From 03ad9b476dc806b52a868ec81d1c3b08a4d96ef5 Mon Sep 17 00:00:00 2001 From: "Rasmus \"Pez\" Wejlgaard" Date: Fri, 1 May 2026 21:05:53 +0100 Subject: [PATCH] make dns more neat (#91) --- terraform/hetzner_dns.tf | 276 ++++++--------------------------------- 1 file changed, 38 insertions(+), 238 deletions(-) diff --git a/terraform/hetzner_dns.tf b/terraform/hetzner_dns.tf index bba1cad..fba99c8 100644 --- a/terraform/hetzner_dns.tf +++ b/terraform/hetzner_dns.tf @@ -3,242 +3,48 @@ resource "hcloud_zone" "pezsh" { mode = "primary" } -# ============================================================================= -# A Records -# ============================================================================= - -resource "hcloud_zone_rrset" "A_apps" { - zone = hcloud_zone.pezsh.name - name = "apps" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] +locals { + helsinki_a = hcloud_server.helsinki-a.ipv4_address + nuremberg_a = hcloud_server.nuremberg-a.ipv4_address + nuremberg_aaaa = hcloud_server.nuremberg-a.ipv6_address + copenhagen = "83.94.248.182" } -resource "hcloud_zone_rrset" "A_auth" { +resource "hcloud_zone_rrset" "A_helsinki_a" { + for_each = toset([ + "@", "apps", "auth", "bitwarden", "download", "git", "grafana", "helsinki-a", + "jellyfin", "jellyfin-requests", "ldap", "lidarr", "music", "naveen", + "plex", "prometheus", "prowlarr", "radarr", "readarr", "request", + "rss", "sonarr", "soulseek", "status", + ]) zone = hcloud_zone.pezsh.name - name = "auth" + name = each.value type = "A" ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] + records = [{ value = local.helsinki_a }] } -resource "hcloud_zone_rrset" "A_bitwarden" { - zone = hcloud_zone.pezsh.name - name = "bitwarden" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_download" { - zone = hcloud_zone.pezsh.name - name = "download" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_git" { - zone = hcloud_zone.pezsh.name - name = "git" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_grafana" { - zone = hcloud_zone.pezsh.name - name = "grafana" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_helsinki-a" { - zone = hcloud_zone.pezsh.name - name = "helsinki-a" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_jellyfin" { - zone = hcloud_zone.pezsh.name - name = "jellyfin" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_jellyfin-requests" { - zone = hcloud_zone.pezsh.name - name = "jellyfin-requests" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_ldap" { - zone = hcloud_zone.pezsh.name - name = "ldap" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_lidarr" { - zone = hcloud_zone.pezsh.name - name = "lidarr" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_mail" { +resource "hcloud_zone_rrset" "nuremberg_mail" { + for_each = { + A = local.nuremberg_a + AAAA = local.nuremberg_aaaa + } zone = hcloud_zone.pezsh.name name = "mail" + type = each.key + ttl = 300 + records = [{ value = each.value }] +} + +resource "hcloud_zone_rrset" "A_copenhagen" { + for_each = toset(["minecraft", "wow"]) + zone = hcloud_zone.pezsh.name + name = each.value type = "A" ttl = 300 - records = [{ value = hcloud_server.nuremberg-a.ipv4_address }] + records = [{ value = local.copenhagen }] } -resource "hcloud_zone_rrset" "A_minecraft" { - zone = hcloud_zone.pezsh.name - name = "minecraft" - type = "A" - ttl = 300 - records = [{ value = "83.94.248.182" }] -} - -resource "hcloud_zone_rrset" "A_music" { - zone = hcloud_zone.pezsh.name - name = "music" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_naveen" { - zone = hcloud_zone.pezsh.name - name = "naveen" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_root" { - zone = hcloud_zone.pezsh.name - name = "@" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_plex" { - zone = hcloud_zone.pezsh.name - name = "plex" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_prometheus" { - zone = hcloud_zone.pezsh.name - name = "prometheus" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_prowlarr" { - zone = hcloud_zone.pezsh.name - name = "prowlarr" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_radarr" { - zone = hcloud_zone.pezsh.name - name = "radarr" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_readarr" { - zone = hcloud_zone.pezsh.name - name = "readarr" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_request" { - zone = hcloud_zone.pezsh.name - name = "request" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_rss" { - zone = hcloud_zone.pezsh.name - name = "rss" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_sonarr" { - zone = hcloud_zone.pezsh.name - name = "sonarr" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_soulseek" { - zone = hcloud_zone.pezsh.name - name = "soulseek" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_status" { - zone = hcloud_zone.pezsh.name - name = "status" - type = "A" - ttl = 300 - records = [{ value = hcloud_server.helsinki-a.ipv4_address }] -} - -resource "hcloud_zone_rrset" "A_wow" { - zone = hcloud_zone.pezsh.name - name = "wow" - type = "A" - ttl = 300 - records = [{ value = "83.94.248.182" }] -} - -# ============================================================================= -# AAAA Records -# ============================================================================= - -resource "hcloud_zone_rrset" "AAAA_mail" { - zone = hcloud_zone.pezsh.name - name = "mail" - type = "AAAA" - ttl = 300 - records = [{ value = hcloud_server.nuremberg-a.ipv6_address }] -} - -# ============================================================================= -# CNAME Records -# ============================================================================= - resource "hcloud_zone_rrset" "CNAME_public" { zone = hcloud_zone.pezsh.name name = "public" @@ -247,10 +53,6 @@ resource "hcloud_zone_rrset" "CNAME_public" { records = [{ value = "public.r2.dev." }] } -# ============================================================================= -# MX Records -# ============================================================================= - resource "hcloud_zone_rrset" "MX_root" { zone = hcloud_zone.pezsh.name name = "@" @@ -262,16 +64,14 @@ resource "hcloud_zone_rrset" "MX_root" { ] } -# ============================================================================= -# TXT Records -# ============================================================================= - resource "hcloud_zone_rrset" "TXT_dkim" { - zone = hcloud_zone.pezsh.name - name = "dkim._domainkey" - type = "TXT" - ttl = 300 - records = [{ value = "\"v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT/TGkPkfbjleqRYuQoI67/xvM0J5gGmdlzo2jO5qTABz5+nzOS+PefrXkeEZ0IZrpLPKqLyi7K469Ql+HG5wDFDxQRRG7lHJkWJ4tnZgjZWgeszFPhoME74lT6i+j3x29WyxhyzNg0f3NhSwttOe5knmS4zsOb+JK4jShoF9zZkOUCHAZ/vKvY\" \"tJdV+8qpmU8wfgyrzN1OWxjHIjzPP8iMD4g0iCfobbvSvWXHYBveCS7b/Nr3jw3E8twtEAUEGYNGd4h0wKNbNagYUsb5My8tMxQQwZf6imKHgCeYC7buH8TvaJHATReeea4Dzj9UzdPgwdbFLiMB/HXlN0GPhlQIDAQAB\"" }] + zone = hcloud_zone.pezsh.name + name = "dkim._domainkey" + type = "TXT" + ttl = 300 + records = [{ + value = "\"v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT/TGkPkfbjleqRYuQoI67/xvM0J5gGmdlzo2jO5qTABz5+nzOS+PefrXkeEZ0IZrpLPKqLyi7K469Ql+HG5wDFDxQRRG7lHJkWJ4tnZgjZWgeszFPhoME74lT6i+j3x29WyxhyzNg0f3NhSwttOe5knmS4zsOb+JK4jShoF9zZkOUCHAZ/vKvY\" \"tJdV+8qpmU8wfgyrzN1OWxjHIjzPP8iMD4g0iCfobbvSvWXHYBveCS7b/Nr3jw3E8twtEAUEGYNGd4h0wKNbNagYUsb5My8tMxQQwZf6imKHgCeYC7buH8TvaJHATReeea4Dzj9UzdPgwdbFLiMB/HXlN0GPhlQIDAQAB\"" + }] } resource "hcloud_zone_rrset" "TXT_dmarc" { @@ -282,10 +82,10 @@ resource "hcloud_zone_rrset" "TXT_dmarc" { records = [{ value = "\"v=DMARC1; p=quarantine; rua=mailto:pez@pez.sh; adkim=r; aspf=r\"" }] } -resource "hcloud_zone_rrset" "TXT_root_spf" { +resource "hcloud_zone_rrset" "TXT_spf" { zone = hcloud_zone.pezsh.name name = "@" type = "TXT" ttl = 300 - records = [{ value = "\"v=spf1 ip4:${hcloud_server.nuremberg-a.ipv4_address} ip6:${hcloud_server.nuremberg-a.ipv6_address} -all\"" }] + records = [{ value = "\"v=spf1 ip4:${local.nuremberg_a} ip6:${local.nuremberg_aaaa} -all\"" }] }