docker/infrastructure/terraform/dynu/README.md

Dynu Terraform Layer (Brownfield DNS Reconciliation)

This Terraform root is for Dynu DNS brownfield import/reconciliation and documentation outputs.

Dynu remains the authoritative DNS provider for existing records. Terraform here is used to mirror and reconcile existing DNS state incrementally, not to casually recreate production DNS from scratch.

Provider

• Source: beatz174-bit/dynu
• Provider version is intentionally unpinned in this root to use the latest published release.
• Provider block uses api_key auth argument from the published provider schema.

Credentials and auth

Use local terraform.tfvars (or provider-supported environment variables).

• Required variable: dynu_api_key
• Domain variable: dynu_root_domain (defaults to lan.ddnsgeek.com)
• Optional placeholders for future provider auth changes: dynu_username, dynu_password
• Import helper variable: dynu_record_import_id (set per record import operation)

Never commit:

• terraform.tfvars
• .terraform/
• *.tfstate*
• credentials/secrets

Safe validation commands

cd infrastructure/terraform/dynu
terraform fmt -check -recursive
terraform init -backend=false -input=false
terraform validate

Local workflow

cp terraform.tfvars.example terraform.tfvars
$EDITOR terraform.tfvars
terraform init
terraform plan

Import workflow (one object at a time)

terraform import dynu_domain.lan_ddnsgeek_com '<provider-specific-domain-import-id-or-domain-name>'
terraform state show dynu_domain.lan_ddnsgeek_com
terraform plan

Or with import blocks:

cp imports.tf.example imports.tf
$EDITOR imports.tf
terraform plan -generate-config-out=generated-dynu.tf

Notes:

1. Confirm exact import ID formats from the provider docs.
2. For DNS records, add one dynu_dns_record resource at a time after confirming required arguments (hostname, record_type) from terraform providers schema.
3. Treat generated config as draft input; keep only stable, meaningful attributes in hand-maintained .tf.