diff --git a/terraform/environments/production/dns.tf b/terraform/environments/production/dns.tf index 44eca7896..07cd9f9b2 100644 --- a/terraform/environments/production/dns.tf +++ b/terraform/environments/production/dns.tf @@ -15,17 +15,6 @@ resource "google_dns_record_set" "dns-caa" { # Website -# Vercel doesn't support IPv6 -# resource "google_dns_record_set" "website-ipv6" { -# project = module.google-cloud-project.project.project_id -# managed_zone = module.google-cloud-dns.zone_name - -# type = "AAAA" -# name = module.google-cloud-dns.dns_name -# rrdatas = ["2001:19f0:ac02:bb:5400:4ff:fe47:6bdf"] -# ttl = 3600 -# } - resource "google_dns_record_set" "website-ipv4" { project = module.google-cloud-project.project.project_id managed_zone = module.google-cloud-dns.zone_name @@ -46,16 +35,6 @@ resource "google_dns_record_set" "website-www-redirect" { ttl = 3600 } -resource "google_dns_record_set" "status-page" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "CNAME" - name = "status.${module.google-cloud-dns.dns_name}" - rrdatas = ["bs4nszn1hdh6.stspg-customer.com."] - ttl = 3600 -} - resource "google_dns_record_set" "blog-ipv4" { project = module.google-cloud-project.project.project_id managed_zone = module.google-cloud-dns.zone_name @@ -95,101 +74,8 @@ resource "google_dns_record_set" "docs-ipv6" { ttl = 3600 } -## TODO: get rid off this one -resource "google_dns_record_set" "awsdemo-ipv4" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "A" - name = "awsdemo.${module.google-cloud-dns.dns_name}" - rrdatas = ["52.200.241.107"] - ttl = 3600 -} - -resource "google_dns_record_set" "awsdemo-acme-verification" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "TXT" - name = "_acme-challenge.awsdemo.${module.google-cloud-dns.dns_name}" - rrdatas = ["sX54Me2woKpf_iLC4R9Il_8U8OuMTtGqRXOo5fveCNU"] - ttl = 3600 -} - -## TODO: get rid off this one -resource "google_dns_record_set" "docker-dev-ipv4" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "A" - name = "docker-dev.${module.google-cloud-dns.dns_name}" - rrdatas = ["3.101.147.119"] - ttl = 3600 -} - # Third-party services -## Sendgrid -resource "google_dns_record_set" "sendgrid-project" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "CNAME" - name = "23539796.${module.google-cloud-dns.dns_name}" - rrdatas = ["sendgrid.net."] - ttl = 3600 -} - -resource "google_dns_record_set" "sendgrid-return-1" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "CNAME" - name = "em8227.${module.google-cloud-dns.dns_name}" - rrdatas = ["u23539796.wl047.sendgrid.net."] - ttl = 3600 -} - -resource "google_dns_record_set" "sendgrid-return-2" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "CNAME" - name = "url6320.${module.google-cloud-dns.dns_name}" - rrdatas = ["sendgrid.net."] - ttl = 3600 -} - -resource "google_dns_record_set" "sendgrid-domainkey1" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "CNAME" - name = "s1._domainkey.${module.google-cloud-dns.dns_name}" - rrdatas = ["s1.domainkey.u23539796.wl047.sendgrid.net."] - ttl = 3600 -} - -resource "google_dns_record_set" "sendgrid-domainkey2" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "CNAME" - name = "s2._domainkey.${module.google-cloud-dns.dns_name}" - rrdatas = ["s2.domainkey.u23539796.wl047.sendgrid.net."] - ttl = 3600 -} - -resource "google_dns_record_set" "sendgrid-reverse-dns" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "A" - name = "o1.ptr3213.${module.google-cloud-dns.dns_name}" - rrdatas = ["159.183.164.144"] - ttl = 3600 -} - # Mailgun resource "google_dns_record_set" "mailgun-dkim" { @@ -209,31 +95,6 @@ resource "google_dns_record_set" "mailgun-dkim" { ] } -# Postmark - -resource "google_dns_record_set" "postmark-dkim" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - name = "20231019190050pm._domainkey.${module.google-cloud-dns.dns_name}" - type = "TXT" - ttl = 3600 - - rrdatas = [ - "k=rsa;p=k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClXI0pMLt49Ib2jTQ3bCIw1QtEySHuaaOzk3Li0c9R3xAuOtt2PcxNx1TEgIdOA7fw6ONN1YyPf68NXOw7J3dV1Ldfln6VxRYcXaPSqhNtftaK87Rr6VqiJRiP4iEYQi4IQa9JJ4Za6s/aSLmji5mob7u3iI/Bj412Krkao6wLwwIDAQAB" - ] -} - -resource "google_dns_record_set" "postmark-return" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "CNAME" - name = "pm-bounces.${module.google-cloud-dns.dns_name}" - rrdatas = ["pm.mtasv.net."] - ttl = 3600 -} - # GitHub resource "google_dns_record_set" "github-verification" { @@ -249,21 +110,6 @@ resource "google_dns_record_set" "github-verification" { ] } -# Twilio - -resource "google_dns_record_set" "twilio-verification" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - name = "_twilio.${module.google-cloud-dns.dns_name}" - type = "TXT" - ttl = 3600 - - rrdatas = [ - "twilio-domain-verification=12fc8b0170bb9b63e4b6de67a5c923f0" - ] -} - # Google Workspace resource "google_dns_record_set" "google-mail" { @@ -310,7 +156,6 @@ resource "google_dns_record_set" "root-verifications" { "google-site-verification=hbBLPfTlejIaxyFTPZN0RaIk6Y6qhQTG2yma7I06Emo", "google-site-verification=oAugt2Arr7OyWaqJ0bkytkmIE-VQ8D_IFa-rdNiqa8s", "google-site-verification=VDl82gbqVHJW6un8Mcki6qDhL_OGK6G8ByOB6qhaVbg", - "protonmail-verification=775efd155d2dec59fc6341d6bbfec288038f1917", "oneleet-domain-verification-72120df0-57da-4da7-b7bf-e26eaee9dd85" ] } @@ -328,67 +173,6 @@ resource "google_dns_record_set" "google-dkim" { ] } -## ext. domain email server -## TODO: get rid off this -resource "google_dns_record_set" "google-ext-mail" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - name = "ext.${module.google-cloud-dns.dns_name}" - - type = "MX" - ttl = 3600 - - rrdatas = [ - "1 aspmx.l.google.com.", - "5 alt1.aspmx.l.google.com.", - "5 alt2.aspmx.l.google.com.", - "10 alt3.aspmx.l.google.com.", - "10 alt4.aspmx.l.google.com." - ] -} - -resource "google_dns_record_set" "google-ext-dmarc" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - - name = "_dmarc.ext.${module.google-cloud-dns.dns_name}" - type = "TXT" - ttl = 3600 - - rrdatas = [ - "\"v=DMARC1;\" \"p=reject;\" \"rua=mailto:dmarc-reports@firezone.dev;\" \"pct=100;\" \"adkim=s;\" \"aspf=s\"", - "google-site-verification=xlFwz_eC6ksZ1dAJKwNzFISlZRpFRQ2mggo851altmI" - ] -} - -resource "google_dns_record_set" "google-ext-spf" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - name = "ext.${module.google-cloud-dns.dns_name}" - type = "TXT" - ttl = 3600 - - rrdatas = [ - "\"v=spf1 include:_spf.google.com ~all\"" - ] -} - -resource "google_dns_record_set" "google-ext-dkim" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - name = "google._domainkey.ext.${module.google-cloud-dns.dns_name}" - type = "TXT" - ttl = 3600 - - rrdatas = [ - "\"v=DKIM1;\" \"k=rsa;\" \"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubhkd+M9O2fILLpfRzCN5vhd81uSfaCbfeQ5Uf/BsBnuJ8AYOsyW\" \"bzy3UYU1y2JnJi1D8U+o1idcTPC1wB1okBHUnohI1O9hRDHb5NzV4NTxK0D36ESbgGzv94xu1n1GfxoO/wWga69eu/unz79/SRdVEida09bF0eXg9q\" \"5dtyIPI9NvYGtKAvLIABYHkutlUA2dNggraVTXldTlccMWmtd9uzemBg0bpN6zxygSLM9PSsEf0WEJJYvUXrEIQI4o9Ujh1/PqIgRpdqRAbmyhO3BobGNm5qmn3i1ZxWF0L\" \"T8zC3QShMPO+BagJlDav1ZNxBtih+vqqeyJvm8gwPXHiQIDAQAB\"" - ] -} - # Oneleet Trust page resource "google_dns_record_set" "oneleet-trust" { @@ -405,6 +189,7 @@ resource "google_dns_record_set" "oneleet-trust" { } # Stripe checkout pages + resource "google_dns_record_set" "stripe-checkout" { project = module.google-cloud-project.project.project_id managed_zone = module.google-cloud-dns.zone_name @@ -426,6 +211,7 @@ resource "google_dns_record_set" "stripe-checkout-acme" { } # HubSpot + resource "google_dns_record_set" "hubspot-domainkey1" { project = module.google-cloud-project.project.project_id managed_zone = module.google-cloud-dns.zone_name @@ -445,35 +231,3 @@ resource "google_dns_record_set" "hubspot-domainkey2" { rrdatas = ["firezone-dev.hs07b.dkim.hubspotemail.net."] ttl = 3600 } - -# Proton -## TODO: get rid off this -resource "google_dns_record_set" "proton-domainkey1" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "CNAME" - name = "protonmail._domainkey.${module.google-cloud-dns.dns_name}" - rrdatas = ["protonmail.domainkey.dbmieophzl5yorultqalvxh5cjl65qstyplotj4asfsqiqan6337a.domains.proton.ch."] - ttl = 3600 -} - -resource "google_dns_record_set" "proton-domainkey2" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "CNAME" - name = "protonmail2._domainkey.${module.google-cloud-dns.dns_name}" - rrdatas = ["protonmail2.domainkey.dbmieophzl5yorultqalvxh5cjl65qstyplotj4asfsqiqan6337a.domains.proton.ch."] - ttl = 3600 -} - -resource "google_dns_record_set" "proton-domainkey3" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "CNAME" - name = "protonmail3._domainkey.${module.google-cloud-dns.dns_name}" - rrdatas = ["protonmail3.domainkey.dbmieophzl5yorultqalvxh5cjl65qstyplotj4asfsqiqan6337a.domains.proton.ch."] - ttl = 3600 -} diff --git a/terraform/environments/staging/dns.tf b/terraform/environments/staging/dns.tf index 5dac3dba1..0412ed53b 100644 --- a/terraform/environments/staging/dns.tf +++ b/terraform/environments/staging/dns.tf @@ -13,7 +13,7 @@ resource "google_dns_record_set" "dns-caa" { ttl = 3600 } -# Website +# Website -- these redirect to firezone.dev resource "google_dns_record_set" "website-ipv6" { project = module.google-cloud-project.project.project_id @@ -45,29 +45,7 @@ resource "google_dns_record_set" "website-www-redirect" { ttl = 3600 } -# Our team's Firezone instance(s) - -resource "google_dns_record_set" "dogfood" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "A" - name = "dogfood.${module.google-cloud-dns.dns_name}" - rrdatas = ["45.63.56.50"] - ttl = 3600 -} - -resource "google_dns_record_set" "awsfz1" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "CNAME" - name = "awsfz1.${module.google-cloud-dns.dns_name}" - rrdatas = ["ec2-52-200-241-107.compute-1.amazonaws.com."] - ttl = 3600 -} - -# Our MAIN discourse instance, do not change this! +# Our community forum, discourse resource "google_dns_record_set" "discourse" { project = module.google-cloud-project.project.project_id @@ -79,50 +57,6 @@ resource "google_dns_record_set" "discourse" { ttl = 300 } -# VPN-protected DNS records - -resource "google_dns_record_set" "metabase" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "A" - name = "metabase.${module.google-cloud-dns.dns_name}" - rrdatas = ["10.5.96.5"] - ttl = 3600 -} - -# Wireguard test servers - -resource "google_dns_record_set" "wg0" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "A" - name = "wg0.${module.google-cloud-dns.dns_name}" - rrdatas = ["54.151.104.17"] - ttl = 3600 -} - -resource "google_dns_record_set" "wg1" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "A" - name = "wg1.${module.google-cloud-dns.dns_name}" - rrdatas = ["54.183.57.227"] - ttl = 3600 -} - -resource "google_dns_record_set" "wg2" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "A" - name = "wg2.${module.google-cloud-dns.dns_name}" - rrdatas = ["54.177.212.45"] - ttl = 3600 -} - # Connectivity check servers resource "google_dns_record_set" "ping-backend" { @@ -158,16 +92,6 @@ resource "google_dns_record_set" "ping-ipv6" { # Telemetry servers -resource "google_dns_record_set" "old-ipv4" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "A" - name = "old-telemetry.${module.google-cloud-dns.dns_name}" - rrdatas = ["143.244.211.244"] - ttl = 3600 -} - resource "google_dns_record_set" "t-ipv4" { project = module.google-cloud-project.project.project_id managed_zone = module.google-cloud-dns.zone_name @@ -210,56 +134,7 @@ resource "google_dns_record_set" "telemetry-ipv6" { # Third-party services -## Sendgrid -resource "google_dns_record_set" "sendgrid-project" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "CNAME" - name = "23539796.${module.google-cloud-dns.dns_name}" - rrdatas = ["sendgrid.net."] - ttl = 3600 -} - -resource "google_dns_record_set" "sendgrid-return-1" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "CNAME" - name = "em3706.${module.google-cloud-dns.dns_name}" - rrdatas = ["u23539796.wl047.sendgrid.net."] - ttl = 3600 -} - -resource "google_dns_record_set" "sendgrid-return-2" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "CNAME" - name = "url6320.${module.google-cloud-dns.dns_name}" - rrdatas = ["sendgrid.net."] - ttl = 3600 -} - -resource "google_dns_record_set" "sendgrid-domainkey1" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "CNAME" - name = "s1._domainkey.${module.google-cloud-dns.dns_name}" - rrdatas = ["s1.domainkey.u23539796.wl047.sendgrid.net."] - ttl = 3600 -} - -resource "google_dns_record_set" "sendgrid-domainkey2" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "CNAME" - name = "s2._domainkey.${module.google-cloud-dns.dns_name}" - rrdatas = ["s2.domainkey.u23539796.wl047.sendgrid.net."] - ttl = 3600 -} +# Mailgun resource "google_dns_record_set" "mailgun-dkim" { project = module.google-cloud-project.project.project_id @@ -278,31 +153,6 @@ resource "google_dns_record_set" "mailgun-dkim" { ] } -# Postmark - -resource "google_dns_record_set" "postmark-dkim" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - name = "20230606183724pm._domainkey.${module.google-cloud-dns.dns_name}" - type = "TXT" - ttl = 3600 - - rrdatas = [ - "k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGB97X54FpoXNFuuPpI2u18ymEHBvNGfaRVXn9KEKAnSIfayJ6V3m5C5WGmfv579gyvfdDm04NAVBMcxe6mkjZHsZwds7mPjOYmRlsCClcy6ITqHwPdGSqP0f4zes1AT3Sr1GCQkl/2CdjWzc7HLoyViPxcH17yJN8HlfCYg5waQIDAQAB" - ] -} - -resource "google_dns_record_set" "postmark-return" { - project = module.google-cloud-project.project.project_id - managed_zone = module.google-cloud-dns.zone_name - - type = "CNAME" - name = "pm-bounces.${module.google-cloud-dns.dns_name}" - rrdatas = ["pm.mtasv.net."] - ttl = 3600 -} - # Google Workspace resource "google_dns_record_set" "google-mail" {