Skip to content

timohirt/terraform-provider-hetznerdns

Repository files navigation

This project is not maintained anymore

Answerings and solving issues, reviewing and merging PRs, keeping dependencies up to date is a lot of work. As I don't need Hetzner DNS anymore, I decided to not work on this project anymore and dedicate my free time to other fun activities.

Feel free to create pull requests and contribute to this project. I'll be merging them and publiching new releases.

Another option is this fork: germanbrew/terraform-provider-hetznerdns

Terraform Provider for Hetzner DNS

CI Build GitHub release (latest by date) GitHub

Read about what I learnt while implementing this Terraform Provider.

You can find resources and data sources documentation there or here.

Requirements

  • Terraform > v1.0
  • Go 1.16 (to build the provider plugin)

Installing and Using this Plugin

You most likely want to download the provider from Terraform Registry. If you want or need to install the provider locally, take a look at INSTALL.

Using Provider from Terraform Registry (TF >= 1.0)

This provider is published and available there. If you want to use it, just add the following to your terraform.tf:

terraform {
  required_providers {
    hetznerdns = {
      source = "timohirt/hetznerdns"
      version = "2.1.0"
    }
  }
  required_version = ">= 1.0"
}

Then run terraform init to download the provider.

Authentication

Once installed you have three options to provide the required API token that is used to authenticate at the Hetzner DNS API.

Enter API Token when needed

You can enter it every time you run terraform.

Configure the Provider to take the API Token from a Variable

Add the following to your terraform.tf:

variable "hetznerdns_token" {}

provider "hetznerdns" {
  apitoken = var.hetznerdns_token
}

Now, assign your API token to hetznerdns_token in terraform.tfvars:

hetznerdns_token = "kkd993i3kkmm4m4m4"

You don't have to enter the API token anymore.

Inject the API Token via the Environment

Assign the API token to HETZNER_DNS_API_TOKEN env variable.

export HETZNER_DNS_API_TOKEN=<your api token>

The provider uses this token and you don't have to enter it anymore.

Example Usage

# Specify a zone for a domain (example.com)
resource "hetznerdns_zone" "example_com" {
  name = "example.com"
  ttl  = 60
}

# Handle root (example.com)
resource "hetznerdns_record" "example_com_root" {
  zone_id = hetznerdns_zone.example_com.id
  name    = "@"
  value   = hcloud_server.server_name.ipv4_address
  type    = "A"
  # You only need to set a TTL if it's different from the zone's TTL above
  ttl     = 300
}

# Handle wildcard subdomain (*.example.com)
resource "hetznerdns_record" "all_example_com" {
  zone_id = hetznerdns_zone.example_com.id
  name    = "*"
  value   = hcloud_server.server_name.ipv4_address
  type    = "A"
}

# Handle specific subdomain (books.example.com)
resource "hetznerdns_record" "books_example_com" {
  zone_id = hetznerdns_zone.example_com.id
  name    = "books"
  value   = hcloud_server.server_name.ipv4_address
  type    = "A"
}

# Handle email (MX record with priority 10)
resource "hetznerdns_record" "example_com_email" {
  zone_id = hetznerdns_zone.example_com.id
  name    = "@"
  value   = "10 mail.example.com"
  type    = "MX"
}

# SPF record
resource "hetznerdns_record" "example_com_spf" {
  zone_id = hetznerdns_zone.example_com.id
  name    = "@"
  # The entire value needs to be enclosed in quotes in the zone file, if it contains a space or a quote. For Terraform, you need to escape these "inner" quotes:
  value   = "\"v=spf1 ip4:1.2.3.4 -all\""
  # Or let `jsonencode()` take care of the escaping:
  value   = jsonencode("v=spf1 ip4:1.2.3.4 -all")
  type    = "TXT"
}

# DKIM record
locals {
  dkim = "v=DKIM1;h=sha256;k=rsa;s=email;p=abc..."}
}
resource "hetznerdns_record" "example_com_dkim" {
  zone_id = hetznerdns_zone.example_com.id
  name    = "default._domainkey"
  type    = "TXT"
  # Since the maximum length of a DNS record is 255, it needs to be split in 2 parts:
  value   = join(" ", [
    jsonencode(substr(local.dkim, 0, 255)),
    jsonencode(substr(local.dkim, 255, 255)),
    ""
  ])
  # Alternative (works even if the string is longer than 510):
  value   = join("\"", [
    "",
    replace(local.dkim, "/(.{255})/", "$1\" \""),
    " "
  ])
}