From 6ca0a0752240baac1192b5ac3436e4b3ed6bef88 Mon Sep 17 00:00:00 2001
From: Felix Nehrke <felix@nehrke.info>
Date: Fri, 17 Oct 2025 00:45:51 +0200
Subject: [PATCH] Configure dns-zones via variables, instead of as static
 values

This change makes it a bit easier for me to manage specific domains.
Note, that in the long-run these settings should _not_ belong to this
repository. Instead I'm going to maintain these in projects where the
domain is more meaningful.
---
 main.tf      | 99 ++++++++--------------------------------------------
 variables.tf | 30 ++++++++++------
 2 files changed, 34 insertions(+), 95 deletions(-)

diff --git a/main.tf b/main.tf
index a9c2280..817f943 100644
--- a/main.tf
+++ b/main.tf
@@ -70,91 +70,20 @@ resource "local_file" "ansible_inventory" {
 
 locals {
   dns_zones = {
-    # costs-table (incl. taxes):
-    #  domain | amount | hetzner (einzel) | tecspace (einzel)
-    # --------+--------+------------------+-------------------
-    #      de |      3 |  35.70€ (11.90€) |  15.85€   (5.95€)
-    #    info |      1 |  30.94€ (30.94€) |  21.95€  (21.95€)
-    #     net |      2 |  33.32€ (16.66€) |  35.90€  (17.95€)
-    #     org |      1 |  17.85€ (17.85€) |  21.95€  (21.95€)
-    # --------+--------+------------------+-------------------
-    #     sum |      7 | 117.21€          |  97.65€
-    #
-    # Note, that Hetzner usually shows prices w/o taxes!
-    #
-    # Reference: https://www.hetzner.com/de/whois/
-    # Reference: https://www.tecspace.de/domain-preisliste
-    "goperte.de" = {
-      zone_ttl = 900
-      records = [
-        { name = "@", type = "A", value = hcloud_primary_ip.k8s_ipv4[0].ip_address },
-        { name = "*", type = "A", value = hcloud_primary_ip.k8s_ipv4[0].ip_address },
-        { name = "@", type = "AAAA", value = "${hcloud_primary_ip.k8s_ipv6[0].ip_address}1" },
-        { name = "*", type = "AAAA", value = "${hcloud_primary_ip.k8s_ipv6[0].ip_address}1" },
-      ]
-    },
-    "nehrke.info" = {
-      zone_ttl = 900
-      records = [
-        { name = "@", type = "A", value = hcloud_primary_ip.k8s_ipv4[0].ip_address },
-        { name = "*", type = "A", value = hcloud_primary_ip.k8s_ipv4[0].ip_address },
-        { name = "@", type = "AAAA", value = "${hcloud_primary_ip.k8s_ipv6[0].ip_address}1" },
-        { name = "*", type = "AAAA", value = "${hcloud_primary_ip.k8s_ipv6[0].ip_address}1" },
-        { name = "@", ttl = 86400, type = "MX", value = "1 smtp.google.com." },
-        { name = "@", ttl = 86400, type = "TXT", value = "v=spf1 include:_spf.google.com a mx ~all" },
-        { name = "_dmarc", ttl = 86400, type = "TXT", value = "v=DMARC1; p=none;" },
-        { name = "google._domainkey", ttl = 86400, type = "TXT", value = var.nehrke_info_dkim },
-      ]
-    },
-    "sozpaedil.net" = {
-      zone_ttl = 900
-      records = [
-        { name = "@", type = "A", value = hcloud_primary_ip.k8s_ipv4[0].ip_address },
-        { name = "*", type = "A", value = hcloud_primary_ip.k8s_ipv4[0].ip_address },
-        { name = "@", type = "AAAA", value = "${hcloud_primary_ip.k8s_ipv6[0].ip_address}1" },
-        { name = "*", type = "AAAA", value = "${hcloud_primary_ip.k8s_ipv6[0].ip_address}1" },
-        { name = "@", ttl = 86400, type = "MX", value = "1 smtp.google.com." },
-        { name = "@", ttl = 86400, type = "TXT", value = "v=spf1 include:_spf.google.com a mx ~all" },
-        { name = "_dmarc", ttl = 86400, type = "TXT", value = "v=DMARC1; p=none;" },
-        { name = "google._domainkey", ttl = 86400, type = "TXT", value = var.sozpaedil_net_dkim },
-      ]
-    },
-    "tovot.de" = {
-      zone_ttl = 900
-      records = [
-        { name = "@", type = "A", value = hcloud_primary_ip.k8s_ipv4[0].ip_address },
-        { name = "*", type = "A", value = hcloud_primary_ip.k8s_ipv4[0].ip_address },
-        { name = "@", type = "AAAA", value = "${hcloud_primary_ip.k8s_ipv6[0].ip_address}1" },
-        { name = "*", type = "AAAA", value = "${hcloud_primary_ip.k8s_ipv6[0].ip_address}1" },
-      ]
-    },
-    "tovot.net" = {
-      zone_ttl = 900
-      records = [
-        { name = "@", type = "A", value = hcloud_primary_ip.k8s_ipv4[0].ip_address },
-        { name = "*", type = "A", value = hcloud_primary_ip.k8s_ipv4[0].ip_address },
-        { name = "@", type = "AAAA", value = "${hcloud_primary_ip.k8s_ipv6[0].ip_address}1" },
-        { name = "*", type = "AAAA", value = "${hcloud_primary_ip.k8s_ipv6[0].ip_address}1" },
-      ]
-    },
-    "tovot.org" = {
-      zone_ttl = 900
-      records = [
-        { name = "@", type = "A", value = hcloud_primary_ip.k8s_ipv4[0].ip_address },
-        { name = "*", type = "A", value = hcloud_primary_ip.k8s_ipv4[0].ip_address },
-        { name = "@", type = "AAAA", value = "${hcloud_primary_ip.k8s_ipv6[0].ip_address}1" },
-        { name = "*", type = "AAAA", value = "${hcloud_primary_ip.k8s_ipv6[0].ip_address}1" },
-      ]
-    },
-    "xn--alleingnger-r8a.de" = {
-      zone_ttl = 900
-      records = [
-        { name = "@", type = "A", value = hcloud_primary_ip.k8s_ipv4[0].ip_address },
-        { name = "*", type = "A", value = hcloud_primary_ip.k8s_ipv4[0].ip_address },
-        { name = "@", type = "AAAA", value = "${hcloud_primary_ip.k8s_ipv6[0].ip_address}1" },
-        { name = "*", type = "AAAA", value = "${hcloud_primary_ip.k8s_ipv6[0].ip_address}1" },
-      ]
-    },
+    for key, values in var.dns_zones : key => {
+      zone_ttl = values.zone_ttl
+      records = toset(concat(
+        values.default_A ? [
+          { name = "@", type = "A", value = hcloud_primary_ip.k8s_ipv4[0].ip_address },
+          { name = "*", type = "A", value = hcloud_primary_ip.k8s_ipv4[0].ip_address },
+        ] : [],
+        values.default_AAAA ? [
+          { name = "@", type = "AAAA", value = "${hcloud_primary_ip.k8s_ipv6[0].ip_address}1" },
+          { name = "*", type = "AAAA", value = "${hcloud_primary_ip.k8s_ipv6[0].ip_address}1" },
+        ] : [],
+        tolist(values.custom_records)
+      ))
+    }
   }
 }
 
diff --git a/variables.tf b/variables.tf
index 5b6bc9e..0c722e3 100644
--- a/variables.tf
+++ b/variables.tf
@@ -11,16 +11,6 @@ variable "hetzner_cloud_apitoken" {
   type = string
 }
 
-variable "nehrke_info_dkim" {
-  type      = string
-  sensitive = true
-}
-
-variable "sozpaedil_net_dkim" {
-  type      = string
-  sensitive = true
-}
-
 variable "ssh_keys" {
   type = map(string)
 }
@@ -72,3 +62,23 @@ variable "k8s_agent_type" {
   type    = string
   default = "cax11"
 }
+
+variable "dns_zones" {
+  type = map(object({
+    zone_ttl = optional(number, 900)
+    default_A = optional(bool, true)
+    default_AAAA = optional(bool, true)
+    custom_records = optional(set(object({
+      name = string
+      value = string
+      type = string
+      ttl = optional(number, null)
+    })), [])
+  }))
+  description = <<EOF
+  A map of dns-zones to be configured in the hetzner-dns system.
+  The fields default_A and default_AAAA control if the records gets a default A and AAAA record.
+  This default-record will point to the kubernetes-cluster.
+  If this is not desired, simply set these to false and apply a custom-record.
+  EOF
+}