From ee84c83582b12b9aaa007e231e677d5d7ba97096 Mon Sep 17 00:00:00 2001
From: Romain Paquet <rpqt@rpqt.fr>
Date: Thu, 17 Jul 2025 23:52:12 +0200
Subject: [PATCH] setup dns for turifer.dev mail

---
 infra/.terraform.lock.hcl | 22 ++++++++++++++++++++++
 infra/dns.tf              |  9 +++++++++
 infra/main.tf             |  4 ++++
 infra/providers.tf        |  6 ++++++
 infra/turifer.dev.zone    | 18 ++++++++++++++++++
 infra/variables.tf        |  8 ++++++++
 6 files changed, 67 insertions(+)
 create mode 100644 infra/turifer.dev.zone

diff --git a/infra/.terraform.lock.hcl b/infra/.terraform.lock.hcl
index 3f60a81..2ef5f5a 100644
--- a/infra/.terraform.lock.hcl
+++ b/infra/.terraform.lock.hcl
@@ -42,3 +42,25 @@ provider "registry.opentofu.org/hetznercloud/hcloud" {
     "zh:f20f7379876ede225f3b6f0719826706a171ea4c1dd438a8a3103dee8fe43ccc",
   ]
 }
+
+provider "registry.opentofu.org/ovh/ovh" {
+  version     = "2.5.0"
+  constraints = "2.5.0"
+  hashes = [
+    "h1:CrmFEWjczVhLWc2qzOktKSu8Q0U78uV8fnSHo54lMQg=",
+    "zh:1a11c3bc191c3417b41af5c56a66ac7071980f7babb390096b43aab3ac60fe7c",
+    "zh:1d46fa7c37468becb01d117463838f694a093e58a9b7d28347db2c377933db76",
+    "zh:22b83b15e878a9627477fe49e03dada3f4cd4357cb91cdb621394da690238542",
+    "zh:316541fc8bbf2fe14f4a484d878c63e4b949bd21a352e0ebf60d4848c96a338e",
+    "zh:50e72847a4b1d532e7abd5669408832ac1b49dcfda266378b8e2419d97f0f49a",
+    "zh:7582c8630edb3e83642e7a4b06fababeaf4833ce622c71220c38724d0e0231af",
+    "zh:a26714d6bd8e04acbbc94c708b151405c4b6fc20dc7060e0daef8395f1bb9ce0",
+    "zh:aa8be95462c5ca909c923cc3d44636eccc71cb25b51572fe7e2f68bc93c57612",
+    "zh:b520c0661c514586b2aa3105c4345eda4d34ef08b62fda2cc20a2bcb8cb88ab2",
+    "zh:be8125f1b6bc8aa93441ec9dd96db5f49d21b4dcc100c13028404b461da545c9",
+    "zh:c6aab9b6b04fa8483aa10c194eaab8e4a1fbffc64ad495f5027d496e5b2da214",
+    "zh:d537d85afc71c51d86b1031586c619c503df9462e0240d94984bc32273a03df2",
+    "zh:eaa9f41d33fa7731c4a937e80554a1b6b2042d273705e4c8fc983ba251193206",
+    "zh:f0d085065a0ada787ad080ddd6e7c646b8ca3a351712961de735d18c9d59af7c",
+  ]
+}
diff --git a/infra/dns.tf b/infra/dns.tf
index b28e757..3dc6b1a 100644
--- a/infra/dns.tf
+++ b/infra/dns.tf
@@ -21,3 +21,12 @@ resource "gandi_livedns_record" "rpqt_fr_radicle_aaaa" {
     hcloud_server.crocus_server.ipv6_address,
   ]
 }
+
+data "ovh_domain_zone" "turifer_dev" {
+  name = "turifer.dev"
+}
+
+resource "ovh_domain_zone_import" "turifer_dev_import" {
+  zone_name = "turifer.dev"
+  zone_file = file("./turifer.dev.zone")
+}
diff --git a/infra/main.tf b/infra/main.tf
index 15453d9..d8a499c 100644
--- a/infra/main.tf
+++ b/infra/main.tf
@@ -8,5 +8,9 @@ terraform {
       source  = "hetznercloud/hcloud"
       version = "~> 1.45"
     }
+    ovh = {
+      source  = "ovh/ovh"
+      version = "2.5.0"
+    }
   }
 }
diff --git a/infra/providers.tf b/infra/providers.tf
index d8d6d9b..440f8e8 100644
--- a/infra/providers.tf
+++ b/infra/providers.tf
@@ -5,3 +5,9 @@ provider "gandi" {
 provider "hcloud" {
   token = var.hcloud_token
 }
+
+provider "ovh" {
+  endpoint      = "ovh-eu"
+  client_id     = var.ovh_client_id
+  client_secret = var.ovh_client_secret
+}
diff --git a/infra/turifer.dev.zone b/infra/turifer.dev.zone
new file mode 100644
index 0000000..08e15b1
--- /dev/null
+++ b/infra/turifer.dev.zone
@@ -0,0 +1,18 @@
+$TTL 3600
+@	IN SOA dns100.ovh.net. tech.ovh.net. (2025071505 86400 3600 3600000 60)
+    IN NS     dns100.ovh.net.
+	IN NS     ns100.ovh.net.
+
+turifer.dev. 3000 IN TXT "hosted-email-verify=k5z4lcfc"
+turifer.dev. 3000 IN MX 10 aspmx1.migadu.com.
+turifer.dev. 3000 IN MX 20 aspmx2.migadu.com.
+turifer.dev. 3000 IN TXT "v=spf1 include:spf.migadu.com -all"
+key1._domainkey.turifer.dev. 3000 IN CNAME key1.turifer.dev._domainkey.migadu.com.
+key2._domainkey.turifer.dev. 3000 IN CNAME key2.turifer.dev._domainkey.migadu.com.
+key3._domainkey.turifer.dev. 3000 IN CNAME key3.turifer.dev._domainkey.migadu.com.
+_dmarc.turifer.dev. 3000 IN TXT "v=DMARC1; p=quarantine;"
+autoconfig.turifer.dev. 3000 IN CNAME autoconfig.migadu.com.
+_autodiscover._tcp.turifer.dev. 3000 IN SRV 0 1 443 autodiscover.migadu.com.
+_submissions._tcp.turifer.dev. 3000 IN SRV 0 1 465 smtp.migadu.com.
+_imaps._tcp.turifer.dev. 3000 IN SRV 0 1 993 imap.migadu.com.
+_pop3s._tcp.turifer.dev. 3000 IN SRV 0 1 995 pop.migadu.com.
diff --git a/infra/variables.tf b/infra/variables.tf
index 3bc7123..ff53bd1 100644
--- a/infra/variables.tf
+++ b/infra/variables.tf
@@ -5,3 +5,11 @@ variable "gandi_token" {
 variable "hcloud_token" {
   sensitive = true
 }
+
+variable "ovh_client_id" {
+  sensitive = true
+}
+
+variable "ovh_client_secret" {
+  sensitive = true
+}