nemoinho/base-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor DNS-config to make it easier to maintain

Browse Source
This commit is contained in:
Felix Nehrke
2025-03-04 23:15:42 +01:00
parent 3a09b0f44e
commit 817f75bb49
5 changed files with 62 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
main.tf → _provider.tf
View File

97
dns.tf
View File

@@ -1,79 +1,88 @@
locals {
// gmail had a different dns-setting in the past,
// but they claim it's still totally valid for old installations
// they even guarantee to keep it valid in future
// see: https://support.google.com/a/answer/174125?hl=en#zippy=%2Cgoogle-workspace-legacy-version-before
dns_gmail_until_april_2023 = [
{ name = "@", ttl = var.gmail_dns_default_ttl, type = "MX", value = "1 aspmx.l.google.com." },
{ name = "@", ttl = var.gmail_dns_default_ttl, type = "MX", value = "5 alt1.aspmx.l.google.com." },
{ name = "@", ttl = var.gmail_dns_default_ttl, type = "MX", value = "5 alt2.aspmx.l.google.com." },
{ name = "@", ttl = var.gmail_dns_default_ttl, type = "MX", value = "10 alt3.aspmx.l.google.com." },
{ name = "@", ttl = var.gmail_dns_default_ttl, type = "MX", value = "10 alt1.aspmx.l.google.com." },
{ name = "@", ttl = var.gmail_dns_default_ttl, type = "TXT", value = "v=spf1 include:_spf.google.com a mx ~all" },
]
dns_gmail_starting_april_2023 = [
{ name = "@", ttl = var.gmail_dns_default_ttl, type = "MX", value = "1 smtp.google.com." },
{ name = "@", ttl = var.gmail_dns_default_ttl, type = "TXT", value = "v=spf1 include:_spf.google.com a mx ~all" },
]
dns_website_default = [
{ name = "@", ttl = 900, type = "A", value = "62.138.6.205" },
{ name = "*", ttl = 900, type = "A", value = "62.138.6.205" },
]
}
module "dns_goperte_de" { module "dns_goperte_de" {
source = "./dns" source = "./dns"
zone = "goperte.de" zone = "goperte.de"
records = local.dns_website_default zone_ttl = 900
records = [
{ name = "@", type = "A", value = "62.138.6.205" },
{ name = "*", type = "A", value = "62.138.6.205" },
]
} }
module "dns_nehrke_info" { module "dns_nehrke_info" {
source = "./dns" source = "./dns"
zone = "nehrke.info" zone = "nehrke.info"
records = concat( zone_ttl = 3600
local.dns_website_default, records = [
[ { name = "@", ttl = 900, type = "A", value = "62.138.6.205" },
{ name = "_dmarc", ttl = var.gmail_dns_default_ttl, type = "TXT", value = "v=DMARC1; p=none;" }, { name = "*", ttl = 900, type = "A", value = "62.138.6.205" },
{ name = "google._domainkey", ttl = var.gmail_dns_default_ttl, type = "TXT", value = var.google_dkim["nehrke.info"] } # TODO: update smtp-config, see https://support.google.com/a/answer/174125?hl=en#zippy=%2Cgoogle-workspace-legacy-version-before
], { name = "@", type = "MX", value = "1 aspmx.l.google.com." },
local.dns_gmail_until_april_2023, { name = "@", type = "MX", value = "5 alt1.aspmx.l.google.com." },
) { name = "@", type = "MX", value = "5 alt2.aspmx.l.google.com." },
{ name = "@", type = "MX", value = "10 alt3.aspmx.l.google.com." },
{ name = "@", type = "MX", value = "10 alt1.aspmx.l.google.com." },
{ name = "@", type = "TXT", value = "v=spf1 include:_spf.google.com a mx ~all" },
{ name = "_dmarc", type = "TXT", value = "v=DMARC1; p=none;" },
{ name = "google._domainkey", type = "TXT", value = var.nehrke_info_dkim },
]
} }
module "dns_sozpaedil_net" { module "dns_sozpaedil_net" {
source = "./dns" source = "./dns"
zone = "sozpaedil.net" zone = "sozpaedil.net"
records = concat( zone_ttl = 3600
local.dns_website_default, records = [
[ { name = "@", ttl = 900, type = "A", value = "62.138.6.205" },
{ name = "_dmarc", ttl = var.gmail_dns_default_ttl, type = "TXT", value = "v=DMARC1; p=none;" }, { name = "*", ttl = 900, type = "A", value = "62.138.6.205" },
{ name = "google._domainkey", ttl = var.gmail_dns_default_ttl, type = "TXT", value = var.google_dkim["sozpaedil.net"] } # TODO: update smtp-config, see https://support.google.com/a/answer/174125?hl=en#zippy=%2Cgoogle-workspace-legacy-version-before
], { name = "@", type = "MX", value = "1 aspmx.l.google.com." },
local.dns_gmail_until_april_2023, { name = "@", type = "MX", value = "5 alt1.aspmx.l.google.com." },
) { name = "@", type = "MX", value = "5 alt2.aspmx.l.google.com." },
{ name = "@", type = "MX", value = "10 alt3.aspmx.l.google.com." },
{ name = "@", type = "MX", value = "10 alt1.aspmx.l.google.com." },
{ name = "@", type = "TXT", value = "v=spf1 include:_spf.google.com a mx ~all" },
{ name = "_dmarc", type = "TXT", value = "v=DMARC1; p=none;" },
{ name = "google._domainkey", type = "TXT", value = var.sozpaedil_net_dkim },
]
} }
module "dns_tovot_de" { module "dns_tovot_de" {
source = "./dns" source = "./dns"
zone = "tovot.de" zone = "tovot.de"
records = local.dns_website_default zone_ttl = 900
records = [
{ name = "@", type = "A", value = "62.138.6.205" },
{ name = "*", type = "A", value = "62.138.6.205" },
]
} }
module "dns_tovot_net" { module "dns_tovot_net" {
source = "./dns" source = "./dns"
zone = "tovot.net" zone = "tovot.net"
records = local.dns_website_default zone_ttl = 900
records = [
{ name = "@", type = "A", value = "62.138.6.205" },
{ name = "*", type = "A", value = "62.138.6.205" },
]
} }
module "dns_tovot_org" { module "dns_tovot_org" {
source = "./dns" source = "./dns"
zone = "tovot.org" zone = "tovot.org"
records = local.dns_website_default zone_ttl = 900
records = [
{ name = "@", type = "A", value = "62.138.6.205" },
{ name = "*", type = "A", value = "62.138.6.205" },
]
} }
module "dns_xn--alleingnger-r8a_de" { module "dns_xn--alleingnger-r8a_de" {
source = "./dns" source = "./dns"
zone = "xn--alleingnger-r8a.de" zone = "xn--alleingnger-r8a.de"
records = local.dns_website_default zone_ttl = 900
records = [
{ name = "@", type = "A", value = "62.138.6.205" },
{ name = "*", type = "A", value = "62.138.6.205" },
]
} }

4
dns/main.tf
View File

@@ -4,11 +4,11 @@ resource "hetznerdns_zone" "this" {
} }
locals { locals {
records = { records = nonsensitive({
for record in var.records : "${record.type}#${record.name}#${md5(record.value)}" => { for record in var.records : "${record.type}#${record.name}#${md5(record.value)}" => {
for key, value in record : key => value for key, value in record : key => value
} }
} })
} }
resource "hetznerdns_record" "this" { resource "hetznerdns_record" "this" {

2
dns/variables.tf
View File

@@ -12,7 +12,7 @@ variable "records" {
name = string name = string
value = string value = string
type = string type = string
ttl = optional(number, 3600) ttl = optional(number, null)
})) }))
default = [] default = []
} }

12
variables.tf
View File

@@ -2,12 +2,12 @@ variable "hetzner_apitoken" {
type = string type = string
} }
variable "google_dkim" { variable "nehrke_info_dkim" {
type = map(string) type = string
sensitive = true
} }
variable "gmail_dns_default_ttl" { variable "sozpaedil_net_dkim" {
type = number type = string
default = 3600 sensitive = true
} }