make dns more neat (#91)

2026-05-06 04:14:43 +00:00 · 2026-05-01 21:05:53 +01:00 · 2026-05-01 21:05:53 +01:00 · 03ad9b476d
commit 03ad9b476d
parent b5cef4b985
1 changed files with 38 additions and 238 deletions
--- a/terraform/hetzner_dns.tf
+++ b/terraform/hetzner_dns.tf
@ -3,242 +3,48 @@ resource "hcloud_zone" "pezsh" {
  mode = "primary"
 }

-# =============================================================================
-# A Records
-# =============================================================================
-
-resource "hcloud_zone_rrset" "A_apps" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "apps"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
+locals {
+  helsinki_a     = hcloud_server.helsinki-a.ipv4_address
+  nuremberg_a    = hcloud_server.nuremberg-a.ipv4_address
+  nuremberg_aaaa = hcloud_server.nuremberg-a.ipv6_address
+  copenhagen     = "83.94.248.182"
 }

-resource "hcloud_zone_rrset" "A_auth" {
+resource "hcloud_zone_rrset" "A_helsinki_a" {
+  for_each = toset([
+    "@", "apps", "auth", "bitwarden", "download", "git", "grafana", "helsinki-a",
+    "jellyfin", "jellyfin-requests", "ldap", "lidarr", "music", "naveen",
+    "plex", "prometheus", "prowlarr", "radarr", "readarr", "request",
+    "rss", "sonarr", "soulseek", "status",
+  ])
  zone    = hcloud_zone.pezsh.name
-  name    = "auth"
+  name    = each.value
  type    = "A"
  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
+  records = [{ value = local.helsinki_a }]
 }

-resource "hcloud_zone_rrset" "A_bitwarden" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "bitwarden"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
+resource "hcloud_zone_rrset" "nuremberg_mail" {
+  for_each = {
+    A    = local.nuremberg_a
+    AAAA = local.nuremberg_aaaa
  }
-
-resource "hcloud_zone_rrset" "A_download" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "download"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_git" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "git"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_grafana" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "grafana"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_helsinki-a" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "helsinki-a"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_jellyfin" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "jellyfin"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_jellyfin-requests" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "jellyfin-requests"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_ldap" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "ldap"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_lidarr" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "lidarr"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_mail" {
  zone    = hcloud_zone.pezsh.name
  name    = "mail"
+  type    = each.key
+  ttl     = 300
+  records = [{ value = each.value }]
+}
+
+resource "hcloud_zone_rrset" "A_copenhagen" {
+  for_each = toset(["minecraft", "wow"])
+  zone    = hcloud_zone.pezsh.name
+  name    = each.value
  type    = "A"
  ttl     = 300
-  records = [{ value = hcloud_server.nuremberg-a.ipv4_address }]
+  records = [{ value = local.copenhagen }]
 }

-resource "hcloud_zone_rrset" "A_minecraft" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "minecraft"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = "83.94.248.182" }]
-}
-
-resource "hcloud_zone_rrset" "A_music" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "music"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_naveen" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "naveen"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_root" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "@"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_plex" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "plex"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_prometheus" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "prometheus"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_prowlarr" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "prowlarr"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_radarr" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "radarr"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_readarr" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "readarr"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_request" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "request"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_rss" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "rss"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_sonarr" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "sonarr"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_soulseek" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "soulseek"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_status" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "status"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = hcloud_server.helsinki-a.ipv4_address }]
-}
-
-resource "hcloud_zone_rrset" "A_wow" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "wow"
-  type    = "A"
-  ttl     = 300
-  records = [{ value = "83.94.248.182" }]
-}
-
-# =============================================================================
-# AAAA Records
-# =============================================================================
-
-resource "hcloud_zone_rrset" "AAAA_mail" {
-  zone    = hcloud_zone.pezsh.name
-  name    = "mail"
-  type    = "AAAA"
-  ttl     = 300
-  records = [{ value = hcloud_server.nuremberg-a.ipv6_address }]
-}
-
-# =============================================================================
-# CNAME Records
-# =============================================================================
-
 resource "hcloud_zone_rrset" "CNAME_public" {
  zone    = hcloud_zone.pezsh.name
  name    = "public"
@ -247,10 +53,6 @@ resource "hcloud_zone_rrset" "CNAME_public" {
  records = [{ value = "public.r2.dev." }]
 }

-# =============================================================================
-# MX Records
-# =============================================================================
-
 resource "hcloud_zone_rrset" "MX_root" {
  zone = hcloud_zone.pezsh.name
  name = "@"
@ -262,16 +64,14 @@ resource "hcloud_zone_rrset" "MX_root" {
  ]
 }

-# =============================================================================
-# TXT Records
-# =============================================================================
-
 resource "hcloud_zone_rrset" "TXT_dkim" {
  zone = hcloud_zone.pezsh.name
  name = "dkim._domainkey"
  type = "TXT"
  ttl  = 300
-  records = [{ value = "\"v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT/TGkPkfbjleqRYuQoI67/xvM0J5gGmdlzo2jO5qTABz5+nzOS+PefrXkeEZ0IZrpLPKqLyi7K469Ql+HG5wDFDxQRRG7lHJkWJ4tnZgjZWgeszFPhoME74lT6i+j3x29WyxhyzNg0f3NhSwttOe5knmS4zsOb+JK4jShoF9zZkOUCHAZ/vKvY\" \"tJdV+8qpmU8wfgyrzN1OWxjHIjzPP8iMD4g0iCfobbvSvWXHYBveCS7b/Nr3jw3E8twtEAUEGYNGd4h0wKNbNagYUsb5My8tMxQQwZf6imKHgCeYC7buH8TvaJHATReeea4Dzj9UzdPgwdbFLiMB/HXlN0GPhlQIDAQAB\"" }]
+  records = [{
+    value = "\"v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT/TGkPkfbjleqRYuQoI67/xvM0J5gGmdlzo2jO5qTABz5+nzOS+PefrXkeEZ0IZrpLPKqLyi7K469Ql+HG5wDFDxQRRG7lHJkWJ4tnZgjZWgeszFPhoME74lT6i+j3x29WyxhyzNg0f3NhSwttOe5knmS4zsOb+JK4jShoF9zZkOUCHAZ/vKvY\" \"tJdV+8qpmU8wfgyrzN1OWxjHIjzPP8iMD4g0iCfobbvSvWXHYBveCS7b/Nr3jw3E8twtEAUEGYNGd4h0wKNbNagYUsb5My8tMxQQwZf6imKHgCeYC7buH8TvaJHATReeea4Dzj9UzdPgwdbFLiMB/HXlN0GPhlQIDAQAB\""
+  }]
 }

 resource "hcloud_zone_rrset" "TXT_dmarc" {
@ -282,10 +82,10 @@ resource "hcloud_zone_rrset" "TXT_dmarc" {
  records = [{ value = "\"v=DMARC1; p=quarantine; rua=mailto:pez@pez.sh; adkim=r; aspf=r\"" }]
 }

-resource "hcloud_zone_rrset" "TXT_root_spf" {
+resource "hcloud_zone_rrset" "TXT_spf" {
  zone    = hcloud_zone.pezsh.name
  name    = "@"
  type    = "TXT"
  ttl     = 300
-  records = [{ value = "\"v=spf1 ip4:${hcloud_server.nuremberg-a.ipv4_address} ip6:${hcloud_server.nuremberg-a.ipv6_address} -all\"" }]
+  records = [{ value = "\"v=spf1 ip4:${local.nuremberg_a} ip6:${local.nuremberg_aaaa} -all\"" }]
 }