RWejlgaard/pez-infra
1
0
Fork 0
mirror of https://github.com/RWejlgaard/pez-infra.git synced 2026-05-06 04:14:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
pez-infra/terraform
History
Rasmus "Pez" Wejlgaard b00791f1b1
Update SPF and tighten DMARC for poste.io (#5) 
* update SPF record: replace protonmail with poste.io mail server

PESO-77

- replace include:_spf.protonmail.ch with ip4:167.235.134.154 and ip6:2a01:4f8:1c1e:9c53::1 (nuremberg-a / mail.pez.sh)
- tighten from ~all (softfail) to -all (hardfail)

* tighten DMARC policy from p=none to p=quarantine

PESO-78

- enforce DMARC with p=quarantine (failed messages get quarantined)
- add adkim=r and aspf=r for relaxed DKIM/SPF alignment
2026-03-28 20:46:50 +00:00
..
.gitignore initial commit 2026-03-28 12:39:41 +00:00
cloudflare_account.tf initial commit 2026-03-28 12:39:41 +00:00
cloudflare_dns.tf Update SPF and tighten DMARC for poste.io (#5) 2026-03-28 20:46:50 +00:00
Makefile initial commit 2026-03-28 12:39:41 +00:00
providers.tf initial commit 2026-03-28 12:39:41 +00:00
README.md initial commit 2026-03-28 12:39:41 +00:00
secrets.enc.yaml initial commit 2026-03-28 12:39:41 +00:00
vars.tf initial commit 2026-03-28 12:39:41 +00:00

README.md

Terraform

Infrastructure-as-code for cloud and edge services. Uses OpenTofu (drop-in Terraform replacement).

What's managed

  • Cloudflare DNS — All pez.sh records (A, CNAME, MX, TXT)

CI/CD

The original GitHub Actions workflow (apply.yml) ran plan on push to master, then applied with manual approval via a prod environment gate. This workflow lived in the standalone pez-terraform repo and would need adapting for the monorepo structure (e.g., path-filtered triggers).

Provider versions

Provider Source Version
Cloudflare cloudflare/cloudflare ~> 5.18
OpenTofu >= 1.6.0

Migrated from

This directory replaces the standalone pez-terraform repo.