d

2026-03-05 21:35:59 +00:00
parent f6608eee87
commit 3824bddbb5
73 changed files with 6971 additions and 0 deletions
--- a/terraform/backend.tf
+++ b/terraform/backend.tf
@@ -0,0 +1,31 @@
+terraform {
+  # Your existing provider requirements...
+  required_providers {
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "5.18.0"
+    }
+  }
+
+  backend "s3" {
+    bucket = "ztariq"
+    key    = "cloudflare/terraform.tfstate"
+
+    # TRICK THE AWS SDK: Use a standard AWS region here to bypass strict validation.
+    # The traffic will still go to Backblaze because of the endpoints block below.
+    region = "us-east-1"
+
+    endpoints = {
+      s3 = "https://s3.eu-central-003.backblazeb2.com"
+    }
+
+    # REQUIRED for non-AWS S3 backends in modern Terraform
+    use_path_style = true
+
+    skip_credentials_validation = true
+    skip_region_validation      = true
+    skip_metadata_api_check     = true
+    skip_requesting_account_id  = true
+    skip_s3_checksum            = true
+  }
+}
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -0,0 +1,298 @@
+variable "cloudflare_api_token" {
+  type        = string
+  description = "Cloudflare API Token"
+  sensitive   = true
+}
+
+provider "cloudflare" {
+  api_token = var.cloudflare_api_token
+}
+
+# Your existing zone_id variable and resources continue below...
+variable "cloudflare_zone_id" {
+  type    = string
+  default = "0f670677e7c36e9fe8f8e6a1d1c72cbf"
+}
+# ------------------------------------------------------------------------------
+# A Records
+# ------------------------------------------------------------------------------
+
+resource "cloudflare_dns_record" "a_beszel" {
+  zone_id = var.cloudflare_zone_id
+  name    = "beszel"
+  content = "198.23.169.195"
+  type    = "A"
+  ttl     = 1
+  proxied = true
+}
+resource "cloudflare_dns_record" "a_code" {
+  zone_id = var.cloudflare_zone_id
+  name    = "code"
+  content = "159.195.50.40"
+  type    = "A"
+  ttl     = 1
+  proxied = true
+}
+
+resource "cloudflare_dns_record" "a_pre" {
+  zone_id = var.cloudflare_zone_id
+  name    = "pre"
+  content = "159.195.50.40"
+  type    = "A"
+  ttl     = 1
+  proxied = false
+}
+resource "cloudflare_dns_record" "a_de" {
+  zone_id = var.cloudflare_zone_id
+  name    = "de"
+  content = "159.195.50.40"
+  type    = "A"
+  ttl     = 1
+  proxied = false
+}
+
+resource "cloudflare_dns_record" "a_home" {
+  zone_id = var.cloudflare_zone_id
+  name    = "home"
+  content = "51.7.97.20"
+  type    = "A"
+  ttl     = 120
+  proxied = false
+}
+
+resource "cloudflare_dns_record" "a_immich" {
+  zone_id = var.cloudflare_zone_id
+  name    = "immich"
+  content = "159.195.50.40"
+  type    = "A"
+  ttl     = 1
+  proxied = false
+}
+
+resource "cloudflare_dns_record" "a_jelly" {
+  zone_id = var.cloudflare_zone_id
+  name    = "jelly"
+  content = "159.195.50.40"
+  type    = "A"
+  ttl     = 1
+  proxied = false
+}
+
+resource "cloudflare_dns_record" "a_next" {
+  zone_id = var.cloudflare_zone_id
+  name    = "next"
+  content = "159.195.50.40"
+  type    = "A"
+  ttl     = 1
+  proxied = false
+}
+
+resource "cloudflare_dns_record" "a_nl" {
+  zone_id = var.cloudflare_zone_id
+  name    = "nl"
+  content = "94.249.197.63"
+  type    = "A"
+  ttl     = 1
+  proxied = false
+}
+
+resource "cloudflare_dns_record" "a_uk" {
+  zone_id = var.cloudflare_zone_id
+  name    = "uk"
+  content = "77.74.199.56"
+  type    = "A"
+  ttl     = 1
+  proxied = false
+}
+
+resource "cloudflare_dns_record" "a_uptime" {
+  zone_id = var.cloudflare_zone_id
+  name    = "uptime"
+  content = "198.23.169.195"
+  type    = "A"
+  ttl     = 1
+  proxied = true
+}
+
+resource "cloudflare_dns_record" "a_us" {
+  zone_id = var.cloudflare_zone_id
+  name    = "us"
+  content = "198.23.169.195"
+  type    = "A"
+  ttl     = 1
+  proxied = false
+}
+
+resource "cloudflare_dns_record" "a_vault" {
+  zone_id = var.cloudflare_zone_id
+  name    = "vault"
+  content = "77.74.199.56"
+  type    = "A"
+  ttl     = 1
+  proxied = true
+}
+
+resource "cloudflare_dns_record" "a_www" {
+  zone_id = var.cloudflare_zone_id
+  name    = "www"
+  content = "77.74.199.56"
+  type    = "A"
+  ttl     = 1
+  proxied = true
+}
+
+resource "cloudflare_dns_record" "a_root" {
+  zone_id = var.cloudflare_zone_id
+  name    = "@"
+  content = "77.74.199.56"
+  type    = "A"
+  ttl     = 1
+  proxied = true
+}
+
+# ------------------------------------------------------------------------------
+# AAAA Records
+# ------------------------------------------------------------------------------
+
+resource "cloudflare_dns_record" "aaaa_de" {
+  zone_id = var.cloudflare_zone_id
+  name    = "de"
+  content = "2a0a:4cc0:c1:bf6c:401:8ff:fe10:675d"
+  type    = "AAAA"
+  ttl     = 1
+  proxied = false
+}
+resource "cloudflare_dns_record" "aaaa_pre" {
+  zone_id = var.cloudflare_zone_id
+  name    = "pre"
+  content = "2a0a:4cc0:c1:bf6c:401:8ff:fe10:675d"
+  type    = "AAAA"
+  ttl     = 1
+  proxied = false
+}
+
+resource "cloudflare_dns_record" "aaaa_immich" {
+  zone_id = var.cloudflare_zone_id
+  name    = "immich"
+  content = "2a0a:4cc0:c1:bf6c:401:8ff:fe10:675d"
+  type    = "AAAA"
+  ttl     = 1
+  proxied = false
+}
+
+resource "cloudflare_dns_record" "aaaa_jelly" {
+  zone_id = var.cloudflare_zone_id
+  name    = "jelly"
+  content = "2a0a:4cc0:c1:bf6c:401:8ff:fe10:675d"
+  type    = "AAAA"
+  ttl     = 1
+  proxied = false
+}
+
+resource "cloudflare_dns_record" "aaaa_nl" {
+  zone_id = var.cloudflare_zone_id
+  name    = "nl"
+  content = "2a12:bec4:1651:104::111"
+  type    = "AAAA"
+  ttl     = 1
+  proxied = false
+}
+
+resource "cloudflare_dns_record" "aaaa_uk" {
+  zone_id = var.cloudflare_zone_id
+  name    = "uk"
+  content = "2a12:ab46:5344:41::a"
+  type    = "AAAA"
+  ttl     = 1
+  proxied = false
+}
+
+resource "cloudflare_dns_record" "aaaa_vault" {
+  zone_id = var.cloudflare_zone_id
+  name    = "vault"
+  content = "2a12:ab46:5344:41::a"
+  type    = "AAAA"
+  ttl     = 1
+  proxied = true
+}
+
+resource "cloudflare_dns_record" "aaaa_root" {
+  zone_id = var.cloudflare_zone_id
+  name    = "@"
+  content = "2a12:ab46:5344:41::a"
+  type    = "AAAA"
+  ttl     = 1
+  proxied = true
+}
+
+# ------------------------------------------------------------------------------
+# CNAME Records
+# ------------------------------------------------------------------------------
+
+resource "cloudflare_dns_record" "cname_autodiscover" {
+  zone_id = var.cloudflare_zone_id
+  name    = "autodiscover"
+  content = "eu1.workspace.org"
+  type    = "CNAME"
+  ttl     = 1
+  proxied = false
+}
+
+resource "cloudflare_dns_record" "cname_mail" {
+  zone_id = var.cloudflare_zone_id
+  name    = "mail"
+  content = "eu1.workspace.org"
+  type    = "CNAME"
+  ttl     = 1
+  proxied = false
+}
+
+resource "cloudflare_dns_record" "cname_smb" {
+  zone_id = var.cloudflare_zone_id
+  name    = "smb"
+  content = "u554364.your-storagebox.de"
+  type    = "CNAME"
+  ttl     = 1
+  proxied = false
+}
+
+# ------------------------------------------------------------------------------
+# MX Records
+# ------------------------------------------------------------------------------
+
+resource "cloudflare_dns_record" "mx_root" {
+  zone_id  = var.cloudflare_zone_id
+  name     = "@"
+  content  = "eu1.workspace.org"
+  type     = "MX"
+  ttl      = 1
+  priority = 10
+}
+
+# ------------------------------------------------------------------------------
+# TXT Records
+# ------------------------------------------------------------------------------
+
+resource "cloudflare_dns_record" "txt_dmarc" {
+  zone_id = var.cloudflare_zone_id
+  name    = "_dmarc"
+  content = "v=DMARC1; p=none; sp=none"
+  type    = "TXT"
+  ttl     = 1
+}
+
+resource "cloudflare_dns_record" "txt_domainkey" {
+  zone_id = var.cloudflare_zone_id
+  name    = "nd8ddf6995beebee4._domainkey"
+  content = "v=DKIM1;k=rsa;h=sha256;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoi3yX1W5V6a9QbEXo00k9JCZ8Vew5rQEanHLIY0cOxCauAIZZIrhQsexZ0j45EFVtfMrBHeddUtolVSSDHvvJg49HzJqWsKOsN061uBgmdN69JEtzme04pRmz/7H+3Y0QDUSYDd+ffYzWaouplFqGuhYkQ5QG2J1JzofcetuAkQICIgWStcOO+av5WoyTdxfqsY64d/XFP4PZJJHX0XA1P2YaSuyNF5c7nv/+a9A6F5+OrgZhFNNWjUurkKKhFzhbR82BUPTXVuG3EI5wSQcIYjhXgINagsmvVyPL1XP584qtnq0ScGysSkh0T3Vhg/Kob9eHX1du7mZj7G0z3PHmwIDAQAB"
+  type    = "TXT"
+  ttl     = 1
+}
+
+resource "cloudflare_dns_record" "txt_spf" {
+  zone_id = var.cloudflare_zone_id
+  name    = "@"
+  content = "v=spf1 include:_spf.workspace.org -all"
+  type    = "TXT"
+  ttl     = 1
+}