diff --git a/infrastructure/terraform/dynu/README.md b/infrastructure/terraform/dynu/README.md index 2bd99f9..4cc19fd 100644 --- a/infrastructure/terraform/dynu/README.md +++ b/infrastructure/terraform/dynu/README.md @@ -7,33 +7,27 @@ Dynu remains the authoritative DNS provider for existing records. Terraform here ## Provider - Source: `beatz174-bit/dynu` -- Version constraint: `>= 0.1.0` - -Authentication is local-only and must not be committed. +- Provider version is intentionally unpinned in this root to use the latest published release. +- Provider block uses `api_key` auth argument from the published provider schema. ## Credentials and auth -Use local `terraform.tfvars` (or environment variables if supported by the provider release you use). +Use local `terraform.tfvars` (or provider-supported environment variables). -Variables included: +- Required variable: `dynu_api_key` +- Optional placeholders for future provider auth changes: `dynu_username`, `dynu_password` -- `dynu_api_key` (sensitive) -- `dynu_username` (optional, sensitive) -- `dynu_password` (optional, sensitive) +Never commit: -> Keep real values out of git and out of shared logs. - -## Safety - -- Do not commit `terraform.tfvars`, `.tfstate*`, or `.terraform/`. -- Import/reconcile one domain or record at a time. -- Treat generated config as draft input, not final truth. +- `terraform.tfvars` +- `.terraform/` +- `*.tfstate*` +- credentials/secrets ## Safe validation commands ```bash cd infrastructure/terraform/dynu - terraform fmt -check -recursive terraform init -backend=false -input=false terraform validate @@ -48,11 +42,11 @@ terraform init terraform plan ``` -## Import workflow (placeholder examples) +## Import workflow (one object at a time) ```bash -terraform import dynu_dns_domain.lan_ddnsgeek_com '' -terraform state show dynu_dns_domain.lan_ddnsgeek_com +terraform import dynu_domain.lan_ddnsgeek_com '' +terraform state show dynu_domain.lan_ddnsgeek_com terraform plan ``` @@ -64,4 +58,8 @@ $EDITOR imports.tf terraform plan -generate-config-out=generated-dynu.tf ``` -Confirm exact resource types and import ID formats from the provider docs before running imports. +Notes: + +1. Confirm exact import ID formats from the provider docs. +2. For DNS records, add one `dynu_dns_record` resource at a time after confirming required arguments (`hostname`, `record_type`) from `terraform providers schema`. +3. Treat generated config as draft input; keep only stable, meaningful attributes in hand-maintained `.tf`. diff --git a/infrastructure/terraform/dynu/domains.tf b/infrastructure/terraform/dynu/domains.tf index 28fa409..4982023 100644 --- a/infrastructure/terraform/dynu/domains.tf +++ b/infrastructure/terraform/dynu/domains.tf @@ -1,3 +1,9 @@ locals { dynu_domain = "lan.ddnsgeek.com" } + +# Import-first resource skeleton for the production Dynu zone. +# `name` is required by provider schema and can be reconciled after import. +resource "dynu_domain" "lan_ddnsgeek_com" { + name = local.dynu_domain +} diff --git a/infrastructure/terraform/dynu/imports.tf.example b/infrastructure/terraform/dynu/imports.tf.example index d693c07..165213c 100644 --- a/infrastructure/terraform/dynu/imports.tf.example +++ b/infrastructure/terraform/dynu/imports.tf.example @@ -1,11 +1,13 @@ -# Copy this file to imports.tf and adjust values after confirming the -# published provider docs for resource type names and import ID formats. +# Copy this file to imports.tf and adjust IDs after confirming the +# published provider docs for import ID formats. -# Example placeholder shape only: -# import { -# to = dynu_dns_domain.lan_ddnsgeek_com -# id = "REPLACE_WITH_DYNU_DOMAIN_IMPORT_ID" -# } +import { + to = dynu_domain.lan_ddnsgeek_com + id = "REPLACE_WITH_DYNU_DOMAIN_IMPORT_ID" +} + +# DNS record imports are intentionally examples only because the provider +# requires explicit record_type/hostname in config before import. # # import { # to = dynu_dns_record.grafana_lan_ddnsgeek_com diff --git a/infrastructure/terraform/dynu/provider.tf b/infrastructure/terraform/dynu/provider.tf index 8a12311..bb3cfe3 100644 --- a/infrastructure/terraform/dynu/provider.tf +++ b/infrastructure/terraform/dynu/provider.tf @@ -1,5 +1,4 @@ provider "dynu" { # Keep auth local-only; do not commit credentials. - # Provider schema must be confirmed against registry docs before changing fields. api_key = var.dynu_api_key } diff --git a/infrastructure/terraform/dynu/records.tf b/infrastructure/terraform/dynu/records.tf index 42e48e3..1aa7ca7 100644 --- a/infrastructure/terraform/dynu/records.tf +++ b/infrastructure/terraform/dynu/records.tf @@ -143,5 +143,28 @@ locals { target = null proxied = null } + + searxng = { + fqdn = "searxng.lan.ddnsgeek.com" + hostname = "searxng" + service = "searxng" + source = "apps/searxng/docker-compose.yml" + purpose = "SearXNG search endpoint" + record_type = null + ttl = null + target = null + proxied = null + } + traefik = { + fqdn = "traefik.lan.ddnsgeek.com" + hostname = "traefik" + service = "traefik" + source = "core/traefik/docker-compose.yml" + purpose = "Traefik dashboard/API endpoint" + record_type = null + ttl = null + target = null + proxied = null + } } } diff --git a/infrastructure/terraform/dynu/versions.tf b/infrastructure/terraform/dynu/versions.tf index 32b6064..3bbe029 100644 --- a/infrastructure/terraform/dynu/versions.tf +++ b/infrastructure/terraform/dynu/versions.tf @@ -3,8 +3,7 @@ terraform { required_providers { dynu = { - source = "beatz174-bit/dynu" - version = ">= 0.1.0" + source = "beatz174-bit/dynu" } } }