chore: new dns zone and dns records (#363)

immich-app · Jan 29, 2025 · f68558b · f68558b
1 parent 01cc16a
commit f68558b
Show file tree

Hide file tree

Showing 4 changed files with 291 additions and 0 deletions.
diff --git a/tf/deployment/modules/cloudflare/account/dns-immich-app.tf b/tf/deployment/modules/cloudflare/account/dns-immich-app.tf
@@ -43,6 +43,33 @@ resource "cloudflare_record" "immich_app_aaaa_discord" {
   zone_id = cloudflare_zone.immich_app.id
 }
 
+resource "cloudflare_record" "immich_app_aaaa_store" {
+  name    = "store"
+  proxied = true
+  ttl     = 1
+  type    = "AAAA"
+  content = "100::"
+  zone_id = cloudflare_zone.immich_app.id
+}
+
+resource "cloudflare_record" "immich_app_aaaa_shop" {
+  name    = "shop"
+  proxied = true
+  ttl     = 1
+  type    = "AAAA"
+  content = "100::"
+  zone_id = cloudflare_zone.immich_app.id
+}
+
+resource "cloudflare_record" "immich_app_aaaa_merch" {
+  name    = "merch"
+  proxied = true
+  ttl     = 1
+  type    = "AAAA"
+  content = "100::"
+  zone_id = cloudflare_zone.immich_app.id
+}
+
 resource "cloudflare_record" "immich_app_cname__domainconnect" {
   name    = "_domainconnect"
   proxied = true

diff --git a/tf/deployment/modules/cloudflare/account/dns-immich-store.tf b/tf/deployment/modules/cloudflare/account/dns-immich-store.tf
@@ -0,0 +1,210 @@
+resource "cloudflare_record" "immich_store_a_demo_root" {
+  name    = "@"
+  proxied = false
+  ttl     = 1
+  type    = "A"
+  content = "34.117.223.165"
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_cname_www" {
+  name    = "www"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  content = "immich.store"
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_cname_em_fw_support" {
+  name    = "em-fw.support"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  content = "u48267109.wl110.sendgrid.net."
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_cname_s1__domainkey_support" {
+  name    = "s1._domainkey.support"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  content = "s1.domainkey.u48267109.wl110.sendgrid.net."
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_cname_s2__domainkey_support" {
+  name    = "s2._domainkey.support"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  content = "s2.domainkey.u48267109.wl110.sendgrid.net."
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_cname_zendesk1__domainkey_support" {
+  name    = "zendesk1._domainkey.support"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  content = "zendesk1._domainkey.zendesk.com."
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_cname_zendesk2__domainkey_support" {
+  name    = "zendesk2._domainkey.support"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  content = "zendesk2._domainkey.zendesk.com."
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_cname_zendesk1_support" {
+  name    = "zendesk1.support"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  content = "mail1.zendesk.com."
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_cname_zendesk2_support" {
+  name    = "zendesk2.support"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  content = "mail2.zendesk.com."
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_cname_zendesk3_support" {
+  name    = "zendesk3.support"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  content = "mail3.zendesk.com."
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_cname_zendesk4_support" {
+  name    = "zendesk4.support"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  content = "mail4.zendesk.com."
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_txt_zendeskverification_support" {
+  name    = "zendeskverification.support"
+  proxied = false
+  ttl     = 1
+  type    = "TXT"
+  content = "\"66c266412210c4b5\""
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_txt__dmarc_support" {
+  name    = "_dmarc.support"
+  proxied = false
+  ttl     = 1
+  type    = "TXT"
+  content = "\"v=DMARC1; p=reject; pct=100; rua=mailto:[email protected]\""
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_txt_support" {
+  name    = "support"
+  proxied = false
+  ttl     = 1
+  type    = "TXT"
+  content = "\"v=spf1 include:_spf.google.com include:mail.zendesk.com include:spf.improvmx.com include:sendgrid.net ~all\""
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_mx_support_10" {
+  name     = "support"
+  priority = 10
+  proxied  = false
+  ttl      = 1
+  type     = "MX"
+  content  = "mx1.improvmx.com."
+  zone_id  = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_mx_support_20" {
+  name     = "support"
+  priority = 20
+  proxied  = false
+  ttl      = 1
+  type     = "MX"
+  content  = "mx2.improvmx.com."
+  zone_id  = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_mx_root_10" {
+  name     = "@"
+  priority = 10
+  proxied  = false
+  ttl      = 1
+  type     = "MX"
+  content  = "in1-smtp.messagingengine.com"
+  zone_id  = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_mx_root_20" {
+  name     = "@"
+  priority = 20
+  proxied  = false
+  ttl      = 1
+  type     = "MX"
+  content  = "in2-smtp.messagingengine.com"
+  zone_id  = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_cname_dkim_fm1" {
+  name    = "fm1._domainkey"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  content = "fm1.immich.store.dkim.fmhosted.com"
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_cname_dkim_fm2" {
+  name    = "fm2._domainkey"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  content = "fm2.immich.store.dkim.fmhosted.com"
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_cname_dkim_fm3" {
+  name    = "fm3._domainkey"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  content = "fm3.immich.store.dkim.fmhosted.com"
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_txt_root_fastmail_mx" {
+  name    = "@"
+  proxied = false
+  ttl     = 1
+  type    = "TXT"
+  content = "\"v=spf1 include:spf.messagingengine.com -all\""
+  zone_id = cloudflare_zone.immich_store.id
+}
+
+resource "cloudflare_record" "immich_store_txt_dmarc_immich_store" {
+  name    = "_dmarc"
+  proxied = false
+  ttl     = 1
+  type    = "TXT"
+  content = "\"v=DMARC1; p=reject; rua=mailto:[email protected]\""
+  zone_id = cloudflare_zone.immich_store.id
+}
diff --git a/tf/deployment/modules/cloudflare/account/redirects.tf b/tf/deployment/modules/cloudflare/account/redirects.tf
@@ -21,6 +21,22 @@ resource "cloudflare_ruleset" "immich_app_redirects" {
     enabled     = true
   }
 
+  rules {
+    action = "redirect"
+    action_parameters {
+      from_value {
+        status_code = 307
+        target_url {
+          value = "https://immich.store"
+        }
+        preserve_query_string = true
+      }
+    }
+    expression  = "(http.host eq \"store.immich.app\" or http.host eq \"shop.immich.app\" or http.host eq \"merch.immich.app\")"
+    description = "Redirect visitors going to store or shop on immich.app to immich.store"
+    enabled     = true
+  }
+
   rules {
     action = "redirect"
     action_parameters {
@@ -93,3 +109,4 @@ resource "cloudflare_ruleset" "immich_cloud_redirects" {
     enabled     = true
   }
 }
+
diff --git a/tf/deployment/modules/cloudflare/account/zones.tf b/tf/deployment/modules/cloudflare/account/zones.tf
@@ -55,3 +55,40 @@ resource "cloudflare_tiered_cache" "immich_cloud" {
 output "immich_cloud_zone_id" {
   value = cloudflare_zone.immich_cloud.id
 }
+
+resource "cloudflare_zone" "immich_store" {
+  account_id = var.cloudflare_account_id
+  zone       = "immich.store"
+}
+
+resource "cloudflare_zone_settings_override" "immich_store" {
+  zone_id = cloudflare_zone.immich_store.id
+
+  settings {
+    http3            = "on"
+    zero_rtt         = "on"
+    tls_1_3          = "zrt"
+    always_use_https = "on"
+    ssl              = "strict"
+    brotli           = "on"
+    fonts            = "on"
+    early_hints      = "on"
+    rocket_loader    = "on"
+    speed_brain      = "on"
+  }
+}
+
+resource "cloudflare_tiered_cache" "immich_store" {
+  zone_id    = cloudflare_zone.immich_store.id
+  cache_type = "smart"
+}
+
+import {
+  to = cloudflare_zone.immich_store
+  id = "480716ce895e047f0a428292e1ccbe98"
+}
+
+
+output "immich_store_zone_id" {
+  value = cloudflare_zone.immich_store.id
+}