From 11ffc23871bc1f01554267fdf51f68c6030832da Mon Sep 17 00:00:00 2001
From: shockrah <dev@shockrah.xyz>
Date: Sat, 11 Feb 2023 20:56:52 -0800
Subject: [PATCH] Cleaning up DNS Records and updating certs to account for
 root domains For now we're just going to worry about the main blog and
 resume.shockrah.xyz In the reverse-proxy image * Resume pipelines will not
 work in this state and will need way of updating their part of the image for
 ECS to pull updates*

---
 infra/cert.tf                 |  7 ++++---
 infra/route53-shockrah-xyz.tf | 29 +++++++++++++++++++----------
 2 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/infra/cert.tf b/infra/cert.tf
index e1c6327..423d00e 100644
--- a/infra/cert.tf
+++ b/infra/cert.tf
@@ -7,8 +7,8 @@
 # Base cerificate for shockrah_xyz
 ##################################
 resource "aws_acm_certificate" "shockrah_xyz" {
-  # TODO: replace this with wildcard once we're ready
-  domain_name   = "blog.shockrah.xyz"
+  domain_name   = "*.shockrah.xyz"
+  subject_alternative_names = [ "shockrah.xyz" ]
   validation_method = "DNS"
 
   lifecycle {
@@ -20,6 +20,7 @@ resource "aws_acm_certificate" "shockrah_xyz" {
 #####################################
 resource "aws_acm_certificate" "project_athens_xyz" {
   domain_name       = "*.project-athens.xyz"
+  subject_alternative_names = [ "project-athens.xyz" ]
   validation_method = "DNS"
 
   lifecycle {
@@ -56,4 +57,4 @@ resource "aws_acm_certificate_validation" "shockrah_xyz" {
 resource "aws_acm_certificate_validation" "project_athens_xyz" {
   certificate_arn = aws_acm_certificate.project_athens_xyz.arn
   validation_record_fqdns = [ aws_route53_record.project_athens_xyz_cert.fqdn ]
-}
\ No newline at end of file
+}
diff --git a/infra/route53-shockrah-xyz.tf b/infra/route53-shockrah-xyz.tf
index 9a29037..bc38141 100644
--- a/infra/route53-shockrah-xyz.tf
+++ b/infra/route53-shockrah-xyz.tf
@@ -34,15 +34,10 @@ locals {
       ttl     = 300
       records = [ "v=spf1 include:_mailcust.gandi.net ?all" ]
     },
-    { name = "shockrah.xyz",          records = [ aws_eip.beta_eip.public_ip ] },
-    { name = "freechat.shockrah.xyz", records = [ aws_eip.beta_eip.public_ip ] },
-    { name = "resume.shockrah.xyz",   records = [ aws_eip.beta_eip.public_ip ] },
-    { name = "www.shockrah.xyz",      records = [ aws_eip.beta_eip.public_ip ] },
-    {
-      name = "blog.shockrah.xyz"
-      type = "CNAME"
-      records = [ aws_lb.alpha.dns_name ]
-    },
+    { name = "www.shockrah.xyz",      records = [ aws_lb.alpha.dns_name ] },
+    { name = "resume.shockrah.xyz",   records = [ aws_lb.alpha.dns_name ] }
+    # NOTE: This one requires a proper rebuild to function
+    #{ name = "freechat.shockrah.xyz", records = [ aws_eip.beta_eip.public_ip ] },
   ]
 }
 
@@ -54,8 +49,22 @@ resource "aws_route53_record" "shockrah-xyz-record" {
 
   zone_id = aws_route53_zone.shockrah-xyz.id
   name    = each.value.name
-  type    = lookup(each.value, "type", "A")
+  type    = lookup(each.value, "type", "CNAME")
   ttl     = lookup(each.value, "ttl", 300)
   records = each.value.records
 }
 
+resource "aws_route53_record" "shockrah-xyz-apex" {
+  zone_id = aws_route53_zone.shockrah-xyz.id
+  name = "shockrah.xyz"
+  type = "A"
+
+  alias {
+    name    = aws_lb.alpha.dns_name
+    zone_id = aws_lb.alpha.zone_id
+    evaluate_target_health = true
+  }
+}
+
+
+