From c9eb813b24e8f8b83136dad2c529c0ba7cfbbd93 Mon Sep 17 00:00:00 2001 From: Ricard Illa Date: Thu, 25 May 2023 12:50:26 +0200 Subject: [PATCH] feat: added hetzner dns entries --- justfile | 3 + modules/dns/hetzner.tf | 136 +++++++++++++++++++++++++++++++++++++++++ modules/dns/main.tf | 4 ++ 3 files changed, 143 insertions(+) create mode 100644 modules/dns/hetzner.tf diff --git a/justfile b/justfile index dde9ca9..293bfea 100644 --- a/justfile +++ b/justfile @@ -13,6 +13,7 @@ export LINODE_TOKEN := `pass linode.com/token` export VULTR_API_KEY := `pass vultr.com/api_key` export HTTP_PROXY := "caladan:8888" export HTTPS_PROXY := "caladan:8888" +export HETZNER_DNS_API_TOKEN := `pass hetzner.com/tokens/terraform` init: terraform init -backend-config="conn_str=postgres://{{pg_user}}:{{passwd}}@{{pg_host}}:{{pg_port}}/{{pg_db}}" @@ -24,3 +25,5 @@ plan *ARGS: apply *ARGS: terraform apply {{ARGS}} +terraform *ARGS: + terraform {{ARGS}} diff --git a/modules/dns/hetzner.tf b/modules/dns/hetzner.tf new file mode 100644 index 0000000..06638b8 --- /dev/null +++ b/modules/dns/hetzner.tf @@ -0,0 +1,136 @@ +resource "hetznerdns_zone" "monotremata_xyz" { + name = var.domain + ttl = 86400 +} + +resource "hetznerdns_record" "caladan_a" { + zone_id = hetznerdns_zone.monotremata_xyz.id + name = each.key + value = var.caladan.ipv4 + type = "A" + ttl = 86400 + for_each = var.caladan.domains +} + +resource "hetznerdns_record" "caladan_aaaa" { + zone_id = hetznerdns_zone.monotremata_xyz.id + name = each.key + value = var.caladan.ipv6 + type = "AAAA" + ttl = 86400 + for_each = var.caladan.domains +} + +resource "hetznerdns_record" "mx" { + zone_id = hetznerdns_zone.monotremata_xyz.id + name = each.value.name + value = each.value.value + type = each.value.type + for_each = { + A = { + type = "A" + name = "mail" + value = var.fugu.ipv4 + } + AAAA = { + type = "AAAA" + name = "mail" + value = var.fugu.ipv6 + } + MX = { + type = "MX" + name = var.domain, + value = format("0 mail.%s", var.domain) # handle MX priority 0 + } + } +} + +resource "hetznerdns_record" "mx2" { + zone_id = hetznerdns_zone.monotremata_xyz.id + name = each.value.name + value = each.value.value + type = each.value.type + for_each = { + A = { + type = "A" + name = "mx2" + value = var.caladan.ipv4 + } + AAAA = { + type = "AAAA" + name = "mx2" + value = var.caladan.ipv6 + } + MX = { + type = "MX" + name = var.domain + value = format("5 mx2.%s", var.domain) # handle MX priority 5 + } + } +} + +resource "hetznerdns_record" "mail_txt" { + zone_id = hetznerdns_zone.monotremata_xyz.id + type = "TXT" + name = each.value.name + value = each.value.value + for_each = { + spf = { + name = var.domain + value = jsonencode("v=spf1 mx -all") + } + dmarc = { + name = "_dmarc" + value = jsonencode(format("v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@%s;;", var.domain)) + } + dkim = { + name = "20201210._domainkey" + value = jsonencode(format("v=DKIM1;k=rsa;p=%s;", var.dkim_pub_key)) + } + } +} + +resource "hetznerdns_record" "matrix_srv" { + zone_id = hetznerdns_zone.monotremata_xyz.id + type = "SRV" + + # service: matrix + # port: tcp + name = "_matrix._tcp" + + # priority: 0 + # weight: 0 + # port: 443 + # target: matrix.monotremata.xyz + value = format("0 10 443 matrix.%s", var.domain) + + ttl = 3600 # 1hour +} + +resource "hetznerdns_record" "xmpp_srv" { + zone_id = hetznerdns_zone.monotremata_xyz.id + type = "SRV" + + # service: xmpp-client or xmpp-server + # protocol: tcp + name = format("_%s._tcp", each.value.service) + + # priority: 5 + # weight: 0 + # port: 5222 or 5269 + # target: xmpp.monotremata.xyz + value = format("5 0 %s xmpp.%s", each.value.port, var.domain) + + ttl = 1800 // 30 min + + for_each = { + client = { + service = "xmpp-client" + port = 5222 + } + server = { + service = "xmpp-server" + port = 5269 + } + } +} diff --git a/modules/dns/main.tf b/modules/dns/main.tf index ae01065..1751356 100644 --- a/modules/dns/main.tf +++ b/modules/dns/main.tf @@ -8,5 +8,9 @@ terraform { source = "namecheap/namecheap" version = ">= 2.0.0" } + hetznerdns = { + source = "timohirt/hetznerdns" + version = ">=2.2.0" + } } }