feat: move from cloudflare to hetzner update zones.yaml

2025-02-01 03:18:42 +01:00 · 2025-02-01 03:18:42 +01:00 · c2ec494411
commit c2ec494411
parent 496292086f
3 changed files with 104 additions and 47 deletions
--- a/main.tf
+++ b/main.tf
@ -1,9 +1,6 @@
 provider "cloudflare" {
  api_token = local.cloudflare_api.auth.api_token
 }
 locals {
-  cloudflare_api = yamldecode(file("${path.module}/auth.yaml"))
+  api = yamldecode(file("${path.module}/auth.yaml"))
  zones          = yamldecode(file("${path.module}/zones.yaml"))
  zone_data = flatten([
@ -22,21 +19,49 @@ locals {
    ]]
  ])
 }
-
+output "zones" {
-data "cloudflare_zone" "zone" {
+  value = length(local.zones)
  for_each = local.zones
  name = each.key
 }
-resource "cloudflare_record" "myrecord" {
+resource "hetznerdns_zone" "zone" {
  for_each = local.zones
  name = each.key
  ttl  = 300
 }
 resource "hetznerdns_record" "myrecord" {
 for_each = {
  for record in local.zone_data : "${record.record_type}${record.extra_data}-${record.record_name}.${record.zone_name}" => record }
-  zone_id = data.cloudflare_zone.zone[each.value.zone_name].id
+  zone_id = hetznerdns_zone.zone[each.value.zone_name].id
-  name      = "${each.value.record_name}.${each.value.zone_name}" == "@.${each.value.zone_name}" ? each.value.zone_name : "${each.value.record_name}.${each.value.zone_name}"
+  name      = "${each.value.record_name}"
  type      = each.value.record_type
-  value     = each.value.record_value
+  value   = each.value.record_type == "MX" ? "${each.value.extra_data} ${each.value.record_value}" : each.value.record_value
  ttl       = 300
 }
 resource "hetznerdns_record" "ns" {
  for_each = {
    for entry in flatten([
      for zone in hetznerdns_zone.zone : [
        for ns_entry in zone.ns : {
          zone_id  = zone.id
          ns_entry = ns_entry
          key      = "${zone.id}-${ns_entry}"
        }
      ]
    ]) : entry.key => entry
  }
  zone_id = each.value.zone_id
  name    = "@"
  type    = "NS"
  value   = each.value.ns_entry
  ttl     = 300
  priority  = each.value.record_type == "MX" ? tonumber(each.value.extra_data) : 0
  comment   = "OpenTofu"
 }
--- a/versions.tf
+++ b/versions.tf
@ -1,9 +1,13 @@
 terraform {
  required_providers {
-    cloudflare = {
+    hetznerdns = {
-      source  = "cloudflare/cloudflare"
+      source = "germanbrew/hetznerdns"
-      version = "~> 4"
+      version = "3.0.0"  # Replace with latest version
    }
  }
 }
 provider "hetznerdns" {
 api_token = local.api.auth.api_token
 }
-  }
+
 }
--- a/zones.yaml
+++ b/zones.yaml
@ -36,21 +36,19 @@ jan-ole.de:
    "*.palworld": 193.23.127.45
  cname:
-    influx: jan-ole.synology.me
+    influx: lana.amq25ga7psako0gd.myfritz.net.
-    "*.influx": jan-ole.synology.me
+    "*.influx": lana.amq25ga7psako0gd.myfritz.net.
-    books: jan-ole.synology.me
+    books: lana.amq25ga7psako0gd.myfritz.net.
    sig1_domainkey: sig1.dkim.jan-ole.de.at.icloudmailadmin.com
-    hannah: jan-ole.synology.me
+    streaming: lana.amq25ga7psako0gd.myfritz.net.
-    "*.hannah": jan-ole.synology.me
+    "*.streaming": lana.amq25ga7psako0gd.myfritz.net.
-    streaming: jan-ole.synology.me
+    lana: lana.amq25ga7psako0gd.myfritz.net.
    "*.streaming": jan-ole.synology.me
    lana: jan-ole.synology.me
  mx:
-    "@/10": mx01.mail.icloud.com
+    "@/10": mx01.mail.icloud.com.
-    "@/20": mx02.mail.icloud.com
+    "@/20": mx02.mail.icloud.com.
  txt:
    "@": apple-domain=OQLm26hZZUfPPxoQ
-    "@/10": v=spf1 redirect=icloud.com include:icloud.com ~all
+    "@/10": "v=spf1 redirect=icloud.com include:icloud.com ~all"
    "@/20": google-site-verification=rzO53ch4FY1zxgms9_FJAyE0nnj9_uRmLaSKqXw38ww
    "_discord": dh=ddb43cee298d9a23196b21847105f88aafae8350
@ -84,14 +82,18 @@ jan-ole.cloud:
    pfsense: 185.249.197.56
    vm0: 193.34.69.94
  cname:
-    "*.next": jan-ole.synology.me
+    "*.photos": lana.amq25ga7psako0gd.myfritz.net.
-    next: jan-ole.synology.me
+    photos: lana.amq25ga7psako0gd.myfritz.net.
-    hannah: jan-ole.synology.me
+    "*.next": lana.amq25ga7psako0gd.myfritz.net.
-    "*.hannah": jan-ole.synology.me
+    next: lana.amq25ga7psako0gd.myfritz.net.
-    lana: jan-ole.synology.me
+    ganymede: lana.amq25ga7psako0gd.myfritz.net.
-    "*.lana": jan-ole.synology.me
+    "*.ganymede": lana.amq25ga7psako0gd.myfritz.net.
-    tube: jan-ole.synology.me
+    hannah: lana.amq25ga7psako0gd.myfritz.net.
-    "*.tube": jan-ole.synology.me
+    "*.hannah": lana.amq25ga7psako0gd.myfritz.net.
    lana: lana.amq25ga7psako0gd.myfritz.net.
    "*.lana": lana.amq25ga7psako0gd.myfritz.net.
    tube: lana.amq25ga7psako0gd.myfritz.net.
    "*.tube": lana.amq25ga7psako0gd.myfritz.net.
 ole.pink:
  txt:
@ -99,10 +101,10 @@ ole.pink:
 huebner.haus:
  cname:
-    jan-ole: jan-ole.synology.me
+    jan-ole: lana.amq25ga7psako0gd.myfritz.net.
-    "*.jan-ole": jan-ole.synology.me
+    "*.jan-ole": lana.amq25ga7psako0gd.myfritz.net.
-    heiko: kgh7xxzoeeajftib.myfritz.net
+    heiko: kgh7xxzoeeajftib.myfritz.net.
-    "*.heiko": kgh7xxzoeeajftib.myfritz.net
+    "*.heiko": kgh7xxzoeeajftib.myfritz.net.
 huebner.homes:
@ -117,6 +119,7 @@ littleblondii.live:
  a:
    "@": 185.223.31.112
    www: 185.223.31.112
  txt:
    "@": google-site-verification=o1EqL6Qo5RTrUz61EGh75YfhX0FkNCk848Hb5qDCes4
@ -131,6 +134,8 @@ blondii.live:
  a:
    "@": 185.223.31.112
    www: 185.223.31.112
    download: 185.223.31.112
    "*.download": 185.223.31.112
  txt:
    "@": google-site-verification=o1EqL6Qo5RTrUz61EGh75YfhX0FkNCk848Hb5qDCes4
@ -145,6 +150,7 @@ cirii.link:
  a:
    "@": 185.223.31.112
    www: 185.223.31.112
    download: 185.223.31.112
  txt:
    "@": google-site-verification=mz-r1UCGgDSf_SrblpLFRBmCUyzFuvbd_ROTsQF_8oA
@ -178,7 +184,7 @@ darkblondii.live:
 darkblondii.de:
  mx:
-    "@/10": darkblondii.de
+    "@/10": darkblondii.de.
  a:
    "@": 185.223.31.112
    www: 185.223.31.112
@ -187,7 +193,13 @@ darkblondii.de:
    "@": "v=spf1 a mx -all"
    default._domainkey: "v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/e2vHLlv6CTwMoxHeyJxppb2d7z+voH7DeBOSQI/QM5qBT0yfLBJEg1/ayTrHIyzbXd0DOVfsk/Wv7i3fpPHnFfw9CYSIn8pQEL9+seUc/VP9FJ68+9akPkwUGinqE4nGkT7ByqDrUeZzErQMX1nqXxkwx0JpBZqFTxfNYi6IphbUSu4xatkFbGBFFOPiHxYyIZdp35uiHL8Ub+tpDJpQ7zLf5VVwlY9EeakzslV+UJhG/ANh6dkQwyXrdT0QQ0lC8RS1CF9qs060blqwk/QZvQG6WRON0aq6F/p+FZ4P7hFMoUiHVokdW1GIAXUpleTwXnXGZmJG4g2dM6HFv+fQIDAQAB;"
    _domainkey: "o=-"
-    _DMARC: "v=DMARC1; p=quarantine; rua=mailto:huebner@jan-ole.de; ruf=mailto:huebner@jan-ole.de; fo=1"
+    _dmarc: "v=DMARC1; p=quarantine; rua=mailto:huebner@jan-ole.de; ruf=mailto:huebner@jan-ole.de; fo=1"
  srv:
    "_smtps._tcp": "0 0 465 darkblondii.de."
    "_imaps._tcp": "0 0 993 darkblondii.de."
    "_pop3s._tcp": "0 0 995 darkblondii.de."
    "_autodiscover._tcp": "0 0 443 darkblondii.de."
    "_autoconfig._tcp": "0 0 80 darkblondii.de."
 rosadirk.live:
  a:
@ -200,14 +212,30 @@ rosadirk.de:
    www: 185.223.31.112
    webmail: 185.223.31.112
-huebner.software:
+darkblondii.shop:
  mx:
    "@/10": darkblondii.shop.
  a:
    "@": 185.223.31.112
    www: 185.223.31.112
    webmail: 185.223.31.112
 darkblondii.com:
  mx:
    "@/10": darkblondii.com.
  a:
    "@": 185.223.31.112
    www: 185.223.31.112
    webmail: 185.223.31.112
 #huebner.software:
 huebner.pink:
  cname:
    sig1._domainkey: "sig1.dkim.huebner.pink.at.icloudmailadmin.com."
  mx:
-    "@/10": "mx01.mail.icloud.com"
+    "@/10": "mx01.mail.icloud.com."
-    "@/20": "mx02.mail.icloud.com"
+    "@/20": "mx02.mail.icloud.com."
  txt:
    "@": "apple-domain=mOjnPLSTRwMrIocF"
    "@/10": "v=spf1 include:icloud.com ~all"