docs(readme): expand Example Usage section with more details and examples

2026-02-19 01:46:40 +00:00 · 2023-04-26 02:47:16 +01:00
parent fb19a11aae
commit 1931ed281d
1 changed files with 176 additions and 3 deletions
--- a/README.md
+++ b/README.md
@@ -42,8 +42,27 @@ including serving a MTA-STS policy text file via Cloudflare Workers.

 <!-- x-release-please-start-version -->

+Examples assume that you have the following variables setup:
+
+- `cloudflare_account_id` — Your Account ID.
+- `cloudflare_zone_id` — ID of the Zone (domain name).
+- `cloudflare_zone_name` — Domain name, e.g. `foobar.com`.
+
+Adjust examples as needed to fit your setup.
+
+### Google Workspace
+
+Below example is based on the
+[DNS Basics](https://support.google.com/a/answer/48090?hl=en) support article.
+When going through the domain setup wizard within the Google Workspace Admin,
+you are likely to be given a slightly different list of MX records, and
+obviously
+
+Also make sure you generate your own domain key from under Apps > Google
+Workspace > Gmail > Authenticate Email.
+
 <details>
-<summary>Gmail</summary>
+<summary><code>main.tf</code></summary>

 ```terraform
 module "email" {
@@ -57,8 +76,8 @@ module "email" {
    "aspmx.l.google.com"      = 1
    "alt1.aspmx.l.google.com" = 5
    "alt2.aspmx.l.google.com" = 5
-    "alt3.aspmx.l.google.com" = 10
-    "alt4.aspmx.l.google.com" = 10
+    "aspmx2.googlemail.com"   = 10
+    "aspmx3.googlemail.com"   = 10
  }

  spf_terms = [
@@ -73,6 +92,7 @@ module "email" {
    "*.googlemail.com",
    "aspmx.l.google.com",
  ]
+
  tlsrpt_rua = [
    "mailto:tls-report@${var.cloudflare_zone_name}",
  ]
@@ -86,6 +106,7 @@ module "email" {
    "google" = {
      type = "TXT"
      value = join("", [
+        # TODO: Replace this example key with a real one.
        "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAVNwJ9",
        "+6ArXN23ZaR8SFSYxVEEbbHRZplZqHVt6uEpcirY+jxHOqV2bvqAY3BHZQs/KoHnFSWUf",
        "6zv6ajZgUxvU65UhCbrQ7CwrJCjU8sQFDk+CpbvmXyJIe9G470HuGEs4NmQDoddJZr09V",
@@ -96,6 +117,158 @@ module "email" {
    }
  }
 }
+
+resource "cloudflare_record" "cname" {
+  for_each = {
+    "mail" = { value = "ghs.googlehosted.com", proxied = false }
+  }
+
+  name    = lookup(each.value, "name", each.key)
+  proxied = lookup(each.value, "proxied", false)
+  ttl     = lookup(each.value, "ttl", 1)
+  type    = "CNAME"
+  value   = each.value.value
+  zone_id = var.cloudflare_zone_id
+}
+
+resource "cloudflare_record" "txt" {
+  for_each = {
+    "google" = {
+      value = (
+        "google-site-verification=__REPLACE_ME_WITH_A_REAL_VALUE__"
+      )
+    }
+  }
+
+  name    = lookup(each.value, "name", local.zone_name)
+  proxied = lookup(each.value, "proxied", false)
+  ttl     = lookup(each.value, "ttl", 1)
+  type    = "TXT"
+  value   = each.value.value
+  zone_id = var.cloudflare_zone_id
+}
+```
+
+</details>
+
+### Fastmail
+
+The below example is based on Fastmail's
+[Manual DNS configuration](https://www.fastmail.help/hc/en-us/articles/360060591153-Manual-DNS-configuration)
+help article.
+
+<details>
+<summary><code>main.tf</code></summary>
+
+```terraform
+module "email" {
+  source  = "jimeh/email/cloudflare"
+  version = "0.0.2"
+
+  account_id = var.cloudflare_account_id
+  zone_id    = var.cloudflare_zone_id
+
+  mx = {
+    "in1-smtp.messagingengine.com" = 10
+    "in2-smtp.messagingengine.com" = 20
+  }
+  mx_subdomains = ["*"]
+
+  spf_terms = [
+    "include:spf.messagingengine.com",
+    "?all"
+  ]
+
+  mta_sts_mode    = "enforce"
+  mta_sts_max_age = 86400
+  mta_sts_mx = [
+    "in1-smtp.messagingengine.com",
+    "in2-smtp.messagingengine.com",
+  ]
+
+  tlsrpt_rua = [
+    "mailto:tls-report@${var.cloudflare_zone_name}",
+  ]
+
+  dmarc_policy = "reject"
+  dmarc_rua = [
+    "mailto:dmarc-report@${var.cloudflare_zone_name}",
+  ]
+
+  domainkeys = {
+    "fm1" = {
+      type  = "CNAME"
+      value = "fm1.${var.cloudflare_zone_name}.dkim.fmhosted.com"
+    }
+    "fm2" = {
+      type  = "CNAME"
+      value = "fm2.${var.cloudflare_zone_name}.dkim.fmhosted.com"
+    }
+    "fm3" = {
+      type  = "CNAME"
+      value = "fm3.${var.cloudflare_zone_name}.dkim.fmhosted.com"
+    }
+    "mesmtp" = {
+      type  = "CNAME"
+      value = "mesmtp.${var.cloudflare_zone_name}.dkim.fmhosted.com"
+    }
+  }
+}
+
+resource "cloudflare_record" "srv" {
+  for_each = {
+    "_caldav._tcp" = {}
+    "_caldavs._tcp" = {
+      port   = 433
+      target = "caldav.fastmail.com"
+      weight = 1
+    }
+    "_carddav._tcp" = {}
+    "_carddavs._tcp" = {
+      port   = 443
+      target = "carddav.fastmail.com"
+      weight = 1
+    }
+    "_imap._tcp" = {}
+    "_imaps._tcp" = {
+      port   = 993
+      target = "imap.fastmail.com"
+      weight = 1
+    }
+    "_jmap._tcp" = {
+      port   = 443
+      target = "jmap.fastmail.com"
+      weight = 1
+    }
+    "_pop3._tcp" = {}
+    "_pop3s._tcp" = {
+      port     = 995
+      priority = 10
+      target   = "pop.fastmail.com"
+      weight   = 1
+    }
+    "_submission._tcp" = {
+      port   = 587
+      target = "smtp.fastmail.com"
+      weight = 1
+    }
+  }
+
+  name    = lookup(each.value, "name", each.key)
+  proxied = lookup(each.value, "proxied", false)
+  ttl     = lookup(each.value, "ttl", 1)
+  type    = "SRV"
+  zone_id = var.cloudflare_zone_id
+  data {
+    name     = var.cloudflare_zone_name
+    port     = lookup(each.value, "port", 0)
+    priority = lookup(each.value, "priority", 0)
+    proto    = split(".", each.key)[1]
+    service  = split(".", each.key)[0]
+    target   = lookup(each.value, "target", ".")
+    weight   = lookup(each.value, "weight", 0)
+  }
+}
 ```

 </details>