From 4d0146d6c28812bb0e482a892422791490d1205d Mon Sep 17 00:00:00 2001 From: Thomas Peterson Date: Thu, 4 Jun 2026 15:02:52 +0200 Subject: [PATCH] =?UTF-8?q?Deploy:=20Auto-DNS=20=C3=BCber=20offizielle=20H?= =?UTF-8?q?etzner=20Cloud=20DNS=20API=20(ein=20Token)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Hetzner hat DNS in die Cloud-API integriert → der hcloud-Provider (>=1.64) bringt hcloud_zone/hcloud_zone_rrset mit. germanbrew/hetznerdns (separate API + eigener Token) entfernt. dns.tf legt mit manage_dns=true Apex (@) + Wildcard (*) als A-Records auf die caddy_ip; Zone wird per Name nachgeschlagen. Plan verifiziert (12 to add). Kein separater DNS-Token mehr nötig. Co-Authored-By: Claude Opus 4.8 --- deploy/terraform/dns.tf | 28 ++++++++++++++++++++++++++++ deploy/terraform/dns.tf.disabled | 32 -------------------------------- deploy/terraform/versions.tf | 5 +---- 3 files changed, 29 insertions(+), 36 deletions(-) create mode 100644 deploy/terraform/dns.tf delete mode 100644 deploy/terraform/dns.tf.disabled diff --git a/deploy/terraform/dns.tf b/deploy/terraform/dns.tf new file mode 100644 index 0000000..a2bdc02 --- /dev/null +++ b/deploy/terraform/dns.tf @@ -0,0 +1,28 @@ +# DNS über die Hetzner Cloud DNS API (manage_dns = true) — gleicher Cloud-Token, +# DNS ist inzwischen in die Cloud-API integriert. Die Zone muss bereits in +# Hetzner DNS existieren (Lookup per Name). + +data "hcloud_zone" "zone" { + count = var.manage_dns ? 1 : 0 + name = var.dns_zone_name +} + +# Portal-Domain (Apex "@" wenn domain == zone, sonst Subdomain-Teil) → Caddy +resource "hcloud_zone_rrset" "portal" { + count = var.manage_dns ? 1 : 0 + zone = data.hcloud_zone.zone[0].id + name = var.domain == var.dns_zone_name ? "@" : replace(var.domain, ".${var.dns_zone_name}", "") + type = "A" + ttl = 300 + records = [{ value = hcloud_server.caddy.ipv4_address }] +} + +# Wildcard für Firmen-Subdomains (KONZEPT §11) → Caddy (On-Demand-TLS) +resource "hcloud_zone_rrset" "wildcard" { + count = var.manage_dns ? 1 : 0 + zone = data.hcloud_zone.zone[0].id + name = "*" + type = "A" + ttl = 300 + records = [{ value = hcloud_server.caddy.ipv4_address }] +} diff --git a/deploy/terraform/dns.tf.disabled b/deploy/terraform/dns.tf.disabled deleted file mode 100644 index 3c1999d..0000000 --- a/deploy/terraform/dns.tf.disabled +++ /dev/null @@ -1,32 +0,0 @@ -# Optional: DNS-Records über die Hetzner DNS API anlegen (manage_dns = true). -# Voraussetzung: Zone liegt bei Hetzner DNS, separater DNS-API-Token. - -data "hetznerdns_zone" "zone" { - count = var.manage_dns ? 1 : 0 - name = var.dns_zone_name -} - -locals { - # Relativer Record-Name: "@" wenn Portal == Zone, sonst der Subdomain-Teil - portal_record_name = var.domain == var.dns_zone_name ? "@" : replace(var.domain, ".${var.dns_zone_name}", "") -} - -# Portal-Domain → Caddy -resource "hetznerdns_record" "portal" { - count = var.manage_dns ? 1 : 0 - zone_id = data.hetznerdns_zone.zone[0].id - name = local.portal_record_name - type = "A" - value = hcloud_server.caddy.ipv4_address - ttl = 300 -} - -# Wildcard für Firmen-Subdomains (KONZEPT §11) → Caddy (On-Demand-TLS) -resource "hetznerdns_record" "wildcard" { - count = var.manage_dns ? 1 : 0 - zone_id = data.hetznerdns_zone.zone[0].id - name = "*" - type = "A" - value = hcloud_server.caddy.ipv4_address - ttl = 300 -} diff --git a/deploy/terraform/versions.tf b/deploy/terraform/versions.tf index 8c7a1c8..9034bd7 100644 --- a/deploy/terraform/versions.tf +++ b/deploy/terraform/versions.tf @@ -3,11 +3,8 @@ terraform { required_providers { hcloud = { source = "hetznercloud/hcloud" - version = "~> 1.48" + version = "~> 1.64" # >= 1.64 für integriertes DNS (hcloud_zone_rrset) } - # Auto-DNS (germanbrew/hetznerdns) ist optional und derzeit deaktiviert - # (manage_dns = false → DNS manuell). Zum Aktivieren: diesen Provider-Block - # wieder aufnehmen und dns.tf.disabled → dns.tf umbenennen. } }