diff --git a/tf/io_6f.tf b/tf/io_6f.tf index 034693e8b..a5a47d6b6 100644 --- a/tf/io_6f.tf +++ b/tf/io_6f.tf @@ -33,33 +33,6 @@ resource "cloudflare_record" "terraform_managed_resource_6e857bdca1445a64f3c51bb zone_id = "897af3a08a43f0b90fc93479c2b8ef41" } -resource "cloudflare_record" "terraform_managed_resource_d4603ee3dc9485a7575eb40b3711c016" { - name = "fm1._domainkey" - proxied = false - ttl = 1 - type = "CNAME" - value = "fm1.6f.io.dkim.fmhosted.com" - zone_id = "897af3a08a43f0b90fc93479c2b8ef41" -} - -resource "cloudflare_record" "terraform_managed_resource_57c23353922764ea967d7d15613aa166" { - name = "fm2._domainkey" - proxied = false - ttl = 1 - type = "CNAME" - value = "fm2.6f.io.dkim.fmhosted.com" - zone_id = "897af3a08a43f0b90fc93479c2b8ef41" -} - -resource "cloudflare_record" "terraform_managed_resource_38fb6498048e4298798cae0e158e81ef" { - name = "fm3._domainkey" - proxied = false - ttl = 1 - type = "CNAME" - value = "fm3.6f.io.dkim.fmhosted.com" - zone_id = "897af3a08a43f0b90fc93479c2b8ef41" -} - resource "cloudflare_record" "terraform_managed_resource_c7c7aac067224716e99e76df79f93d93" { name = "k2" proxied = false @@ -114,7 +87,41 @@ resource "cloudflare_record" "terraform_managed_resource_66997b850ba0f52317fd67e zone_id = "897af3a08a43f0b90fc93479c2b8ef41" } -resource "cloudflare_record" "terraform_managed_resource_cc96197e58585c64ea10efb0d7332fa6" { +resource "cloudflare_record" "terraform_managed_resource_84bc001ab67b45685c199d3e624adcdb" { + name = "google._domainkey" + proxied = false + ttl = 1 + type = "TXT" + value = "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1gK6OrYk7W+Qu+kWIQRyRlyFTHBuzZqVe0tTgIkg27ngR6LNiiecO5AKxYwc39c+KcQm7bL9qWz/K0CTWkfbdy74grzfd33Ezb+0cQjWyJrh8M7eEVdMRD4w1FxI+ZQvMeyPQo3hdGHi7NVqlV9xd9RwoEeq7bUFRNZ3Uqh82VwgwrCRPt6VQw4E04/fCLYGzqGzkhyJN14Y63yERDyS7kPtFVoZWbsoMZhv5GTcikXkfBBo/irMvZqS+zrzR75DyyWAfWOwHxJ8TPGVWzrtOBtuItHSayT8tNKxv1vWJshSkpuoRs0g8ZXXc3PbGkB6KiSoa8lHoYAJgvLXdM5fQIDAQAB" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" +} + + +# Fastmail +# +# https://www.fastmail.help/hc/en-us/articles/360060591153-Manual-DNS-configuration + +moved { + from = cloudflare_record.terraform_managed_resource_0b63b8d61f82dab8391bb00ebb633fa3 + to = cloudflare_record.io_6f_fastmail_mx_1 +} + +resource "cloudflare_record" "io_6f_fastmail_mx_1" { + name = "6f.io" + priority = 10 + proxied = false + ttl = 1 + type = "MX" + value = "in1-smtp.messagingengine.com" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" +} + +moved { + from = cloudflare_record.terraform_managed_resource_cc96197e58585c64ea10efb0d7332fa6 + to = cloudflare_record.io_6f_fastmail_mx_2 +} + +resource "cloudflare_record" "io_6f_fastmail_mx_2" { name = "6f.io" priority = 20 proxied = false @@ -124,8 +131,43 @@ resource "cloudflare_record" "terraform_managed_resource_cc96197e58585c64ea10efb zone_id = "897af3a08a43f0b90fc93479c2b8ef41" } -resource "cloudflare_record" "terraform_managed_resource_0b63b8d61f82dab8391bb00ebb633fa3" { - name = "6f.io" +## Subdomain Mail + +resource "cloudflare_record" "io_6f_fastmail_mail_mx_1" { + name = "*" + priority = 10 + proxied = false + ttl = 1 + type = "MX" + value = "in1-smtp.messagingengine.com" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" +} + +resource "cloudflare_record" "io_6f_fastmail_mail_mx_2" { + name = "*" + priority = 20 + proxied = false + ttl = 1 + type = "MX" + value = "in2-smtp.messagingengine.com" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" +} + +## Webmail Login Portal + +resource "cloudflare_record" "io_6f_fastmail_webmail_login_portal" { + name = "mail" + proxied = true + ttl = 1 + type = "CNAME" + value = "mail.fastmail.com" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" +} + +### Allow mail at subdomains + +resource "cloudflare_record" "io_6f_fastmail_subdomains_mx_1" { + name = "mail" priority = 10 proxied = false ttl = 1 @@ -134,7 +176,24 @@ resource "cloudflare_record" "terraform_managed_resource_0b63b8d61f82dab8391bb00 zone_id = "897af3a08a43f0b90fc93479c2b8ef41" } -resource "cloudflare_record" "terraform_managed_resource_5ca8e9920a633edeb723b3320ceac23b" { +resource "cloudflare_record" "io_6f_fastmail_subdomains_mx_2" { + name = "mail" + priority = 20 + proxied = false + ttl = 1 + type = "MX" + value = "in2-smtp.messagingengine.com" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" +} + +## SPF + +moved { + from = cloudflare_record.terraform_managed_resource_5ca8e9920a633edeb723b3320ceac23b + to = cloudflare_record.io_6f_spf +} + +resource "cloudflare_record" "io_6f_spf" { name = "6f.io" proxied = false ttl = 1 @@ -143,20 +202,249 @@ resource "cloudflare_record" "terraform_managed_resource_5ca8e9920a633edeb723b33 zone_id = "897af3a08a43f0b90fc93479c2b8ef41" } -resource "cloudflare_record" "terraform_managed_resource_0cc8b3fbade586b0ec4b1af14c505ae5" { - name = "_dmarc" +## DKIM + +moved { + from = cloudflare_record.terraform_managed_resource_d4603ee3dc9485a7575eb40b3711c016 + to = cloudflare_record.io_6f_fastmail_dkim_1 +} + +resource "cloudflare_record" "io_6f_fastmail_dkim_1" { + name = "fm1._domainkey" proxied = false ttl = 1 - type = "TXT" - value = "v=DMARC1; p=none; rua=mailto:852672a62a5c41bc8f2eb9ea9a7e37ed@dmarc-reports.cloudflare.net" + type = "CNAME" + value = "fm1.6f.io.dkim.fmhosted.com" zone_id = "897af3a08a43f0b90fc93479c2b8ef41" } -resource "cloudflare_record" "terraform_managed_resource_84bc001ab67b45685c199d3e624adcdb" { - name = "google._domainkey" +moved { + from = cloudflare_record.terraform_managed_resource_57c23353922764ea967d7d15613aa166 + to = cloudflare_record.io_6f_fastmail_dkim_2 +} + +resource "cloudflare_record" "io_6f_fastmail_dkim_2" { + name = "fm2._domainkey" + proxied = false + ttl = 1 + type = "CNAME" + value = "fm2.6f.io.dkim.fmhosted.com" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" +} + +moved { + from = cloudflare_record.terraform_managed_resource_38fb6498048e4298798cae0e158e81ef + to = cloudflare_record.io_6f_fastmail_dkim_3 +} + +resource "cloudflare_record" "io_6f_fastmail_dkim_3" { + name = "fm3._domainkey" + proxied = false + ttl = 1 + type = "CNAME" + value = "fm3.6f.io.dkim.fmhosted.com" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" +} + +## DMARC + +moved { + from = cloudflare_record.terraform_managed_resource_0cc8b3fbade586b0ec4b1af14c505ae5 + to = cloudflare_record.io_6f_dmarc +} + +resource "cloudflare_record" "io_6f_dmarc" { + name = "_dmarc" proxied = false ttl = 1 type = "TXT" - value = "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1gK6OrYk7W+Qu+kWIQRyRlyFTHBuzZqVe0tTgIkg27ngR6LNiiecO5AKxYwc39c+KcQm7bL9qWz/K0CTWkfbdy74grzfd33Ezb+0cQjWyJrh8M7eEVdMRD4w1FxI+ZQvMeyPQo3hdGHi7NVqlV9xd9RwoEeq7bUFRNZ3Uqh82VwgwrCRPt6VQw4E04/fCLYGzqGzkhyJN14Y63yERDyS7kPtFVoZWbsoMZhv5GTcikXkfBBo/irMvZqS+zrzR75DyyWAfWOwHxJ8TPGVWzrtOBtuItHSayT8tNKxv1vWJshSkpuoRs0g8ZXXc3PbGkB6KiSoa8lHoYAJgvLXdM5fQIDAQAB" + value = "v=DMARC1; p=none; rua=mailto:852672a62a5c41bc8f2eb9ea9a7e37ed@dmarc-reports.cloudflare.net" zone_id = "897af3a08a43f0b90fc93479c2b8ef41" } + +## Client email auto-discovery + +resource "cloudflare_record" "io_6f_fastmail_smtp" { + name = "_submission._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" + data { + name = "6f.io" + port = 587 + priority = 0 + proto = "_tcp" + service = "_submission" + target = "smtp.fastmail.com" + weight = 1 + } +} + +resource "cloudflare_record" "io_6f_fastmail_imap" { + name = "_imap._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" + data { + name = "6f.io" + port = 0 + priority = 0 + proto = "_tcp" + service = "_imap" + target = "." + weight = 0 + } +} + +resource "cloudflare_record" "io_6f_fastmail_imaps" { + name = "_imaps._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" + data { + name = "6f.io" + port = 993 + priority = 0 + proto = "_tcp" + service = "_imaps" + target = "imap.fastmail.com" + weight = 1 + } +} + + +resource "cloudflare_record" "io_6f_fastmail_pop3" { + name = "_pop3._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" + data { + name = "6f.io" + port = 0 + priority = 0 + proto = "_tcp" + service = "_pop3" + target = "." + weight = 0 + } +} + +resource "cloudflare_record" "io_6f_fastmail_pop3s" { + name = "_pop3s._tcp" + priority = 10 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" + data { + name = "6f.io" + port = 995 + priority = 10 + proto = "_tcp" + service = "_pop3s" + target = "pop.fastmail.com" + weight = 1 + } +} + +resource "cloudflare_record" "io_6f_fastmail_jmap" { + name = "_jmap._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" + data { + name = "6f.io" + port = 443 + priority = 0 + proto = "_tcp" + service = "_jmap" + target = "api.fastmail.com" + weight = 1 + } +} + +## Client CardDAV auto-discovery + +resource "cloudflare_record" "io_6f_fastmail_carddav" { + name = "_carddav._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" + data { + name = "6f.io" + port = 0 + priority = 0 + proto = "_tcp" + service = "_carddav" + target = "." + weight = 0 + } +} + +resource "cloudflare_record" "io_6f_fastmail_carddavs" { + name = "_carddavs._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" + data { + name = "6f.io" + port = 443 + priority = 0 + proto = "_tcp" + service = "_carddavs" + target = "carddav.fastmail.com" + weight = 1 + } +} + +## Client CalDAV auto-discovery + +resource "cloudflare_record" "io_6f_fastmail_caldav" { + name = "_caldav._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" + data { + name = "6f.io" + port = 0 + priority = 0 + proto = "_tcp" + service = "_caldav" + target = "." + weight = 0 + } +} + +resource "cloudflare_record" "io_6f_fastmail_caldavs" { + name = "_caldavs._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "897af3a08a43f0b90fc93479c2b8ef41" + data { + name = "6f.io" + port = 443 + priority = 0 + proto = "_tcp" + service = "_caldavs" + target = "caldav.fastmail.com" + weight = 1 + } +} diff --git a/tf/net_hipparcos.tf b/tf/net_hipparcos.tf index 7553c7f74..b670c1518 100644 --- a/tf/net_hipparcos.tf +++ b/tf/net_hipparcos.tf @@ -6,44 +6,31 @@ resource "cloudflare_zone" "terraform_managed_resource_994692a638e9a8c4ae552a9e6 zone = "hipparcos.net" } -resource "cloudflare_record" "terraform_managed_resource_b861a72f5625b9e60f2610c85b08501b" { - name = "fm1._domainkey" - proxied = false - ttl = 1 - type = "CNAME" - value = "fm1.hipparcos.net.dkim.fmhosted.com" - zone_id = "994692a638e9a8c4ae552a9e6dacb609" -} - -resource "cloudflare_record" "terraform_managed_resource_c3754ac605e72da047aebe471cdff4f7" { - name = "fm2._domainkey" - proxied = false +resource "cloudflare_record" "terraform_managed_resource_f7e7d606ea20e6a29c7e268c7715b74e" { + name = "hipparcos.net" + proxied = true ttl = 1 - type = "CNAME" - value = "fm2.hipparcos.net.dkim.fmhosted.com" + type = "AAAA" + value = "100::" zone_id = "994692a638e9a8c4ae552a9e6dacb609" } -resource "cloudflare_record" "terraform_managed_resource_be51b7f396ff3f68451c87e41ba9274f" { - name = "fm3._domainkey" - proxied = false - ttl = 1 - type = "CNAME" - value = "fm3.hipparcos.net.dkim.fmhosted.com" - zone_id = "994692a638e9a8c4ae552a9e6dacb609" -} +# Fastmail +# +# https://www.fastmail.help/hc/en-us/articles/360060591153-Manual-DNS-configuration -resource "cloudflare_record" "terraform_managed_resource_29190c165c26da1d92c7858b74dab4d8" { - name = "mail" - proxied = true - ttl = 1 - type = "CNAME" - value = "mail.fastmail.com" - zone_id = "994692a638e9a8c4ae552a9e6dacb609" +resource "cloudflare_record" "terraform_managed_resource_9a01f57d2026a498ba69c6e55b25e001" { + name = "hipparcos.net" + priority = 10 + proxied = false + ttl = 1 + type = "MX" + value = "in1-smtp.messagingengine.com" + zone_id = "994692a638e9a8c4ae552a9e6dacb609" } -resource "cloudflare_record" "terraform_managed_resource_8ce67ae8f8520e22b15daf5af245c5a3" { - name = "*" +resource "cloudflare_record" "terraform_managed_resource_80a3b9351b70b6c09085329d03c355ab" { + name = "hipparcos.net" priority = 20 proxied = false ttl = 1 @@ -52,6 +39,8 @@ resource "cloudflare_record" "terraform_managed_resource_8ce67ae8f8520e22b15daf5 zone_id = "994692a638e9a8c4ae552a9e6dacb609" } +## Subdomain Mail + resource "cloudflare_record" "terraform_managed_resource_6bc996fbe9aa45078bf34305ad1b6f50" { name = "*" priority = 10 @@ -62,8 +51,8 @@ resource "cloudflare_record" "terraform_managed_resource_6bc996fbe9aa45078bf3430 zone_id = "994692a638e9a8c4ae552a9e6dacb609" } -resource "cloudflare_record" "terraform_managed_resource_80a3b9351b70b6c09085329d03c355ab" { - name = "hipparcos.net" +resource "cloudflare_record" "terraform_managed_resource_8ce67ae8f8520e22b15daf5af245c5a3" { + name = "*" priority = 20 proxied = false ttl = 1 @@ -72,8 +61,21 @@ resource "cloudflare_record" "terraform_managed_resource_80a3b9351b70b6c09085329 zone_id = "994692a638e9a8c4ae552a9e6dacb609" } -resource "cloudflare_record" "terraform_managed_resource_9a01f57d2026a498ba69c6e55b25e001" { - name = "hipparcos.net" +## Webmail Login Portal + +resource "cloudflare_record" "terraform_managed_resource_29190c165c26da1d92c7858b74dab4d8" { + name = "mail" + proxied = true + ttl = 1 + type = "CNAME" + value = "mail.fastmail.com" + zone_id = "994692a638e9a8c4ae552a9e6dacb609" +} + +### Allow mail at subdomains + +resource "cloudflare_record" "terraform_managed_resource_8ff6114729e0ccc038188c7349c44f93" { + name = "mail" priority = 10 proxied = false ttl = 1 @@ -92,18 +94,61 @@ resource "cloudflare_record" "terraform_managed_resource_5d0d2e817cffc85eba40bec zone_id = "994692a638e9a8c4ae552a9e6dacb609" } -resource "cloudflare_record" "terraform_managed_resource_8ff6114729e0ccc038188c7349c44f93" { - name = "mail" - priority = 10 - proxied = false - ttl = 1 - type = "MX" - value = "in1-smtp.messagingengine.com" - zone_id = "994692a638e9a8c4ae552a9e6dacb609" +## SPF + +resource "cloudflare_record" "terraform_managed_resource_bf76208b81e67ff68b70a57bae94226f" { + name = "hipparcos.net" + proxied = false + ttl = 1 + type = "TXT" + value = "v=spf1 include:spf.messagingengine.com ?all" + zone_id = "994692a638e9a8c4ae552a9e6dacb609" } -resource "cloudflare_record" "terraform_managed_resource_e7733a293362560c1279c946fa4a1da2" { - name = "_caldavs._tcp" +## DKIM + +resource "cloudflare_record" "terraform_managed_resource_b861a72f5625b9e60f2610c85b08501b" { + name = "fm1._domainkey" + proxied = false + ttl = 1 + type = "CNAME" + value = "fm1.hipparcos.net.dkim.fmhosted.com" + zone_id = "994692a638e9a8c4ae552a9e6dacb609" +} + +resource "cloudflare_record" "terraform_managed_resource_c3754ac605e72da047aebe471cdff4f7" { + name = "fm2._domainkey" + proxied = false + ttl = 1 + type = "CNAME" + value = "fm2.hipparcos.net.dkim.fmhosted.com" + zone_id = "994692a638e9a8c4ae552a9e6dacb609" +} + +resource "cloudflare_record" "terraform_managed_resource_be51b7f396ff3f68451c87e41ba9274f" { + name = "fm3._domainkey" + proxied = false + ttl = 1 + type = "CNAME" + value = "fm3.hipparcos.net.dkim.fmhosted.com" + zone_id = "994692a638e9a8c4ae552a9e6dacb609" +} + +## DMARC + +resource "cloudflare_record" "terraform_managed_resource_6364516621a4bfade37617e417b0c213" { + name = "_dmarc" + proxied = false + ttl = 1 + type = "TXT" + value = "\"v=DMARC1; p=none; rua=mailto:95506e4bcd13411f9c0dadfe1c2e7f85@dmarc-reports.cloudflare.net\"" + zone_id = "994692a638e9a8c4ae552a9e6dacb609" +} + +## Client email auto-discovery + +resource "cloudflare_record" "terraform_managed_resource_4c64611f8756ae7715ece35782342f0b" { + name = "_submission._tcp" priority = 0 proxied = false ttl = 1 @@ -111,17 +156,17 @@ resource "cloudflare_record" "terraform_managed_resource_e7733a293362560c1279c94 zone_id = "994692a638e9a8c4ae552a9e6dacb609" data { name = "hipparcos.net" - port = 443 + port = 587 priority = 0 proto = "_tcp" - service = "_caldavs" - target = "caldav.fastmail.com" + service = "_submission" + target = "smtp.fastmail.com" weight = 1 } } -resource "cloudflare_record" "terraform_managed_resource_3237bb1db82965b3796074caea68e40e" { - name = "_caldav._tcp" +resource "cloudflare_record" "terraform_managed_resource_88cc2e5ec9a93a44c7be32e9bb0a1323" { + name = "_imap._tcp" priority = 0 proxied = false ttl = 1 @@ -132,14 +177,14 @@ resource "cloudflare_record" "terraform_managed_resource_3237bb1db82965b3796074c port = 0 priority = 0 proto = "_tcp" - service = "_caldav" + service = "_imap" target = "." weight = 0 } } -resource "cloudflare_record" "terraform_managed_resource_6dbef040592eb401babb8ab4ebca1415" { - name = "_carddavs._tcp" +resource "cloudflare_record" "terraform_managed_resource_daeb805f3d837ea3f13aedf23359f116" { + name = "_imaps._tcp" priority = 0 proxied = false ttl = 1 @@ -147,17 +192,18 @@ resource "cloudflare_record" "terraform_managed_resource_6dbef040592eb401babb8ab zone_id = "994692a638e9a8c4ae552a9e6dacb609" data { name = "hipparcos.net" - port = 443 + port = 993 priority = 0 proto = "_tcp" - service = "_carddavs" - target = "carddav.fastmail.com" + service = "_imaps" + target = "imap.fastmail.com" weight = 1 } } -resource "cloudflare_record" "terraform_managed_resource_7482e7a3b939e94a17168e781bbc401a" { - name = "_carddav._tcp" + +resource "cloudflare_record" "terraform_managed_resource_4332f8e9dccbfaf72fcccb92a1bdff5b" { + name = "_pop3._tcp" priority = 0 proxied = false ttl = 1 @@ -168,32 +214,32 @@ resource "cloudflare_record" "terraform_managed_resource_7482e7a3b939e94a17168e7 port = 0 priority = 0 proto = "_tcp" - service = "_carddav" + service = "_pop3" target = "." weight = 0 } } -resource "cloudflare_record" "terraform_managed_resource_daeb805f3d837ea3f13aedf23359f116" { - name = "_imaps._tcp" - priority = 0 +resource "cloudflare_record" "terraform_managed_resource_0eeba5fa76750609ba994cfd0047a4fa" { + name = "_pop3s._tcp" + priority = 10 proxied = false ttl = 1 type = "SRV" zone_id = "994692a638e9a8c4ae552a9e6dacb609" data { name = "hipparcos.net" - port = 993 - priority = 0 + port = 995 + priority = 10 proto = "_tcp" - service = "_imaps" - target = "imap.fastmail.com" + service = "_pop3s" + target = "pop.fastmail.com" weight = 1 } } -resource "cloudflare_record" "terraform_managed_resource_88cc2e5ec9a93a44c7be32e9bb0a1323" { - name = "_imap._tcp" +resource "cloudflare_record" "terraform_managed_resource_363ab94d5d812b41b1d99238b8c55496" { + name = "_jmap._tcp" priority = 0 proxied = false ttl = 1 @@ -201,17 +247,19 @@ resource "cloudflare_record" "terraform_managed_resource_88cc2e5ec9a93a44c7be32e zone_id = "994692a638e9a8c4ae552a9e6dacb609" data { name = "hipparcos.net" - port = 0 + port = 443 priority = 0 proto = "_tcp" - service = "_imap" - target = "." - weight = 0 + service = "_jmap" + target = "api.fastmail.com" + weight = 1 } } -resource "cloudflare_record" "terraform_managed_resource_363ab94d5d812b41b1d99238b8c55496" { - name = "_jmap._tcp" +## Client CardDAV auto-discovery + +resource "cloudflare_record" "terraform_managed_resource_7482e7a3b939e94a17168e781bbc401a" { + name = "_carddav._tcp" priority = 0 proxied = false ttl = 1 @@ -219,35 +267,37 @@ resource "cloudflare_record" "terraform_managed_resource_363ab94d5d812b41b1d9923 zone_id = "994692a638e9a8c4ae552a9e6dacb609" data { name = "hipparcos.net" - port = 443 + port = 0 priority = 0 proto = "_tcp" - service = "_jmap" - target = "api.fastmail.com" - weight = 1 + service = "_carddav" + target = "." + weight = 0 } } -resource "cloudflare_record" "terraform_managed_resource_0eeba5fa76750609ba994cfd0047a4fa" { - name = "_pop3s._tcp" - priority = 10 +resource "cloudflare_record" "terraform_managed_resource_6dbef040592eb401babb8ab4ebca1415" { + name = "_carddavs._tcp" + priority = 0 proxied = false ttl = 1 type = "SRV" zone_id = "994692a638e9a8c4ae552a9e6dacb609" data { name = "hipparcos.net" - port = 995 - priority = 10 + port = 443 + priority = 0 proto = "_tcp" - service = "_pop3s" - target = "pop.fastmail.com" + service = "_carddavs" + target = "carddav.fastmail.com" weight = 1 } } -resource "cloudflare_record" "terraform_managed_resource_4332f8e9dccbfaf72fcccb92a1bdff5b" { - name = "_pop3._tcp" +## Client CalDAV auto-discovery + +resource "cloudflare_record" "terraform_managed_resource_3237bb1db82965b3796074caea68e40e" { + name = "_caldav._tcp" priority = 0 proxied = false ttl = 1 @@ -258,14 +308,14 @@ resource "cloudflare_record" "terraform_managed_resource_4332f8e9dccbfaf72fcccb9 port = 0 priority = 0 proto = "_tcp" - service = "_pop3" + service = "_caldav" target = "." weight = 0 } } -resource "cloudflare_record" "terraform_managed_resource_4c64611f8756ae7715ece35782342f0b" { - name = "_submission._tcp" +resource "cloudflare_record" "terraform_managed_resource_e7733a293362560c1279c946fa4a1da2" { + name = "_caldavs._tcp" priority = 0 proxied = false ttl = 1 @@ -273,38 +323,11 @@ resource "cloudflare_record" "terraform_managed_resource_4c64611f8756ae7715ece35 zone_id = "994692a638e9a8c4ae552a9e6dacb609" data { name = "hipparcos.net" - port = 587 + port = 443 priority = 0 proto = "_tcp" - service = "_submission" - target = "smtp.fastmail.com" + service = "_caldavs" + target = "caldav.fastmail.com" weight = 1 } } - -resource "cloudflare_record" "terraform_managed_resource_6364516621a4bfade37617e417b0c213" { - name = "_dmarc" - proxied = false - ttl = 1 - type = "TXT" - value = "\"v=DMARC1; p=none; rua=mailto:95506e4bcd13411f9c0dadfe1c2e7f85@dmarc-reports.cloudflare.net\"" - zone_id = "994692a638e9a8c4ae552a9e6dacb609" -} - -resource "cloudflare_record" "terraform_managed_resource_bf76208b81e67ff68b70a57bae94226f" { - name = "hipparcos.net" - proxied = false - ttl = 1 - type = "TXT" - value = "v=spf1 include:spf.messagingengine.com ?all" - zone_id = "994692a638e9a8c4ae552a9e6dacb609" -} - -resource "cloudflare_record" "terraform_managed_resource_f7e7d606ea20e6a29c7e268c7715b74e" { - name = "hipparcos.net" - proxied = true - ttl = 1 - type = "AAAA" - value = "100::" - zone_id = "994692a638e9a8c4ae552a9e6dacb609" -} diff --git a/tf/net_starjunk.tf b/tf/net_starjunk.tf index 81375500e..423d0bd35 100644 --- a/tf/net_starjunk.tf +++ b/tf/net_starjunk.tf @@ -1,6 +1,6 @@ moved { from = cloudflare_zone.terraform_managed_resource_acff21a4b43636283cd28bd5c5bd44a5 - to = cloudflare_zone.starjunk_net + to = cloudflare_zone.starjunk_net } resource "cloudflare_zone" "starjunk_net" { @@ -58,7 +58,7 @@ resource "cloudflare_record" "terraform_managed_resource_8c0fbc31ad098d40f9eccb8 moved { from = cloudflare_record.terraform_managed_resource_96ab3ddbd1d6bda8e41ad733053b18aa - to = cloudflare_record.aaaa + to = cloudflare_record.aaaa } resource "cloudflare_record" "aaaa" { @@ -72,7 +72,7 @@ resource "cloudflare_record" "aaaa" { moved { from = cloudflare_record.terraform_managed_resource_1d02e7ffa92156a8528ad4263f5462c0 - to = cloudflare_record.www_aaaa + to = cloudflare_record.www_aaaa } resource "cloudflare_record" "www_aaaa" { @@ -84,34 +84,40 @@ resource "cloudflare_record" "www_aaaa" { zone_id = "acff21a4b43636283cd28bd5c5bd44a5" } -resource "cloudflare_record" "terraform_managed_resource_96494382737d342503bf7f2f6aa83332" { - name = "fm1._domainkey" +resource "cloudflare_record" "terraform_managed_resource_37e047cce80565276348d26c57dd9861" { + name = "google._domainkey" proxied = false ttl = 1 - type = "CNAME" - value = "fm1.starjunk.net.dkim.fmhosted.com" + type = "TXT" + value = "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntFvX1RJv3xAjH2gEvpBKh7MM95/SPJQSeX8QBpNByfkdlGwjgoES9WWY1HgRTOcnDYkR7+7pj6vTAIAkde75YWByT7wh16G+cjJ+zLOZwltegt18/69aQDqyT8nOw6Qb1itT4AhmBAG31z8F88T3pjbBqKAaNqyF4WBVjQfELHSoWnXvpuRC3VLj5Hlc0F8ghHQ9+m5tTnJkaWxdkTMRqO5fywUQhFP3CyNoCN6fBzkZNZgBIsqBELbKBAOHcLofV77DQLFgPomtUwzeRfVbEqDdTKVe0B6ybnHvYSLnaMcWMRxlPPYst/HI4WKOY/f3dzTI1ja8776VCO35rGRTQIDAQAB" zone_id = "acff21a4b43636283cd28bd5c5bd44a5" } -resource "cloudflare_record" "terraform_managed_resource_1f45cbb0881abba9d2dff8072d550aae" { - name = "fm2._domainkey" - proxied = false - ttl = 1 - type = "CNAME" - value = "fm2.starjunk.net.dkim.fmhosted.com" - zone_id = "acff21a4b43636283cd28bd5c5bd44a5" +# Fastmail +# +# https://www.fastmail.help/hc/en-us/articles/360060591153-Manual-DNS-configuration + +moved { + from = cloudflare_record.terraform_managed_resource_08f5abc0c8ab5c7f626df016d605c6ac + to = cloudflare_record.net_starjunk_fastmail_mx_1 } -resource "cloudflare_record" "terraform_managed_resource_9714dc1aa362bbdf836abd7354b82252" { - name = "fm3._domainkey" - proxied = false - ttl = 1 - type = "CNAME" - value = "fm3.starjunk.net.dkim.fmhosted.com" - zone_id = "acff21a4b43636283cd28bd5c5bd44a5" +resource "cloudflare_record" "net_starjunk_fastmail_mx_1" { + name = "starjunk.net" + priority = 10 + proxied = false + ttl = 1 + type = "MX" + value = "in1-smtp.messagingengine.com" + zone_id = "acff21a4b43636283cd28bd5c5bd44a5" } -resource "cloudflare_record" "terraform_managed_resource_cfdd0862380adbfdc5a7442b0c243536" { +moved { + from = cloudflare_record.terraform_managed_resource_cfdd0862380adbfdc5a7442b0c243536 + to = cloudflare_record.net_starjunk_fastmail_mx_2 +} + +resource "cloudflare_record" "net_starjunk_fastmail_mx_2" { name = "starjunk.net" priority = 20 proxied = false @@ -121,8 +127,10 @@ resource "cloudflare_record" "terraform_managed_resource_cfdd0862380adbfdc5a7442 zone_id = "acff21a4b43636283cd28bd5c5bd44a5" } -resource "cloudflare_record" "terraform_managed_resource_08f5abc0c8ab5c7f626df016d605c6ac" { - name = "starjunk.net" +## Subdomain Mail + +resource "cloudflare_record" "net_starjunk_fastmail_mail_mx_1" { + name = "*" priority = 10 proxied = false ttl = 1 @@ -131,29 +139,308 @@ resource "cloudflare_record" "terraform_managed_resource_08f5abc0c8ab5c7f626df01 zone_id = "acff21a4b43636283cd28bd5c5bd44a5" } -resource "cloudflare_record" "terraform_managed_resource_b80a3533e30542aa54abcac7747f8e41" { - name = "_dmarc" +resource "cloudflare_record" "net_starjunk_fastmail_mail_mx_2" { + name = "*" + priority = 20 + proxied = false + ttl = 1 + type = "MX" + value = "in2-smtp.messagingengine.com" + zone_id = "acff21a4b43636283cd28bd5c5bd44a5" +} + +## Webmail Login Portal + +resource "cloudflare_record" "net_starjunk_fastmail_webmail_login_portal" { + name = "mail" + proxied = true + ttl = 1 + type = "CNAME" + value = "mail.fastmail.com" + zone_id = "acff21a4b43636283cd28bd5c5bd44a5" +} + +### Allow mail at subdomains + +resource "cloudflare_record" "net_starjunk_fastmail_subdomains_mx_1" { + name = "mail" + priority = 10 + proxied = false + ttl = 1 + type = "MX" + value = "in1-smtp.messagingengine.com" + zone_id = "acff21a4b43636283cd28bd5c5bd44a5" +} + +resource "cloudflare_record" "net_starjunk_fastmail_subdomains_mx_2" { + name = "mail" + priority = 20 + proxied = false + ttl = 1 + type = "MX" + value = "in2-smtp.messagingengine.com" + zone_id = "acff21a4b43636283cd28bd5c5bd44a5" +} + +## SPF + +moved { + from = cloudflare_record.terraform_managed_resource_73ef1766328832460724a6e3e780a257 + to = cloudflare_record.net_starjunk_spf +} + +resource "cloudflare_record" "net_starjunk_spf" { + name = "starjunk.net" proxied = false ttl = 1 type = "TXT" - value = "v=DMARC1; p=none; rua=mailto:11e643eadb6648a8b81fc11bcfe022f9@dmarc-reports.cloudflare.net" + value = "v=spf1 include:spf.messagingengine.com ?all" zone_id = "acff21a4b43636283cd28bd5c5bd44a5" } -resource "cloudflare_record" "terraform_managed_resource_37e047cce80565276348d26c57dd9861" { - name = "google._domainkey" +## DKIM + +moved { + from = cloudflare_record.terraform_managed_resource_96494382737d342503bf7f2f6aa83332 + to = cloudflare_record.net_starjunk_fastmail_dkim_1 +} + +resource "cloudflare_record" "net_starjunk_fastmail_dkim_1" { + name = "fm1._domainkey" proxied = false ttl = 1 - type = "TXT" - value = "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntFvX1RJv3xAjH2gEvpBKh7MM95/SPJQSeX8QBpNByfkdlGwjgoES9WWY1HgRTOcnDYkR7+7pj6vTAIAkde75YWByT7wh16G+cjJ+zLOZwltegt18/69aQDqyT8nOw6Qb1itT4AhmBAG31z8F88T3pjbBqKAaNqyF4WBVjQfELHSoWnXvpuRC3VLj5Hlc0F8ghHQ9+m5tTnJkaWxdkTMRqO5fywUQhFP3CyNoCN6fBzkZNZgBIsqBELbKBAOHcLofV77DQLFgPomtUwzeRfVbEqDdTKVe0B6ybnHvYSLnaMcWMRxlPPYst/HI4WKOY/f3dzTI1ja8776VCO35rGRTQIDAQAB" + type = "CNAME" + value = "fm1.starjunk.net.dkim.fmhosted.com" zone_id = "acff21a4b43636283cd28bd5c5bd44a5" } -resource "cloudflare_record" "terraform_managed_resource_73ef1766328832460724a6e3e780a257" { - name = "starjunk.net" +moved { + from = cloudflare_record.terraform_managed_resource_1f45cbb0881abba9d2dff8072d550aae + to = cloudflare_record.net_starjunk_fastmail_dkim_2 +} + +resource "cloudflare_record" "net_starjunk_fastmail_dkim_2" { + name = "fm2._domainkey" + proxied = false + ttl = 1 + type = "CNAME" + value = "fm2.starjunk.net.dkim.fmhosted.com" + zone_id = "acff21a4b43636283cd28bd5c5bd44a5" +} + +moved { + from = cloudflare_record.terraform_managed_resource_9714dc1aa362bbdf836abd7354b82252 + to = cloudflare_record.net_starjunk_fastmail_dkim_3 +} + +resource "cloudflare_record" "net_starjunk_fastmail_dkim_3" { + name = "fm3._domainkey" + proxied = false + ttl = 1 + type = "CNAME" + value = "fm3.starjunk.net.dkim.fmhosted.com" + zone_id = "acff21a4b43636283cd28bd5c5bd44a5" +} + +## DMARC + +moved { + from = cloudflare_record.terraform_managed_resource_b80a3533e30542aa54abcac7747f8e41 + to = cloudflare_record.net_starjunk_dmarc +} + +resource "cloudflare_record" "net_starjunk_dmarc" { + name = "_dmarc" proxied = false ttl = 1 type = "TXT" - value = "v=spf1 include:spf.messagingengine.com ?all" + value = "v=DMARC1; p=none; rua=mailto:11e643eadb6648a8b81fc11bcfe022f9@dmarc-reports.cloudflare.net" zone_id = "acff21a4b43636283cd28bd5c5bd44a5" } + +## Client email auto-discovery + +resource "cloudflare_record" "net_starjunk_fastmail_smtp" { + name = "_submission._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "acff21a4b43636283cd28bd5c5bd44a5" + data { + name = "starjunk.net" + port = 587 + priority = 0 + proto = "_tcp" + service = "_submission" + target = "smtp.fastmail.com" + weight = 1 + } +} + +resource "cloudflare_record" "net_starjunk_fastmail_imap" { + name = "_imap._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "acff21a4b43636283cd28bd5c5bd44a5" + data { + name = "starjunk.net" + port = 0 + priority = 0 + proto = "_tcp" + service = "_imap" + target = "." + weight = 0 + } +} + +resource "cloudflare_record" "net_starjunk_fastmail_imaps" { + name = "_imaps._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "acff21a4b43636283cd28bd5c5bd44a5" + data { + name = "starjunk.net" + port = 993 + priority = 0 + proto = "_tcp" + service = "_imaps" + target = "imap.fastmail.com" + weight = 1 + } +} + + +resource "cloudflare_record" "net_starjunk_fastmail_pop3" { + name = "_pop3._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "acff21a4b43636283cd28bd5c5bd44a5" + data { + name = "starjunk.net" + port = 0 + priority = 0 + proto = "_tcp" + service = "_pop3" + target = "." + weight = 0 + } +} + +resource "cloudflare_record" "net_starjunk_fastmail_pop3s" { + name = "_pop3s._tcp" + priority = 10 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "acff21a4b43636283cd28bd5c5bd44a5" + data { + name = "starjunk.net" + port = 995 + priority = 10 + proto = "_tcp" + service = "_pop3s" + target = "pop.fastmail.com" + weight = 1 + } +} + +resource "cloudflare_record" "net_starjunk_fastmail_jmap" { + name = "_jmap._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "acff21a4b43636283cd28bd5c5bd44a5" + data { + name = "starjunk.net" + port = 443 + priority = 0 + proto = "_tcp" + service = "_jmap" + target = "api.fastmail.com" + weight = 1 + } +} + +## Client CardDAV auto-discovery + +resource "cloudflare_record" "net_starjunk_fastmail_carddav" { + name = "_carddav._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "acff21a4b43636283cd28bd5c5bd44a5" + data { + name = "starjunk.net" + port = 0 + priority = 0 + proto = "_tcp" + service = "_carddav" + target = "." + weight = 0 + } +} + +resource "cloudflare_record" "net_starjunk_fastmail_carddavs" { + name = "_carddavs._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "acff21a4b43636283cd28bd5c5bd44a5" + data { + name = "starjunk.net" + port = 443 + priority = 0 + proto = "_tcp" + service = "_carddavs" + target = "carddav.fastmail.com" + weight = 1 + } +} + +## Client CalDAV auto-discovery + +resource "cloudflare_record" "net_starjunk_fastmail_caldav" { + name = "_caldav._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "acff21a4b43636283cd28bd5c5bd44a5" + data { + name = "starjunk.net" + port = 0 + priority = 0 + proto = "_tcp" + service = "_caldav" + target = "." + weight = 0 + } +} + +resource "cloudflare_record" "net_starjunk_fastmail_caldavs" { + name = "_caldavs._tcp" + priority = 0 + proxied = false + ttl = 1 + type = "SRV" + zone_id = "acff21a4b43636283cd28bd5c5bd44a5" + data { + name = "starjunk.net" + port = 443 + priority = 0 + proto = "_tcp" + service = "_caldavs" + target = "caldav.fastmail.com" + weight = 1 + } +}