feat: move from cloudflare to hetzner update zones.yaml

2025-02-01 03:18:42 +01:00 · 2025-02-01 03:18:42 +01:00 · c2ec494411
commit c2ec494411
parent 496292086f
3 changed files with 104 additions and 47 deletions
--- a/main.tf
+++ b/main.tf
@ -1,9 +1,6 @@
-provider "cloudflare" {
-  api_token = local.cloudflare_api.auth.api_token
-}

 locals {
-  cloudflare_api = yamldecode(file("${path.module}/auth.yaml"))
+  api = yamldecode(file("${path.module}/auth.yaml"))
  zones          = yamldecode(file("${path.module}/zones.yaml"))

  zone_data = flatten([
@ -22,21 +19,49 @@ locals {
    ]]
  ])
 }
-
-data "cloudflare_zone" "zone" {
-  for_each = local.zones
-  name = each.key
+output "zones" {
+  value = length(local.zones)
 }

-resource "cloudflare_record" "myrecord" {
+resource "hetznerdns_zone" "zone" {
+  for_each = local.zones
+  name = each.key
+  ttl  = 300
+}
+
+
+
+
+
+
+resource "hetznerdns_record" "myrecord" {
 for_each = {
  for record in local.zone_data : "${record.record_type}${record.extra_data}-${record.record_name}.${record.zone_name}" => record }

-  zone_id = data.cloudflare_zone.zone[each.value.zone_name].id
-  name      = "${each.value.record_name}.${each.value.zone_name}" == "@.${each.value.zone_name}" ? each.value.zone_name : "${each.value.record_name}.${each.value.zone_name}"
+  zone_id = hetznerdns_zone.zone[each.value.zone_name].id
+  name      = "${each.value.record_name}"
  type      = each.value.record_type
-  value     = each.value.record_value
+  value   = each.value.record_type == "MX" ? "${each.value.extra_data} ${each.value.record_value}" : each.value.record_value
  ttl       = 300
-  priority  = each.value.record_type == "MX" ? tonumber(each.value.extra_data) : 0
-  comment   = "OpenTofu"
+
+}
+
+resource "hetznerdns_record" "ns" {
+  for_each = {
+    for entry in flatten([
+      for zone in hetznerdns_zone.zone : [
+        for ns_entry in zone.ns : {
+          zone_id  = zone.id
+          ns_entry = ns_entry
+          key      = "${zone.id}-${ns_entry}"
+        }
+      ]
+    ]) : entry.key => entry
+  }
+
+  zone_id = each.value.zone_id
+  name    = "@"
+  type    = "NS"
+  value   = each.value.ns_entry
+  ttl     = 300
 }
--- a/versions.tf
+++ b/versions.tf
@ -1,9 +1,13 @@
 terraform {
  required_providers {
-    cloudflare = {
-      source  = "cloudflare/cloudflare"
-      version = "~> 4"
-
+    hetznerdns = {
+      source = "germanbrew/hetznerdns"
+      version = "3.0.0"  # Replace with latest version
    }
  }
-}
+}
+
+provider "hetznerdns" {
+api_token = local.api.auth.api_token
+}
+
--- a/zones.yaml
+++ b/zones.yaml
@ -36,21 +36,19 @@ jan-ole.de:
    "*.palworld": 193.23.127.45

  cname:
-    influx: jan-ole.synology.me
-    "*.influx": jan-ole.synology.me
-    books: jan-ole.synology.me
+    influx: lana.amq25ga7psako0gd.myfritz.net.
+    "*.influx": lana.amq25ga7psako0gd.myfritz.net.
+    books: lana.amq25ga7psako0gd.myfritz.net.
    sig1_domainkey: sig1.dkim.jan-ole.de.at.icloudmailadmin.com
-    hannah: jan-ole.synology.me
-    "*.hannah": jan-ole.synology.me
-    streaming: jan-ole.synology.me
-    "*.streaming": jan-ole.synology.me
-    lana: jan-ole.synology.me
+    streaming: lana.amq25ga7psako0gd.myfritz.net.
+    "*.streaming": lana.amq25ga7psako0gd.myfritz.net.
+    lana: lana.amq25ga7psako0gd.myfritz.net.
  mx:
-    "@/10": mx01.mail.icloud.com
-    "@/20": mx02.mail.icloud.com
+    "@/10": mx01.mail.icloud.com.
+    "@/20": mx02.mail.icloud.com.
  txt:
    "@": apple-domain=OQLm26hZZUfPPxoQ
-    "@/10": v=spf1 redirect=icloud.com include:icloud.com ~all
+    "@/10": "v=spf1 redirect=icloud.com include:icloud.com ~all"
    "@/20": google-site-verification=rzO53ch4FY1zxgms9_FJAyE0nnj9_uRmLaSKqXw38ww
    "_discord": dh=ddb43cee298d9a23196b21847105f88aafae8350

@ -84,14 +82,18 @@ jan-ole.cloud:
    pfsense: 185.249.197.56
    vm0: 193.34.69.94
  cname:
-    "*.next": jan-ole.synology.me
-    next: jan-ole.synology.me
-    hannah: jan-ole.synology.me
-    "*.hannah": jan-ole.synology.me
-    lana: jan-ole.synology.me
-    "*.lana": jan-ole.synology.me
-    tube: jan-ole.synology.me
-    "*.tube": jan-ole.synology.me
+    "*.photos": lana.amq25ga7psako0gd.myfritz.net.
+    photos: lana.amq25ga7psako0gd.myfritz.net.
+    "*.next": lana.amq25ga7psako0gd.myfritz.net.
+    next: lana.amq25ga7psako0gd.myfritz.net.
+    ganymede: lana.amq25ga7psako0gd.myfritz.net.
+    "*.ganymede": lana.amq25ga7psako0gd.myfritz.net.
+    hannah: lana.amq25ga7psako0gd.myfritz.net.
+    "*.hannah": lana.amq25ga7psako0gd.myfritz.net.
+    lana: lana.amq25ga7psako0gd.myfritz.net.
+    "*.lana": lana.amq25ga7psako0gd.myfritz.net.
+    tube: lana.amq25ga7psako0gd.myfritz.net.
+    "*.tube": lana.amq25ga7psako0gd.myfritz.net.

 ole.pink:
  txt:
@ -99,10 +101,10 @@ ole.pink:

 huebner.haus:
  cname:
-    jan-ole: jan-ole.synology.me
-    "*.jan-ole": jan-ole.synology.me
-    heiko: kgh7xxzoeeajftib.myfritz.net
-    "*.heiko": kgh7xxzoeeajftib.myfritz.net
+    jan-ole: lana.amq25ga7psako0gd.myfritz.net.
+    "*.jan-ole": lana.amq25ga7psako0gd.myfritz.net.
+    heiko: kgh7xxzoeeajftib.myfritz.net.
+    "*.heiko": kgh7xxzoeeajftib.myfritz.net.

 huebner.homes:

@ -117,6 +119,7 @@ littleblondii.live:
  a:
    "@": 185.223.31.112
    www: 185.223.31.112
+
  txt:
    "@": google-site-verification=o1EqL6Qo5RTrUz61EGh75YfhX0FkNCk848Hb5qDCes4

@ -131,6 +134,8 @@ blondii.live:
  a:
    "@": 185.223.31.112
    www: 185.223.31.112
+    download: 185.223.31.112
+    "*.download": 185.223.31.112
  txt:
    "@": google-site-verification=o1EqL6Qo5RTrUz61EGh75YfhX0FkNCk848Hb5qDCes4

@ -145,6 +150,7 @@ cirii.link:
  a:
    "@": 185.223.31.112
    www: 185.223.31.112
+    download: 185.223.31.112
  txt:
    "@": google-site-verification=mz-r1UCGgDSf_SrblpLFRBmCUyzFuvbd_ROTsQF_8oA

@ -178,7 +184,7 @@ darkblondii.live:

 darkblondii.de:
  mx:
-    "@/10": darkblondii.de
+    "@/10": darkblondii.de.
  a:
    "@": 185.223.31.112
    www: 185.223.31.112
@ -187,7 +193,13 @@ darkblondii.de:
    "@": "v=spf1 a mx -all"
    default._domainkey: "v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/e2vHLlv6CTwMoxHeyJxppb2d7z+voH7DeBOSQI/QM5qBT0yfLBJEg1/ayTrHIyzbXd0DOVfsk/Wv7i3fpPHnFfw9CYSIn8pQEL9+seUc/VP9FJ68+9akPkwUGinqE4nGkT7ByqDrUeZzErQMX1nqXxkwx0JpBZqFTxfNYi6IphbUSu4xatkFbGBFFOPiHxYyIZdp35uiHL8Ub+tpDJpQ7zLf5VVwlY9EeakzslV+UJhG/ANh6dkQwyXrdT0QQ0lC8RS1CF9qs060blqwk/QZvQG6WRON0aq6F/p+FZ4P7hFMoUiHVokdW1GIAXUpleTwXnXGZmJG4g2dM6HFv+fQIDAQAB;"
    _domainkey: "o=-"
-    _DMARC: "v=DMARC1; p=quarantine; rua=mailto:huebner@jan-ole.de; ruf=mailto:huebner@jan-ole.de; fo=1"
+    _dmarc: "v=DMARC1; p=quarantine; rua=mailto:huebner@jan-ole.de; ruf=mailto:huebner@jan-ole.de; fo=1"
+  srv:
+    "_smtps._tcp": "0 0 465 darkblondii.de."
+    "_imaps._tcp": "0 0 993 darkblondii.de."
+    "_pop3s._tcp": "0 0 995 darkblondii.de."
+    "_autodiscover._tcp": "0 0 443 darkblondii.de."
+    "_autoconfig._tcp": "0 0 80 darkblondii.de."

 rosadirk.live:
  a:
@ -200,14 +212,30 @@ rosadirk.de:
    www: 185.223.31.112
    webmail: 185.223.31.112

-huebner.software:
+darkblondii.shop:
+  mx:
+    "@/10": darkblondii.shop.
+  a:
+    "@": 185.223.31.112
+    www: 185.223.31.112
+    webmail: 185.223.31.112
+
+darkblondii.com:
+  mx:
+    "@/10": darkblondii.com.
+  a:
+    "@": 185.223.31.112
+    www: 185.223.31.112
+    webmail: 185.223.31.112
+
+#huebner.software:

 huebner.pink:
  cname:
    sig1._domainkey: "sig1.dkim.huebner.pink.at.icloudmailadmin.com."
  mx:
-    "@/10": "mx01.mail.icloud.com"
-    "@/20": "mx02.mail.icloud.com"
+    "@/10": "mx01.mail.icloud.com."
+    "@/20": "mx02.mail.icloud.com."
  txt:
    "@": "apple-domain=mOjnPLSTRwMrIocF"
    "@/10": "v=spf1 include:icloud.com ~all"