# Optional: DNS-Records über die Hetzner DNS API anlegen (manage_dns = true).
# Voraussetzung: Zone liegt bei Hetzner DNS, separater DNS-API-Token.

data "hetznerdns_zone" "zone" {
  count = var.manage_dns ? 1 : 0
  name  = var.dns_zone_name
}

locals {
  # Relativer Record-Name: "@" wenn Portal == Zone, sonst der Subdomain-Teil
  portal_record_name = var.domain == var.dns_zone_name ? "@" : replace(var.domain, ".${var.dns_zone_name}", "")
}

# Portal-Domain → Caddy
resource "hetznerdns_record" "portal" {
  count   = var.manage_dns ? 1 : 0
  zone_id = data.hetznerdns_zone.zone[0].id
  name    = local.portal_record_name
  type    = "A"
  value   = hcloud_server.caddy.ipv4_address
  ttl     = 300
}

# Wildcard für Firmen-Subdomains (KONZEPT §11) → Caddy (On-Demand-TLS)
resource "hetznerdns_record" "wildcard" {
  count   = var.manage_dns ? 1 : 0
  zone_id = data.hetznerdns_zone.zone[0].id
  name    = "*"
  type    = "A"
  value   = hcloud_server.caddy.ipv4_address
  ttl     = 300
}