change m0 dns

Tietokilta · Jan 25, 2024 · 88b31e4 · 88b31e4
1 parent 9089132
commit 88b31e4
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 97 deletions.
diff --git a/modules/m0/dns.tf b/modules/m0/dns.tf
@@ -7,24 +7,6 @@ terraform {
   }
 }
 
-# A record for root
-resource "azurerm_dns_a_record" "root_a" {
-  name                = "@"
-  resource_group_name = azurerm_resource_group.dns_rg.name
-  zone_name           = azurerm_dns_zone.m0_zone.name
-  ttl                 = 300
-  records             = ["76.76.21.21"]
-}
-
-# CNAME record for www.
-resource "azurerm_dns_cname_record" "www_cname" {
-  name                = "www"
-  resource_group_name = azurerm_resource_group.dns_rg.name
-  zone_name           = azurerm_dns_zone.m0_zone.name
-  ttl                 = 300
-  record              = "cname.vercel-dns.com."
-}
-
 resource "azurerm_resource_group" "dns_rg" {
   name     = "dns-m0-rg"
   location = var.resource_group_location
@@ -35,16 +17,6 @@ resource "azurerm_dns_zone" "m0_zone" {
   resource_group_name = "dns-m0-rg"
 }
 
-
-# # CNAME record for www.
-# resource "azurerm_dns_cname_record" "www_cname" {
-#   name                = "www"
-#   resource_group_name = azurerm_resource_group.dns_rg.name
-#   zone_name           = azurerm_dns_zone.m0_zone.name
-#   ttl                 = 300
-#   record              = "@"
-# }
-
 # MX records for Mailgun
 resource "azurerm_dns_mx_record" "m0_mx" {
   name                = var.mail_subdomain
@@ -106,29 +78,38 @@ resource "azurerm_dns_txt_record" "m0_dmarc" {
   }
 }
 
-# #A record for the web app
-# resource "azurerm_dns_a_record" "m0_a" {
-#   name                = "@"
-#   resource_group_name = azurerm_resource_group.dns_rg.name
-#   zone_name           = azurerm_dns_zone.m0_zone.name
-#   ttl                 = 300
-#   records             = data.dns_a_record_set.m0_dns_fetch.addrs
-# }
+#A record for the web app
+resource "azurerm_dns_a_record" "m0_a" {
+  name                = "@"
+  resource_group_name = azurerm_resource_group.dns_rg.name
+  zone_name           = azurerm_dns_zone.m0_zone.name
+  ttl                 = 300
+  records             = data.dns_a_record_set.m0_dns_fetch.addrs
+}
+
+# CNAME record for www.
+resource "azurerm_dns_cname_record" "www_cname" {
+  name                = "www"
+  resource_group_name = azurerm_resource_group.dns_rg.name
+  zone_name           = azurerm_dns_zone.m0_zone.name
+  ttl                 = 300
+  record              = "@"
+}
 
-# # Azure verification key
-# resource "azurerm_dns_txt_record" "m0_asuid" {
-#   name                = "asuid"
-#   resource_group_name = azurerm_resource_group.dns_rg.name
-#   zone_name           = azurerm_dns_zone.m0_zone.name
-#   ttl                 = 300
+# Azure verification key
+resource "azurerm_dns_txt_record" "m0_asuid" {
+  name                = "asuid"
+  resource_group_name = azurerm_resource_group.dns_rg.name
+  zone_name           = azurerm_dns_zone.m0_zone.name
+  ttl                 = 300
 
-#   record {
-#     value = azurerm_linux_web_app.frontend.custom_domain_verification_id
-#   }
-# }
+  record {
+    value = azurerm_linux_web_app.frontend.custom_domain_verification_id
+  }
+}
 
-# # https://github.com/hashicorp/terraform-provider-azurerm/issues/14642#issuecomment-1084728235
-# # Currently, the azurerm provider doesn't give us the IP address, so we need to fetch it ourselves.
-# data "dns_a_record_set" "m0_dns_fetch" {
-#   host = azurerm_linux_web_app.frontend.default_hostname
-# }
+# https://github.com/hashicorp/terraform-provider-azurerm/issues/14642#issuecomment-1084728235
+# Currently, the azurerm provider doesn't give us the IP address, so we need to fetch it ourselves.
+data "dns_a_record_set" "m0_dns_fetch" {
+  host = azurerm_linux_web_app.frontend.default_hostname
+}
diff --git a/modules/m0/main.tf b/modules/m0/main.tf
@@ -108,49 +108,49 @@ resource "azurerm_linux_web_app" "strapi" {
 }
 
 
-# resource "azurerm_app_service_custom_hostname_binding" "m0_hostname_binding" {
-#   hostname            = local.fqdn
-#   app_service_name    = azurerm_linux_web_app.frontend.name
-#   resource_group_name = var.web_resource_group_name
-
-#   # Deletion may need manual work.
-#   # https://github.com/hashicorp/terraform-provider-azurerm/issues/11231
-#   # TODO: Add dependencies for creation
-#   depends_on = [
-#     azurerm_dns_a_record.m0_a,
-#     azurerm_dns_txt_record.m0_asuid
-#   ]
-# }
-# resource "random_password" "m0_cert_password" {
-#   length  = 48
-#   special = false
-# }
-
-# resource "acme_certificate" "m0_acme_cert" {
-#   account_key_pem          = var.acme_account_key
-#   common_name              = local.fqdn
-#   key_type                 = "2048" # RSA
-#   certificate_p12_password = random_password.m0_cert_password.result
-
-#   dns_challenge {
-#     provider = "azure"
-#     config = {
-#       AZURE_RESOURCE_GROUP = azurerm_resource_group.dns_rg.name
-#       AZURE_ZONE_NAME      = azurerm_dns_zone.m0_zone.name
-#     }
-#   }
-# }
-
-# resource "azurerm_app_service_certificate" "m0_cert" {
-#   name                = "m0-cert-${terraform.workspace}"
-#   resource_group_name = var.web_resource_group_name
-#   location            = var.resource_group_location
-#   pfx_blob            = acme_certificate.m0_acme_cert.certificate_p12
-#   password            = acme_certificate.m0_acme_cert.certificate_p12_password
-# }
-
-# resource "azurerm_app_service_certificate_binding" "m0_cert_binding" {
-#   certificate_id      = azurerm_app_service_certificate.m0_cert.id
-#   hostname_binding_id = azurerm_app_service_custom_hostname_binding.m0_hostname_binding.id
-#   ssl_state           = "SniEnabled"
-# }
+resource "azurerm_app_service_custom_hostname_binding" "m0_hostname_binding" {
+  hostname            = local.fqdn
+  app_service_name    = azurerm_linux_web_app.frontend.name
+  resource_group_name = var.web_resource_group_name
+
+  # Deletion may need manual work.
+  # https://github.com/hashicorp/terraform-provider-azurerm/issues/11231
+  # TODO: Add dependencies for creation
+  depends_on = [
+    azurerm_dns_a_record.m0_a,
+    azurerm_dns_txt_record.m0_asuid
+  ]
+}
+resource "random_password" "m0_cert_password" {
+  length  = 48
+  special = false
+}
+
+resource "acme_certificate" "m0_acme_cert" {
+  account_key_pem          = var.acme_account_key
+  common_name              = local.fqdn
+  key_type                 = "2048" # RSA
+  certificate_p12_password = random_password.m0_cert_password.result
+
+  dns_challenge {
+    provider = "azure"
+    config = {
+      AZURE_RESOURCE_GROUP = azurerm_resource_group.dns_rg.name
+      AZURE_ZONE_NAME      = azurerm_dns_zone.m0_zone.name
+    }
+  }
+}
+
+resource "azurerm_app_service_certificate" "m0_cert" {
+  name                = "m0-cert-${terraform.workspace}"
+  resource_group_name = var.web_resource_group_name
+  location            = var.resource_group_location
+  pfx_blob            = acme_certificate.m0_acme_cert.certificate_p12
+  password            = acme_certificate.m0_acme_cert.certificate_p12_password
+}
+
+resource "azurerm_app_service_certificate_binding" "m0_cert_binding" {
+  certificate_id      = azurerm_app_service_certificate.m0_cert.id
+  hostname_binding_id = azurerm_app_service_custom_hostname_binding.m0_hostname_binding.id
+  ssl_state           = "SniEnabled"
+}