Add dynu_root_domain variable for domain import flow

infrastructure/terraform/dynu/README.md

@@ -7,33 +7,28 @@ Dynu remains the authoritative DNS provider for existing records. Terraform here
 ## Provider
 
 - Source: `beatz174-bit/dynu`
-- Version constraint: `>= 0.1.0`
+- Provider version is intentionally unpinned in this root to use the latest published release.
-
+- Provider block uses `api_key` auth argument from the published provider schema.
-Authentication is local-only and must not be committed.
 
 ## Credentials and auth
 
-Use local `terraform.tfvars` (or environment variables if supported by the provider release you use).
+Use local `terraform.tfvars` (or provider-supported environment variables).
 
-Variables included:
+- Required variable: `dynu_api_key`
+- Domain variable: `dynu_root_domain` (defaults to `lan.ddnsgeek.com`)
+- Optional placeholders for future provider auth changes: `dynu_username`, `dynu_password`
 
-- `dynu_api_key` (sensitive)
+Never commit:
-- `dynu_username` (optional, sensitive)
-- `dynu_password` (optional, sensitive)
 
-> Keep real values out of git and out of shared logs.
+- `terraform.tfvars`
-
+- `.terraform/`
-## Safety
+- `*.tfstate*`
-
+- credentials/secrets
-- Do not commit `terraform.tfvars`, `.tfstate*`, or `.terraform/`.
-- Import/reconcile one domain or record at a time.
-- Treat generated config as draft input, not final truth.
 
 ## Safe validation commands
 
 ```bash
 cd infrastructure/terraform/dynu
-
 terraform fmt -check -recursive
 terraform init -backend=false -input=false
 terraform validate
@@ -48,11 +43,11 @@ terraform init
 terraform plan
 ```
 
-## Import workflow (placeholder examples)
+## Import workflow (one object at a time)
 
 ```bash
-terraform import dynu_dns_domain.lan_ddnsgeek_com '<provider-specific-domain-import-id>'
+terraform import dynu_domain.lan_ddnsgeek_com '<provider-specific-domain-import-id-or-domain-name>'
-terraform state show dynu_dns_domain.lan_ddnsgeek_com
+terraform state show dynu_domain.lan_ddnsgeek_com
 terraform plan
 ```
 
@@ -64,4 +59,8 @@ $EDITOR imports.tf
 terraform plan -generate-config-out=generated-dynu.tf
 ```
 
-Confirm exact resource types and import ID formats from the provider docs before running imports.
+Notes:
+
+1. Confirm exact import ID formats from the provider docs.
+2. For DNS records, add one `dynu_dns_record` resource at a time after confirming required arguments (`hostname`, `record_type`) from `terraform providers schema`.
+3. Treat generated config as draft input; keep only stable, meaningful attributes in hand-maintained `.tf`.

infrastructure/terraform/dynu/domains.tf

@@ -1,3 +1,9 @@
 locals {
-  dynu_domain = "lan.ddnsgeek.com"
+  dynu_domain = var.dynu_root_domain
+}
+
+# Import-first resource skeleton for the production Dynu zone.
+# `name` is required by provider schema and can be reconciled after import.
+resource "dynu_domain" "lan_ddnsgeek_com" {
+  name = local.dynu_domain
 }

infrastructure/terraform/dynu/imports.tf.example

@@ -1,11 +1,14 @@
-# Copy this file to imports.tf and adjust values after confirming the
+# Copy this file to imports.tf and adjust IDs after confirming the
-# published provider docs for resource type names and import ID formats.
+# published provider docs for import ID formats.
+# For dynu_domain, import ID is commonly the root domain name.
 
-# Example placeholder shape only:
+import {
-# import {
+  to = dynu_domain.lan_ddnsgeek_com
-#   to = dynu_dns_domain.lan_ddnsgeek_com
+  id = var.dynu_root_domain
-#   id = "REPLACE_WITH_DYNU_DOMAIN_IMPORT_ID"
+}
-# }
+
+# DNS record imports are intentionally examples only because the provider
+# requires explicit record_type/hostname in config before import.
 #
 # import {
 #   to = dynu_dns_record.grafana_lan_ddnsgeek_com

infrastructure/terraform/dynu/provider.tf

@@ -1,5 +1,4 @@
 provider "dynu" {
   # Keep auth local-only; do not commit credentials.
-  # Provider schema must be confirmed against registry docs before changing fields.
   api_key = var.dynu_api_key
 }

infrastructure/terraform/dynu/records.tf

@@ -143,5 +143,28 @@ locals {
       target      = null
       proxied     = null
     }
+
+    searxng = {
+      fqdn        = "searxng.lan.ddnsgeek.com"
+      hostname    = "searxng"
+      service     = "searxng"
+      source      = "apps/searxng/docker-compose.yml"
+      purpose     = "SearXNG search endpoint"
+      record_type = null
+      ttl         = null
+      target      = null
+      proxied     = null
+    }
+    traefik = {
+      fqdn        = "traefik.lan.ddnsgeek.com"
+      hostname    = "traefik"
+      service     = "traefik"
+      source      = "core/traefik/docker-compose.yml"
+      purpose     = "Traefik dashboard/API endpoint"
+      record_type = null
+      ttl         = null
+      target      = null
+      proxied     = null
+    }
   }
 }

infrastructure/terraform/dynu/terraform.tfvars.example

@@ -2,3 +2,5 @@
 dynu_api_key  = "replace-with-dynu-api-key"
 dynu_username = null
 dynu_password = null
+
+dynu_root_domain = "lan.ddnsgeek.com"

infrastructure/terraform/dynu/variables.tf

@@ -1,3 +1,10 @@
+
+variable "dynu_root_domain" {
+  description = "Dynu root domain name to reconcile/import (for example: lan.ddnsgeek.com)."
+  type        = string
+  default     = "lan.ddnsgeek.com"
+}
+
 variable "dynu_api_key" {
   description = "Dynu API key/token used by the Dynu Terraform provider."
   type        = string

infrastructure/terraform/dynu/versions.tf

@@ -4,7 +4,6 @@ terraform {
   required_providers {
     dynu = {
       source = "beatz174-bit/dynu"
-      version = ">= 0.1.0"
     }
   }
 }