From 120b7d97c416a8e1cd59e4af7b352eb41a9e8173 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Thu, 26 Jan 2023 12:11:01 +0000
Subject: [PATCH] Explicitly allow cross-domain DMARC reports

---
 terraform/theorangeone.net.tf | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/terraform/theorangeone.net.tf b/terraform/theorangeone.net.tf
index 8c54c2c..5f7b6e1 100644
--- a/terraform/theorangeone.net.tf
+++ b/terraform/theorangeone.net.tf
@@ -84,6 +84,21 @@ resource "cloudflare_record" "theorangeonenet_dmarc" {
   ttl     = 1
 }
 
+resource "cloudflare_record" "theorangeonenet_dmarc_report" {
+  for_each = toset([
+    cloudflare_zone.theorangeonenet.zone,
+    cloudflare_zone.jakehowardtech.zone,
+    cloudflare_record.theorangeonenet_mailgun_spf.hostname,
+    cloudflare_record.jakehowardtech_mailgun_spf.hostname,
+  ])
+
+  zone_id = cloudflare_zone.theorangeonenet.id
+  name    = "${each.value}._report._dmarc"
+  value   = "v=DMARC1"
+  type    = "TXT"
+  ttl     = 1
+}
+
 resource "cloudflare_record" "theorangeonenet_apex" {
   zone_id = cloudflare_zone.theorangeonenet.id
   name    = "@"