Define all my DNS-records in the hetzner-cloud

2025-01-11 01:05:57 +01:00
parent 266c422c28
commit 3a09b0f44e
11 changed files with 181 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,6 @@
 *
 !/.gitignore
 !/**/*.tf
 !/.terraform.lock.hcl
 !/dns-records.csv
 !/dns/
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -0,0 +1,18 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 provider "registry.terraform.io/timohirt/hetznerdns" {
  version     = "2.2.0"
  constraints = "2.2.0"
  hashes = [
    "h1:HyskQAglrOueur79gSCBgx9MNDOs0tz39aNYQiFgxz8=",
    "zh:5bb0ab9f62be3ed92070235e507f3c290491d51391ef4edcc70df53b65a83019",
    "zh:5ccdfac7284f5515ac3cff748336b77f21c64760e429e811a1eeefa8ebb86e12",
    "zh:687c35665139ae37c291e99085be2e38071f6b355c4e1e8957c5a6a3bcdf9caf",
    "zh:6de27f0d0d1513b3a4b7e81923b4a8506c52759bd466e2b4f8156997b0478931",
    "zh:85770a9199a4c2d16ca41538d7a0f7a7bfc060678104a1faac19213e6f0a800c",
    "zh:a5ff723774a9ccfb27d5766c5e6713537f74dd94496048c89c5d64dba597e59e",
    "zh:bf9ab76fd37cb8aebb6868d73cbe8c08cee36fc25224cc1ef5949efa3c34b06c",
    "zh:db998fe3bdcd4902e99fa470bb3f355883170cf4c711c8da0b5f1f4510f1be41",
  ]
 }
--- a/dns.tf
+++ b/dns.tf
@@ -0,0 +1,79 @@
 locals {
  // gmail had a different dns-setting in the past,
  // but they claim it's still totally valid for old installations
  // they even guarantee to keep it valid in future
  // see: https://support.google.com/a/answer/174125?hl=en#zippy=%2Cgoogle-workspace-legacy-version-before
  dns_gmail_until_april_2023 = [
    { name = "@", ttl = var.gmail_dns_default_ttl, type = "MX", value = "1 aspmx.l.google.com." },
    { name = "@", ttl = var.gmail_dns_default_ttl, type = "MX", value = "5 alt1.aspmx.l.google.com." },
    { name = "@", ttl = var.gmail_dns_default_ttl, type = "MX", value = "5 alt2.aspmx.l.google.com." },
    { name = "@", ttl = var.gmail_dns_default_ttl, type = "MX", value = "10 alt3.aspmx.l.google.com." },
    { name = "@", ttl = var.gmail_dns_default_ttl, type = "MX", value = "10 alt1.aspmx.l.google.com." },
    { name = "@", ttl = var.gmail_dns_default_ttl, type = "TXT", value = "v=spf1 include:_spf.google.com a mx ~all" },
  ]
  dns_gmail_starting_april_2023 = [
    { name = "@", ttl = var.gmail_dns_default_ttl, type = "MX", value = "1 smtp.google.com." },
    { name = "@", ttl = var.gmail_dns_default_ttl, type = "TXT", value = "v=spf1 include:_spf.google.com a mx ~all" },
  ]
  dns_website_default = [
    { name = "@", ttl = 900, type = "A", value = "62.138.6.205" },
    { name = "*", ttl = 900, type = "A", value = "62.138.6.205" },
  ]
 }
 module "dns_goperte_de" {
  source   = "./dns"
  zone     = "goperte.de"
  records  = local.dns_website_default
 }
 module "dns_nehrke_info" {
  source   = "./dns"
  zone     = "nehrke.info"
  records  = concat(
    local.dns_website_default,
    [
      { name = "_dmarc", ttl = var.gmail_dns_default_ttl, type = "TXT", value = "v=DMARC1; p=none;" },
      { name = "google._domainkey", ttl = var.gmail_dns_default_ttl, type = "TXT", value = var.google_dkim["nehrke.info"] }
    ],
    local.dns_gmail_until_april_2023,
  )
 }
 module "dns_sozpaedil_net" {
  source   = "./dns"
  zone     = "sozpaedil.net"
  records  = concat(
    local.dns_website_default,
    [
      { name = "_dmarc", ttl = var.gmail_dns_default_ttl, type = "TXT", value = "v=DMARC1; p=none;" },
      { name = "google._domainkey", ttl = var.gmail_dns_default_ttl, type = "TXT", value = var.google_dkim["sozpaedil.net"] }
    ],
    local.dns_gmail_until_april_2023,
  )
 }
 module "dns_tovot_de" {
  source   = "./dns"
  zone     = "tovot.de"
  records  = local.dns_website_default
 }
 module "dns_tovot_net" {
  source   = "./dns"
  zone     = "tovot.net"
  records  = local.dns_website_default
 }
 module "dns_tovot_org" {
  source   = "./dns"
  zone     = "tovot.org"
  records  = local.dns_website_default
 }
 module "dns_xn--alleingnger-r8a_de" {
  source   = "./dns"
  zone     = "xn--alleingnger-r8a.de"
  records  = local.dns_website_default
 }
--- a/dns/main.tf
+++ b/dns/main.tf
@@ -0,0 +1,25 @@
 resource "hetznerdns_zone" "this" {
  name = var.zone
  ttl  = var.zone_ttl
 }
 locals {
  records = {
    for record in var.records : "${record.type}#${record.name}#${md5(record.value)}" => {
      for key, value in record : key => value
    }
  }
 }
 resource "hetznerdns_record" "this" {
  for_each = local.records
  zone_id  = hetznerdns_zone.this.id
  name     = each.value.name
  type     = each.value.type
  value = (each.value.type == "TXT"
    ? "\"${join("\" \"", [for c in chunklist(split("", each.value.value), 255) : join("", c)])}\""
    : each.value.value
  )
  ttl = each.value.ttl
 }
--- a/dns/outputs.tf
+++ b/dns/outputs.tf
--- a/dns/variables.tf
+++ b/dns/variables.tf
@@ -0,0 +1,19 @@
 variable "zone" {
  type = string
 }
 variable "zone_ttl" {
  type = number
  default = 3600
 }
 variable "records" {
  type = set(object({
    name = string
    value = string
    type = string
    ttl = optional(number, 3600)
  }))
  default = []
 }
--- a/dns/versions.tf
+++ b/dns/versions.tf
@@ -0,0 +1,10 @@
 terraform {
  required_providers {
    hetznerdns = {
      source = "timohirt/hetznerdns"
      version = "2.2.0"
    }
  }
 }
--- a/main.tf
+++ b/main.tf
@@ -0,0 +1,3 @@
 provider "hetznerdns" {
  apitoken = var.hetzner_apitoken
 }
--- a/outputs.tf
+++ b/outputs.tf
--- a/variables.tf
+++ b/variables.tf
@@ -0,0 +1,13 @@
 variable "hetzner_apitoken" {
  type = string
 }
 variable "google_dkim" {
  type = map(string)
 }
 variable "gmail_dns_default_ttl" {
  type    = number
  default = 3600
 }
--- a/versions.tf
+++ b/versions.tf
@@ -0,0 +1,8 @@
 terraform {
  required_providers {
    hetznerdns = {
      source = "timohirt/hetznerdns"
      version = "2.2.0"
    }
  }
 }