feat: add dns management

2026-01-13 13:01:03 +00:00 · 2023-02-25 23:22:13 +01:00 · 2023-02-25 23:22:13 +01:00 · d097de521b
commit d097de521b
parent 6ea9911f29
4 changed files with 163 additions and 3 deletions
--- a/dns.tf
+++ b/dns.tf
@ -0,0 +1,139 @@
+# Configure DNS with Hetzner DNS
+# Domains are registered with Namecheap and NS must be entered manually for new zones.
+
+locals {
+  hetznerdns_nameservers = toset(["hydrogen.ns.hetzner.com.", "oxygen.ns.hetzner.com.", "helium.ns.hetzner.de."])
+}
+
+# apricote.de
+
+resource "hetznerdns_zone" "apricote_de" {
+  name = "apricote.de"
+  ttl  = 60
+}
+
+resource "hetznerdns_record" "apricote_de_ns" {
+  for_each = local.hetznerdns_nameservers
+
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "@"
+  value   = each.key
+  type    = "NS"
+  ttl     = 3600
+}
+
+resource "hetznerdns_record" "listory" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "listory"
+  value   = "c2.apricote.de"
+  type    = "CNAME"
+  ttl     = 60
+}
+
+resource "hetznerdns_record" "gitea" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "gitea"
+  value   = "c2.apricote.de"
+  type    = "CNAME"
+  ttl     = 60
+}
+
+# apricote.de proton.me
+
+resource "hetznerdns_record" "mail_verification" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "@"
+  value   = "protonmail-verification=34adbb31866badd89ff9fc7bd0df9ceff7b4e579"
+  type    = "TXT"
+  ttl     = 60
+}
+
+
+resource "hetznerdns_record" "mail_mx_1" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "@"
+  value   = "10 mail.protonmail.ch."
+  type    = "MX"
+  ttl     = 60
+}
+
+resource "hetznerdns_record" "mail_mx_2" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "@"
+  value   = "20 mailsec.protonmail.ch."
+  type    = "MX"
+  ttl     = 60
+}
+
+resource "hetznerdns_record" "mail_spf" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "@"
+  value   = "\"v=spf1 include:_spf.protonmail.ch mx ~all\""
+  type    = "TXT"
+  ttl     = 60
+}
+
+resource "hetznerdns_record" "mail_dkim_1" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "protonmail._domainkey"
+  value   = "protonmail.domainkey.dg4sxfkxc2ex5uo7tsnzfkfea3s272y5c53bgbphxu6oa4qx5mzha.domains.proton.ch."
+  type    = "CNAME"
+  ttl     = 60
+}
+
+resource "hetznerdns_record" "mail_dkim_2" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "protonmail2._domainkey"
+  value   = "protonmail2.domainkey.dg4sxfkxc2ex5uo7tsnzfkfea3s272y5c53bgbphxu6oa4qx5mzha.domains.proton.ch."
+  type    = "CNAME"
+  ttl     = 60
+}
+
+resource "hetznerdns_record" "mail_dkim_3" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "protonmail3._domainkey"
+  value   = "protonmail3.domainkey.dg4sxfkxc2ex5uo7tsnzfkfea3s272y5c53bgbphxu6oa4qx5mzha.domains.proton.ch."
+  type    = "CNAME"
+  ttl     = 60
+}
+
+resource "hetznerdns_record" "mail_dmarc" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "_dmarc"
+  value   = "\"v=DMARC1; p=quarantine\""
+  type    = "TXT"
+  ttl     = 60
+}
+
+# ein-pfeil-am-rechten-fleck.de
+
+resource "hetznerdns_zone" "pfeil" {
+  name = "ein-pfeil-am-rechten-fleck.de"
+  ttl  = 60
+}
+
+resource "hetznerdns_record" "pfeil_ns" {
+  for_each = local.hetznerdns_nameservers
+
+  zone_id = hetznerdns_zone.pfeil.id
+  name    = "@"
+  value   = each.key
+  type    = "NS"
+  ttl     = 3600
+}
+
+resource "hetznerdns_record" "pfeil_a" {
+  zone_id = hetznerdns_zone.pfeil.id
+  name    = "@"
+  value   = "76.76.21.21"
+  type    = "A"
+  ttl     = 60
+}
+
+resource "hetznerdns_record" "www_pfeil" {
+  zone_id = hetznerdns_zone.pfeil.id
+  name    = "www"
+  value   = "cname.vercel-dns.com."
+  type    = "CNAME"
+  ttl     = 60
+}
--- a/gameservers.tf
+++ b/gameservers.tf
@ -20,3 +20,11 @@ resource "hcloud_volume_attachment" "terraria_data" {
  server_id = hcloud_server.terraria.id
  automount = true
 }
+
+resource "hetznerdns_record" "terraria" {
+  zone_id = hetznerdns_zone.apricote_de.id
+  name    = "terraria"
+  value   = hcloud_server.terraria.ipv4_address
+  type    = "A"
+  ttl     = 60
+}
--- a/provider_hetznerdns.tf
+++ b/provider_hetznerdns.tf
@ -0,0 +1,8 @@
+# Set the variable value in *.tfvars file
+# or using -var="hetzner_dns_token=..." CLI option
+variable "hetzner_dns_token" {}
+
+# Configure the Hetzner DNS Provider
+provider "hetznerdns" {
+  apitoken = var.hetzner_dns_token
+}
--- a/versions.tf
+++ b/versions.tf
@ -2,7 +2,12 @@ terraform {
  required_providers {
    hcloud = {
      source  = "hetznercloud/hcloud"
-      version = "~> 1.32.1"
+      version = ">= 1.36.2"
+    }
+
+    hetznerdns = {
+      source  = "timohirt/hetznerdns"
+      version = ">= 2.2.0"
    }
    random = {
      source = "hashicorp/random"
@ -14,5 +19,5 @@ terraform {
      source = "hashicorp/tls"
    }
  }
-  required_version = ">= 1.0"
+  required_version = ">= 1.3.3"
 }