beatzaplenty/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
63b47b59b5d44b39d13897ce06dc32b816dfd18f
docker/infrastructure/terraform/dynu/README.md
T

2.4 KiB
Raw Blame History

Dynu Terraform Layer (Brownfield DNS Reconciliation)

This Terraform root is for Dynu DNS brownfield reconciliation. The intended pattern is:

  1. Import the existing root domain object.
  2. Read inventory through data.dynu_dns_records.root.
  3. Generate reviewable dynu_dns_record resources and import commands.
  4. Import every existing DNS record into matching Terraform resources.
  5. Use terraform plan as the reconciliation check before any apply.

Provider behavior to keep in mind

  • Source: beatz174-bit/dynu
  • dynu_domain import requires a numeric Dynu domain ID.
  • Importing dynu_domain imports only the root domain object.
  • It does not import DNS records/subdomains.
  • dynu_dns_record imports require <domain_id>/<record_id>.

Variables

  • dynu_root_domain (default: lan.ddnsgeek.com)
  • dynu_api_key (sensitive)
  • dynu_username / dynu_password (optional)

Safe validation commands

cd infrastructure/terraform/dynu
terraform fmt -check -recursive
terraform init -backend=false -input=false
terraform validate
python3 -m py_compile scripts/generate-brownfield-records.py

Brownfield workflow

cd infrastructure/terraform/dynu

terraform init
terraform import dynu_domain.lan_ddnsgeek_com '<numeric-dynu-domain-id>'

terraform apply -refresh-only
terraform output -json dynu_dns_records > /tmp/dynu-records.json

python3 scripts/generate-brownfield-records.py --dry-run
python3 scripts/generate-brownfield-records.py --overwrite

# Review generated/dynu_dns_records.generated.tf
# Review generated/import-dynu-dns-records.sh

bash generated/import-dynu-dns-records.sh

terraform plan

What each component means

  • data.dynu_dns_records.root: read-only live inventory from Dynu.
  • generated/dynu_dns_records.generated.tf: generated management-intent resources; includes prevent_destroy = true on each record.
  • generated/import-dynu-dns-records.sh: imports each discovered record to its generated dynu_dns_record address using <domain_id>/<record_id>.
  • terraform plan after imports: reconciliation checkpoint. Any create/update/delete must be reviewed manually before apply.

Generated artifacts

The helper script writes these files under generated/:

  • generated/dynu_dns_records_inventory.json
  • generated/dynu_dns_records.generated.tf
  • generated/import-dynu-dns-records.sh

These are generated outputs meant for operator review before use in production.

Reference in New Issue View Git Blame Copy Permalink