From d097de521ba685ab437d7076541a3865cb2b026b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julian=20T=C3=B6lle?= <julian.toelle97@gmail.com>
Date: Sat, 25 Feb 2023 23:22:13 +0100
Subject: [PATCH] feat: add dns management

---
 dns.tf                 | 139 +++++++++++++++++++++++++++++++++++++++++
 gameservers.tf         |   8 +++
 provider_hetznerdns.tf |   8 +++
 versions.tf            |  11 +++-
 4 files changed, 163 insertions(+), 3 deletions(-)
 create mode 100644 dns.tf
 create mode 100644 provider_hetznerdns.tf

diff --git a/dns.tf b/dns.tf
new file mode 100644
index 0000000..56b9a39
--- /dev/null
+++ b/dns.tf
@@ -0,0 +1,139 @@
+# Configure DNS with Hetzner DNS
+# Domains are registered with Namecheap and NS must be entered manually for new zones.
+
+locals {
+  hetznerdns_nameservers = toset(["hydrogen.ns.hetzner.com.", "oxygen.ns.hetzner.com.", "helium.ns.hetzner.de."])
+}
+
+# apricote.de
+
+resource "hetznerdns_zone" "apricote_de" {
+  name = "apricote.de"
+  ttl  = 60
+}
+
+resource "hetznerdns_record" "apricote_de_ns" {
+  for_each = local.hetznerdns_nameservers
+
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "@"
+  value   = each.key
+  type    = "NS"
+  ttl     = 3600
+}
+
+resource "hetznerdns_record" "listory" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "listory"
+  value   = "c2.apricote.de"
+  type    = "CNAME"
+  ttl     = 60
+}
+
+resource "hetznerdns_record" "gitea" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "gitea"
+  value   = "c2.apricote.de"
+  type    = "CNAME"
+  ttl     = 60
+}
+
+# apricote.de proton.me
+
+resource "hetznerdns_record" "mail_verification" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "@"
+  value   = "protonmail-verification=34adbb31866badd89ff9fc7bd0df9ceff7b4e579"
+  type    = "TXT"
+  ttl     = 60
+}
+
+
+resource "hetznerdns_record" "mail_mx_1" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "@"
+  value   = "10 mail.protonmail.ch."
+  type    = "MX"
+  ttl     = 60
+}
+
+resource "hetznerdns_record" "mail_mx_2" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "@"
+  value   = "20 mailsec.protonmail.ch."
+  type    = "MX"
+  ttl     = 60
+}
+
+resource "hetznerdns_record" "mail_spf" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "@"
+  value   = "\"v=spf1 include:_spf.protonmail.ch mx ~all\""
+  type    = "TXT"
+  ttl     = 60
+}
+
+resource "hetznerdns_record" "mail_dkim_1" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "protonmail._domainkey"
+  value   = "protonmail.domainkey.dg4sxfkxc2ex5uo7tsnzfkfea3s272y5c53bgbphxu6oa4qx5mzha.domains.proton.ch."
+  type    = "CNAME"
+  ttl     = 60
+}
+
+resource "hetznerdns_record" "mail_dkim_2" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "protonmail2._domainkey"
+  value   = "protonmail2.domainkey.dg4sxfkxc2ex5uo7tsnzfkfea3s272y5c53bgbphxu6oa4qx5mzha.domains.proton.ch."
+  type    = "CNAME"
+  ttl     = 60
+}
+
+resource "hetznerdns_record" "mail_dkim_3" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "protonmail3._domainkey"
+  value   = "protonmail3.domainkey.dg4sxfkxc2ex5uo7tsnzfkfea3s272y5c53bgbphxu6oa4qx5mzha.domains.proton.ch."
+  type    = "CNAME"
+  ttl     = 60
+}
+
+resource "hetznerdns_record" "mail_dmarc" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "_dmarc"
+  value   = "\"v=DMARC1; p=quarantine\""
+  type    = "TXT"
+  ttl     = 60
+}
+
+# ein-pfeil-am-rechten-fleck.de
+
+resource "hetznerdns_zone" "pfeil" {
+  name = "ein-pfeil-am-rechten-fleck.de"
+  ttl  = 60
+}
+
+resource "hetznerdns_record" "pfeil_ns" {
+  for_each = local.hetznerdns_nameservers
+
+  zone_id = hetznerdns_zone.pfeil.id
+  name    = "@"
+  value   = each.key
+  type    = "NS"
+  ttl     = 3600
+}
+
+resource "hetznerdns_record" "pfeil_a" {
+  zone_id = hetznerdns_zone.pfeil.id
+  name    = "@"
+  value   = "76.76.21.21"
+  type    = "A"
+  ttl     = 60
+}
+
+resource "hetznerdns_record" "www_pfeil" {
+  zone_id = hetznerdns_zone.pfeil.id
+  name    = "www"
+  value   = "cname.vercel-dns.com."
+  type    = "CNAME"
+  ttl     = 60
+}
diff --git a/gameservers.tf b/gameservers.tf
index 5a6da99..4d49034 100644
--- a/gameservers.tf
+++ b/gameservers.tf
@@ -20,3 +20,11 @@ resource "hcloud_volume_attachment" "terraria_data" {
   server_id = hcloud_server.terraria.id
   automount = true
 }
+
+resource "hetznerdns_record" "terraria" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "terraria"
+  value   = hcloud_server.terraria.ipv4_address
+  type    = "A"
+  ttl     = 60
+}
diff --git a/provider_hetznerdns.tf b/provider_hetznerdns.tf
new file mode 100644
index 0000000..4d0c333
--- /dev/null
+++ b/provider_hetznerdns.tf
@@ -0,0 +1,8 @@
+# Set the variable value in *.tfvars file
+# or using -var="hetzner_dns_token=..." CLI option
+variable "hetzner_dns_token" {}
+
+# Configure the Hetzner DNS Provider
+provider "hetznerdns" {
+  apitoken = var.hetzner_dns_token
+}
diff --git a/versions.tf b/versions.tf
index f80af88..7881ded 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,8 +1,13 @@
 terraform {
   required_providers {
     hcloud = {
-      source = "hetznercloud/hcloud"
-      version = "~> 1.32.1"
+      source  = "hetznercloud/hcloud"
+      version = ">= 1.36.2"
+    }
+
+    hetznerdns = {
+      source  = "timohirt/hetznerdns"
+      version = ">= 2.2.0"
     }
     random = {
       source = "hashicorp/random"
@@ -14,5 +19,5 @@ terraform {
       source = "hashicorp/tls"
     }
   }
-  required_version = ">= 1.0"
+  required_version = ">= 1.3.3"
 }