diff --git a/.gitignore b/.gitignore index 0c49583..aefe81d 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,7 @@ venv/ .terraform.lock.hcl .terraform auth.yaml +tfplan +plan.log +.DS_Store +.DS_Store diff --git a/apply.sh b/apply.sh deleted file mode 100755 index 7cab57f..0000000 --- a/apply.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env zsh -tofu apply -target hetznerdns_zone.zone -tofu apply \ No newline at end of file diff --git a/auth_sample.yaml b/auth_sample.yaml index 0f62506..247d673 100644 --- a/auth_sample.yaml +++ b/auth_sample.yaml @@ -1,3 +1,2 @@ auth: - api_token: !add - email: !add \ No newline at end of file + api_token: !add \ No newline at end of file diff --git a/main.tf b/main.tf index b428725..9dad4b4 100644 --- a/main.tf +++ b/main.tf @@ -1,7 +1,25 @@ + locals { api = yamldecode(file("${path.module}/auth.yaml")) zones = yamldecode(file("${path.module}/zones.yaml")) + nameservers = data.hetznerdns_nameservers.primary.ns + + + + + + ns_data = flatten([ + for zone_name, records in local.zones : [ + for ns_entry in local.nameservers : { + zone_name = zone_name + record_type = "NS" + record_value = ns_entry.name + record_name = "@" + extra_data = "" + } + ] + ]) zone_data = flatten([ for zone_name, records in local.zones : [ @@ -20,6 +38,10 @@ locals { ]) } +data "hetznerdns_nameservers" "primary" { + type = "authoritative" +} + resource "hetznerdns_zone" "zone" { for_each = local.zones name = each.key @@ -38,23 +60,16 @@ for_each = { } + resource "hetznerdns_record" "ns" { for_each = { - for entry in flatten([ - for zone in hetznerdns_zone.zone : [ - for ns_entry in zone.ns : { - zone_id = zone.id - ns_entry = ns_entry - key = "${zone.id}-${ns_entry}" - } - ] - ]) : entry.key => entry + for record in local.ns_data : + "${record.record_type}-${record.record_name}-${record.zone_name}-${record.record_value}" => record } - zone_id = each.value.zone_id - name = "@" - type = "NS" - value = each.value.ns_entry + zone_id = hetznerdns_zone.zone[each.value.zone_name].id + name = each.value.record_name + type = each.value.record_type + value = each.value.record_value ttl = 300 - } \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index 66655fa..ecbae45 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,3 +1,6 @@ output "zones" { value = length(local.zones) -} \ No newline at end of file +} +output "zone_ids" { + value = { for name, zone in hetznerdns_zone.zone : name => zone.id } +} diff --git a/zones.yaml b/zones.yaml index f6e4451..68ca51b 100755 --- a/zones.yaml +++ b/zones.yaml @@ -4,8 +4,6 @@ jan-ole.de: #server0-------------- server0: 185.239.239.162 "*.server0": 185.239.239.162 - pve: 185.239.239.162 - "*.pve": 185.239.239.162 #server1-------------- server1: 147.189.171.39 @@ -24,30 +22,21 @@ jan-ole.de: "*.usa.vpn": 181.214.240.124 #webspace0------------- - "@": 185.223.31.112 www: 185.223.31.112 + "@": 185.223.31.112 "*.demo": 185.223.31.112 demo: 185.223.31.112 - "*.nuxt": 185.223.31.112 - nuxt: 185.223.31.112 - - #zap-gameserver - palworld: 193.23.127.45 - "*.palworld": 193.23.127.45 cname: - influx: lana.amq25ga7psako0gd.myfritz.net. - "*.influx": lana.amq25ga7psako0gd.myfritz.net. - books: lana.amq25ga7psako0gd.myfritz.net. - sig1_domainkey: sig1.dkim.jan-ole.de.at.icloudmailadmin.com - streaming: lana.amq25ga7psako0gd.myfritz.net. - "*.streaming": lana.amq25ga7psako0gd.myfritz.net. - lana: lana.amq25ga7psako0gd.myfritz.net. + sig1._domainkey: sig1.dkim.jan-ole.de.at.icloudmailadmin.com. + streaming: jan-ole.cloud. + "*.streaming": jan-ole.cloud. + lana: jan-ole.cloud. mx: "@/10": mx01.mail.icloud.com. "@/20": mx02.mail.icloud.com. txt: - "@": apple-domain=OQLm26hZZUfPPxoQ + "@": apple-domain=QREjDJD5KtZRhlq8 "@/10": "v=spf1 redirect=icloud.com include:icloud.com ~all" "@/20": google-site-verification=rzO53ch4FY1zxgms9_FJAyE0nnj9_uRmLaSKqXw38ww "_discord": dh=ddb43cee298d9a23196b21847105f88aafae8350 @@ -58,12 +47,41 @@ jan-ole.download: www: 185.239.237.65 "*": 185.239.237.65 +jan-ole.sh: + cname: + "www": janolehuebner.github.io. + a: + "@/10": 185.199.108.153 + "@/20": 185.199.109.153 + "@/30": 185.199.110.153 + "@/40": 185.199.111.153 + aaaa: + "@/10": 2606:50c0:8000::153 + "@/20": 2606:50c0:8001::153 + "@/30": 2606:50c0:8002::153 + "@/40": 2606:50c0:8003::153 + +jan-ole.dev: + a: + "@": 185.239.237.65 + www: 185.239.237.65 + "*": 185.239.237.65 + +ole.monster: + a: + "@": 185.239.237.65 + www: 185.239.237.65 + "*": 185.239.237.65 + fairy-feet.de: jan-ole.link: + mx: + "@/10": jan-ole.link. a: "@": 185.223.31.112 www: 185.223.31.112 + webmail: 185.223.31.112 txt: "@": google-site-verification=HKmGUIFhbnE41t_358P10qZKhEufHzMAzlCSrv1iQW4 @@ -76,24 +94,26 @@ ole.click: jan-ole.cloud: a: - "*": 185.249.197.56 - "@": 185.249.197.56 - pve: 185.239.239.162 - pfsense: 185.249.197.56 - vm0: 193.34.69.94 + #zap-gameserver + palworld: 193.23.127.45 + "*.palworld": 193.23.127.45 cname: - "*.photos": lana.amq25ga7psako0gd.myfritz.net. - photos: lana.amq25ga7psako0gd.myfritz.net. - "*.next": lana.amq25ga7psako0gd.myfritz.net. - next: lana.amq25ga7psako0gd.myfritz.net. - ganymede: lana.amq25ga7psako0gd.myfritz.net. - "*.ganymede": lana.amq25ga7psako0gd.myfritz.net. - hannah: lana.amq25ga7psako0gd.myfritz.net. - "*.hannah": lana.amq25ga7psako0gd.myfritz.net. - lana: lana.amq25ga7psako0gd.myfritz.net. - "*.lana": lana.amq25ga7psako0gd.myfritz.net. - tube: lana.amq25ga7psako0gd.myfritz.net. - "*.tube": lana.amq25ga7psako0gd.myfritz.net. + influx: jan-ole.cloud. + "*.influx": jan-ole.cloud. + books: jan-ole.cloud. + dav: jan-ole.cloud. + "*.photos": jan-ole.cloud. + photos: jan-ole.cloud. + ganymede: jan-ole.cloud. + "*.ganymede": jan-ole.cloud. + lana: jan-ole.cloud. + "*.lana": jan-ole.cloud. + tube: jan-ole.cloud. + "*.tube": jan-ole.cloud. + streaming: jan-ole.cloud. + "*.streaming": jan-ole.cloud. + git: jan-ole.cloud. + "*.git": janole.cloud. ole.pink: txt: @@ -101,27 +121,11 @@ ole.pink: huebner.haus: cname: - jan-ole: lana.amq25ga7psako0gd.myfritz.net. - "*.jan-ole": lana.amq25ga7psako0gd.myfritz.net. + jan-ole: jan-ole.cloud. + "*.jan-ole": jan-ole.cloud. heiko: kgh7xxzoeeajftib.myfritz.net. "*.heiko": kgh7xxzoeeajftib.myfritz.net. -huebner.homes: - -littleblondii.link: - a: - "@": 185.223.31.112 - www: 185.223.31.112 - txt: - "@": google-site-verification=t7GFUeWz5_o8uNCiVC2neG9fykDyBNJpvrKOsm_rgJg - -littleblondii.live: - a: - "@": 185.223.31.112 - www: 185.223.31.112 - - txt: - "@": google-site-verification=o1EqL6Qo5RTrUz61EGh75YfhX0FkNCk848Hb5qDCes4 blondii.link: a: @@ -139,35 +143,6 @@ blondii.live: txt: "@": google-site-verification=o1EqL6Qo5RTrUz61EGh75YfhX0FkNCk848Hb5qDCes4 -littleblondii.de: - a: - "@": 185.223.31.112 - www: 185.223.31.112 - txt: - "@": google-site-verification=QDQCs2MeR73I0xPktUMmsqa9PuPkytpXYdCQEI-ekaM - -cirii.link: - a: - "@": 185.223.31.112 - www: 185.223.31.112 - download: 185.223.31.112 - txt: - "@": google-site-verification=mz-r1UCGgDSf_SrblpLFRBmCUyzFuvbd_ROTsQF_8oA - -cirii.live: - a: - "@": 185.223.31.112 - www: 185.223.31.112 - txt: - "@": google-site-verification=znOYwzJskM1sIZhpSikU7e1-QFCVWXlcPl3VVk5o68o - -cirii.de: - a: - "@": 185.223.31.112 - www: 185.223.31.112 - txt: - "@": google-site-verification=RVjsHk1eDqRo0PCffqxguk3YRfFZtUdsUUgfEs_lzvo - darkblondii.link: a: "@": 185.223.31.112 @@ -190,27 +165,11 @@ darkblondii.de: www: 185.223.31.112 webmail: 185.223.31.112 txt: + "@/10": "google-site-verification=u9v4bvqD26WB5o8nO7zW9VMG5ZmjcNTSK_f6sAuNYSc" "@": "v=spf1 a mx -all" default._domainkey: "v=DKIM1; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/e2vHLlv6CTwMoxHeyJxppb2d7z+voH7DeBOSQI/QM5qBT0yfLBJEg1/ayTrHIyzbXd0DOVfsk/Wv7i3fpPHnFfw9CYSIn8pQEL9+seUc/VP9FJ68+9akPkwUGinqE4nGkT7ByqDrUeZzErQMX1nqXxkwx0JpBZqFTxfNYi6IphbUSu4xatkFbGBFFOPiHxYyIZdp35uiHL8Ub+tpDJpQ7zLf5VVwlY9EeakzslV+UJhG/ANh6dkQwyXrdT0QQ0lC8RS1CF9qs060blqwk/QZvQG6WRON0aq6F/p+FZ4P7hFMoUiHVokdW1GIAXUpleTwXnXGZmJG4g2dM6HFv+fQIDAQAB;" _domainkey: "o=-" _dmarc: "v=DMARC1; p=quarantine; rua=mailto:huebner@jan-ole.de; ruf=mailto:huebner@jan-ole.de; fo=1" - srv: - "_smtps._tcp": "0 0 465 darkblondii.de." - "_imaps._tcp": "0 0 993 darkblondii.de." - "_pop3s._tcp": "0 0 995 darkblondii.de." - "_autodiscover._tcp": "0 0 443 darkblondii.de." - "_autoconfig._tcp": "0 0 80 darkblondii.de." - -rosadirk.live: - a: - "@": 185.223.31.112 - www: 185.223.31.112 - webmail: 185.223.31.112 -rosadirk.de: - a: - "@": 185.223.31.112 - www: 185.223.31.112 - webmail: 185.223.31.112 darkblondii.shop: mx: @@ -226,9 +185,7 @@ darkblondii.com: a: "@": 185.223.31.112 www: 185.223.31.112 - webmail: 185.223.31.112 -huebner.software: huebner.pink: cname: