIj0jd2IPiUhg9JGV4c66XiqQ5ylTBniShfUUyeAXxbPhYFBCkBg62LZcO/tFpFsdKWtZzLjgac5vTJID+M4F8duHpkA/ZCNNUEmtt7RNQB/LLI1Gr5yR4GdQl9z7NmwtOTo9pghbZuvljr8phYjdDrwZeFTMKQnvR1l2Eh/dZ8I0C4nP5Bk4QEfmLq666P1HzOxwT6iCU6Tc+P/pkWbrx0HJh39E1aKGyLJMQIDAQAB"
+        dork = "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAziwoHJbM1rmeUiIXOgg0cujTL5BFW9PQOksUhKza1XpDP2rpzTlQr21NFYMJMc08xiE3AbvScMTX0jX3gc7+XoIYLD1VigRRvkyTubVfRmatqj+Pk41Fle1jWXHv5vNIYjjcsUTrpnrXYKoYrz34TtsmYHnu0G9MgmmcQGmbRU+WY+1R/ukhavlgXasfEW6r4tjLgVxQnser1Zjr80AUcu23od/+o+m6C9rDGMMnv6NIc2DOT7Ei6o60458f2Iwcpg38te22dy46A8AeGynbpB9+jF33Se0m22eKk5qZN5mfju/wxWMsl7ifCY/eqLZXRxJaEd5bMI8px5KvZp1TWwIDAQAB"
+        kittywitch = "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdmyA2+/si8UV3bodFZhtv5y68QnYr/kk9wnDHnk3JfJKusbrctXfETVu/9GXQ/U8tRquesF7aXKYHM/K3O6H58gAgIFm8JVnr9EUFh5PWBTKJxHgDo/6pprhpdAJg8k4f4p5yvqE0nUI6TC0UpN+ZmQMimgxvGGwQ6mpl7qmc7JxmTOiJbO1yz6eokU27S0NHfpdiE3TGG93i2r/LwAnHuhT/4weGO+vcXwKRTFGFFjvMo0XgjL2JnP01nk6dpDFwkkt5I26J4DkuNMkLefgDiGOoxDmG5EgPu0YwAm7Vk2/kX0W6rLe16lHGDkB0/atQ/IB9uch31GQrLP9etmdwIDAQAB"
+    }
+}
+
+module "inskip-gmail" {
+    source = "./gmail-dns"
+    cloudflare_api_key = var.cloudflare_api_key
+    zone_id = local.zone_ids.inskip
+    zone_name = local.zones.inskip
+    dkim = local.dkims.inskip
+}
+module "dork-gmail" {
+    source = "./gmail-dns"
+    cloudflare_api_key = var.cloudflare_api_key
+    zone_id = local.zone_ids.dork
+    zone_name = local.zones.dork
+    dkim = local.dkims.dork
+}
+module "kittywitch-gmail" {
+    source = "./gmail-dns"
+    cloudflare_api_key = var.cloudflare_api_key
+    zone_id = local.zone_ids.kittywitch
+    zone_name = local.zones.kittywitch
+    dkim = local.dkims.kittywitch
+}

tf/hcloud-network.tf

@@ -0,0 +1,11 @@
+resource "hcloud_network" "network" {
+  name     = "network-17a07f9"
+  ip_range = "10.0.0.0/16"
+}
+
+resource "hcloud_network_subnet" "subnet" {
+    network_id = hcloud_network.network.id
+    type = "cloud"
+    network_zone = "us-west"
+    ip_range = "10.0.1.0/24"
+}

tf/hcloud.tf

@@ -0,0 +1,7 @@
+variable "hcloud_token" {
+    sensitive = true
+}
+
+provider "hcloud" {
+    token = var.hcloud_token
+}

tf/inskip-pages.tf

@@ -0,0 +1,43 @@
+resource "cloudflare_pages_project" "inskip_root" {
+  account_id = local.account_id
+  name = "inskip-root"
+  production_branch = "main"
+
+  source {
+    type = "github"
+    config {
+        owner = "kittywitch"
+        repo_name = "inskip.me"
+        production_branch = "main"
+        deployments_enabled = true
+        pr_comments_enabled = false
+        production_deployment_enabled = true
+    }
+  }
+  build_config {
+    build_command = "hugo"
+    destination_dir = "public"
+    root_dir = "/"
+  }
+  lifecycle {
+    ignore_changes = [
+      deployment_configs,
+      source
+    ]
+  }
+}
+
+resource "cloudflare_pages_domain" "inskip_root" {
+    account_id = local.account_id
+    project_name = "inskip-root"
+    domain = local.zones.inskip
+}
+
+resource "cloudflare_record" "inskip_root_pages" {
+  name    = local.zones.inskip
+  proxied = false
+  ttl     = 3600
+  type    = "CNAME"
+  value   = "${cloudflare_pages_project.inskip_root.name}.pages.dev"
+  zone_id = local.zone_ids.inskip
+}

tf/kw-bluesky.tf

@@ -0,0 +1,8 @@
+resource "cloudflare_record" "bluesky_did" {
+  name    = "_atproto"
+  proxied = false
+  ttl     = 1
+  type    = "TXT"
+  value   = "did=did:plc:4rkjqsakfq3chmepfcd3al6e"
+  zone_id = local.zone_ids.kittywitch
+}

tf/kw-pages.tf

@@ -0,0 +1,39 @@
+resource "cloudflare_pages_project" "kittywitch" {
+  account_id = local.account_id
+  name = "kittywitch"
+  production_branch = "main"
+
+  source {
+    type = "github"
+    config {
+        owner = "kittywitch"
+        repo_name = "kittywit.ch"
+        production_branch = "main"
+        deployments_enabled = true
+        pr_comments_enabled = false
+        production_deployment_enabled = true
+
+    }
+  }
+  lifecycle {
+    ignore_changes = [
+      deployment_configs,
+      source
+    ]
+  }
+}
+
+resource "cloudflare_pages_domain" "kittywitch_root" {
+    account_id = local.account_id
+    project_name = "kittywitch"
+    domain = local.zones.kittywitch
+}
+
+resource "cloudflare_record" "kittywitch_root_pages" {
+  name    = local.zones.kittywitch
+  proxied = false
+  ttl     = 3600
+  type    = "CNAME"
+  value   = "${cloudflare_pages_project.kittywitch.name}.pages.dev"
+  zone_id = local.zone_ids.kittywitch
+}

tf/kw-vaultwarden.tf

@@ -0,0 +1,8 @@
+resource "cloudflare_record" "vaultwarden" {
+  name    = "vault"
+  proxied = false
+  ttl     = 3600
+  type    = "CNAME"
+  value   = "yukari.gensokyo.zone"
+  zone_id = local.zone_ids.kittywitch
+}

tf/outputs.tf

@@ -0,0 +1,7 @@
+output  "apartment_cloudflare_tunnel_id" {
+    value = cloudflare_tunnel.gensokyo_apartment_tunnel.id
+}
+output  "apartment_cloudflare_tunnel_token" {
+    value = cloudflare_tunnel.gensokyo_apartment_tunnel.tunnel_token
+    sensitive = true
+}

tf/tailscale-dns-interface.tf

@@ -0,0 +1,26 @@
+data "tailscale_devices" "tailnet" {
+}
+
+locals {
+    tailscale_devices = data.tailscale_devices.tailnet.devices
+}
+
+resource "cloudflare_record" "tailscale_device_v4_record" {
+  for_each = { for device_name, device in local.tailscale_devices : split(".", device.name)[0] => device.addresses[0] if device.user == "kat@inskip.me" }
+  name    = each.key
+  proxied = false
+  ttl     = 3600
+  type    = "A"
+  value   = each.value
+  zone_id = local.zone_ids.inskip
+}
+
+resource "cloudflare_record" "tailscale_device_v6_record" {
+  for_each = { for device_name, device in local.tailscale_devices : split(".", device.name)[0] => device.addresses[1] if device.user == "kat@inskip.me" }
+  name    = each.key
+  proxied = false
+  ttl     = 3600
+  type    = "AAAA"
+  value   = each.value
+  zone_id = local.zone_ids.inskip
+}

tf/tailscale.tf

@@ -0,0 +1,12 @@
+variable "tailscale_api_key" {
+    sensitive = true
+}
+
+variable "tailnet" {
+    sensitive = false
+}
+
+provider "tailscale" {
+    api_key = var.tailscale_api_key
+    tailnet = var.tailnet
+}

tf/terraform.tf

@@ -0,0 +1,26 @@
+terraform {
+  required_providers {
+    hcloud = {
+      source = "hetznercloud/hcloud"
+      version = "1.38.2"
+    }
+    tailscale = {
+      source = "tailscale/tailscale"
+      version = "0.13.7"
+    }
+    cloudflare = {
+      source = "cloudflare/cloudflare"
+      version = "4.4.0"
+    }
+  }
+
+  cloud {
+    organization = "kittywitch"
+    ## Required for Terraform Enterprise; Defaults to app.terraform.io for Terraform Cloud
+    hostname = "app.terraform.io"
+
+    workspaces {
+      name = "kittywitch"
+    }
+  }
+}

tf/yukari-cf.tf

@@ -0,0 +1,17 @@
+resource "cloudflare_record" "terraform_managed_resource_4078b739fc60f37d90a25448e08b6616" {
+	name    = "yukari"
+	proxied = false
+	ttl     = 3600
+	type    = "A"
+	value   = hcloud_server.yukari.ipv4_address
+	zone_id = local.zone_ids.gensokyo
+}
+
+resource "cloudflare_record" "terraform_managed_resource_1206b053e895e4f6a9d1b3b4856db871" {
+	name    = "yukari"
+	proxied = false
+	ttl     = 3600
+	type    = "AAAA"
+	value   = hcloud_server.yukari.ipv6_address
+	zone_id = local.zone_ids.gensokyo
+}

tf/yukari-hcloud.tf

@@ -0,0 +1,50 @@
+resource "hcloud_primary_ip" "ipv4" {
+	auto_delete = false
+	name = "yukari-v4-aef50a7"
+	datacenter = "hil-dc1"
+	type = "ipv4"
+	assignee_type = "server"
+}
+
+
+resource "hcloud_primary_ip" "ipv6" {
+	auto_delete = false
+	name = "yukari-v6-66a4b55"
+	datacenter = "hil-dc1"
+	type = "ipv6"
+	assignee_type = "server"
+}
+resource "hcloud_server" "yukari" {
+    name = "yukari"
+    server_type = "cpx21"
+    keep_disk = true
+    allow_deprecated_images = false
+    image = "ubuntu-22.04"
+    datacenter = "hil-dc1"
+    public_net {
+        ipv4_enabled = true
+        ipv4 = hcloud_primary_ip.ipv4.id
+        ipv6_enabled = true
+        ipv6 = hcloud_primary_ip.ipv6.id
+    }
+
+    lifecycle {
+        ignore_changes = [
+            user_data,
+            public_net
+        ]
+    }
+}
+
+
+resource "hcloud_rdns" "yukari-v4" {
+    server_id  = hcloud_server.yukari.id
+    ip_address = hcloud_server.yukari.ipv4_address
+    dns_ptr    = "yukari.gensokyo.zone"
+}
+
+resource "hcloud_rdns" "yukari-v6" {
+    server_id  = hcloud_server.yukari.id
+    ip_address = hcloud_server.yukari.ipv6_address
+    dns_ptr    = "yukari.gensokyo.zone"
+}