From 92352375f6d1e9fc7059ce3e2e2ba6140f5a0da3 Mon Sep 17 00:00:00 2001
From: ahuston-0 <aliceghuston@gmail.com>
Date: Thu, 27 Feb 2025 01:13:34 -0500
Subject: [PATCH] migrate nayeonie.com to dnsimple

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
---
 .sops.yaml          |  2 +-
 .terraform.lock.hcl | 37 +++++++++++++++---------------
 main.tf             | 14 +++++++-----
 nayeonie.com.tf     | 55 ++++++++++++++++++++++----------------------
 secrets.json        | 35 ----------------------------
 secrets.tf          |  2 +-
 secrets.yaml        | 56 +++++++++++++++++++++++++++++++++++++++++++++
 7 files changed, 113 insertions(+), 88 deletions(-)
 delete mode 100644 secrets.json
 create mode 100644 secrets.yaml

diff --git a/.sops.yaml b/.sops.yaml
index 4926c6f..a0276d3 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -21,7 +21,7 @@ servers: &servers
 # update keys by executing: sops updatekeys secrets.yaml
 # note: add .* before \.yaml if you'd like to use the mergetool config
 creation_rules:
-  - path_regex: secrets.*json$
+  - path_regex: secrets.*yaml$
     key_groups:
       - pgp:
           - *admin_alice
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
index f18e880..0075f5d 100644
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -16,24 +16,25 @@ provider "registry.terraform.io/carlpett/sops" {
   ]
 }
 
-provider "registry.terraform.io/valodim/desec" {
-  version     = "0.5.0"
-  constraints = "0.5.0"
+provider "registry.terraform.io/dnsimple/dnsimple" {
+  version     = "1.8.0"
+  constraints = "1.8.0"
   hashes = [
-    "h1:cjk3hxvxbu70hluQ2mZ+NUhN8818ESaddHmPhMLlwtM=",
-    "zh:02a1a8c93fdf480683518580d95660c26e4a573c03ecc145b8f7cf4a94206e50",
-    "zh:08d84a229c20b78da4426195047805fb5b1dd0b803a0d0d219528782fa4fc638",
-    "zh:15159f119c4afceca551abca814a085a0f2c277d69ff3a2a235a1e5100969e58",
-    "zh:1a23c57a25e258d26a86f3b01e6ee7e6b5cd75867ea6e9460765261cdc0a4a02",
-    "zh:2417beec12f72d6a82474737880988c7499dcd7cacfb2a91bc26d440c3335820",
-    "zh:46cde27d77f1bf1d5ca0e051504727073a9318016f18f3ba61e796a80493e8d6",
-    "zh:7a8f392dc6cc48328e7783d4f7bae3f9b8fec4047f4f5b3bab0bd3adfd9cd061",
-    "zh:88e849be319b262caa5d6c8aa1926109c69934292d1c7740dedf979ef6c87f55",
-    "zh:8c722a10660ddef51f087611fdc202ae087f16d10da1f5e8c5afcec2ee920dc2",
-    "zh:90335bf608b845ac59fdd0860faacadd195c94422aa19dc44342ece458de0ef6",
-    "zh:939273e7453421f1570dfd96792d3c72566474e9087007fbda4bc7d1b47c926a",
-    "zh:c42e33dce10ab70fdcf1cd18dc44672c4894a36369fb59964156a7072d21eb3d",
-    "zh:d57d776833aa1af41e1a037c8d6b176eb75562f9933fb3050587bb5097aa1e97",
-    "zh:d65cb7d81f9ac31b107cfebd100d6baca93edc7be85ff6ee8488531265cfcc9e",
+    "h1:Nwu+3tVJnNmSJQoctRSWAamUX3AiTCZ5mOMtAUPtg7Q=",
+    "zh:0852fd9523268b30fb637a03a0cb6d6a5878cbbf7e0e4219615c9ba073fbdf17",
+    "zh:0ac43193082dd467abad4937b0abb97ea349205726fc450cb3a94dc0db6e9a49",
+    "zh:10e4aad54c2d6cbd9328a1661d72a978357743eda7099a3f120a497119be4ff1",
+    "zh:211d481935dec36903928c51f5f4f15d98313f6d50649ea064bc20a4d6541678",
+    "zh:2705b5ebac4219449f9126cc19fa982cf0644e5df60d3d5254131d2e2d676afd",
+    "zh:27f0df80af6652e96f85a0856daa571af495d2119ab126199d6d5ab53f6eb887",
+    "zh:27fbb2fb69291a660d8e99ba960f01051b7fc28658f7932772ce7e80a42bd6e9",
+    "zh:3ecf20ead1f044f08ae9e411c9341d47319eb6af5d6543b58f2f6932c6b288b0",
+    "zh:635055f0af3eb27d30801aeead51d8b960c386f369a378fad7146350ec6b4d68",
+    "zh:7ca26f64221a9c6634a02296e30a87e3fffed1144ac57e0ae9a86a448f42d4ca",
+    "zh:895e0732da00942b2eb13c78673a9c9268e87e92a225999cddf2d13b823f3295",
+    "zh:b3806e5b687faf97ad8cb2a23e105729059693ae07a229fecef52da5279d7bd1",
+    "zh:c3c284a54aab3ddea2dba140af4a707ce077c9c2d9d34556902afdb25fe6ca8e",
+    "zh:d2539f2cc5960a55a53eaaa90248abfb3167275e34af7e93735ec4571eb879eb",
+    "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32",
   ]
 }
diff --git a/main.tf b/main.tf
index 51368ed..4b6ad7f 100644
--- a/main.tf
+++ b/main.tf
@@ -1,19 +1,20 @@
 terraform {
   required_providers {
-    desec = {
-      source  = "Valodim/desec"
-      version = "0.5.0"
-    }
     sops = {
       source  = "carlpett/sops"
       version = "1.1.1"
     }
+    dnsimple = {
+      source  = "dnsimple/dnsimple"
+      version = "1.8.0"
+    }
   }
 
   backend "s3" {
     bucket = "tfstate" # Name of the S3 bucket
     endpoints = {
       s3 = "http://192.168.76.2:8502" # Minio endpoint
+      #s3 = "http://alicehuston.duckdns.org" # Minio endpoint
     }
     key                  = "dns-management/desec-io.tfstate" # Name of the tfstate file
     workspace_key_prefix = "tfstate"
@@ -32,6 +33,7 @@ terraform {
 
 provider "sops" {}
 
-provider "desec" {
-  api_token = data.sops_file.secrets.data["desec_api"]
+provider "dnsimple" {
+  account = data.sops_file.secrets.data["dnsimple.account"]
+  token   = data.sops_file.secrets.data["dnsimple.token"]
 }
diff --git a/nayeonie.com.tf b/nayeonie.com.tf
index ef38e94..4124262 100644
--- a/nayeonie.com.tf
+++ b/nayeonie.com.tf
@@ -1,40 +1,41 @@
-resource "desec_domain" "nayeonie_com" {
+# Create a zone
+resource "dnsimple_zone" "nayeonie_com" {
   name = "nayeonie.com"
 }
 
-resource "desec_rrset" "wildcard_nayeonie_com_cname" {
-  domain     = "nayeonie.com"
-  subname    = "*"
-  type       = "CNAME"
-  records    = ["alicehuston.duckdns.org."]
-  ttl        = 3600
-  depends_on = [desec_domain.nayeonie_com]
+# Add a record to the root domain
+resource "dnsimple_zone_record" "root_nayeonie_com_cname" {
+  zone_name = "nayeonie.com"
+  name      = ""
+  value     = "alicehuston.duckdns.org"
+  type      = "ALIAS"
+  ttl       = 3600
 }
 
-# not needed as its dynamically created
-# resource "desec_rrset" "nayeonie_com_ns" {
-#   domain  = "nayeonie.com"
-#   subname = ""
-#   type    = "NS"
-#   records = ["ns2.desec.org.", "ns1.desec.io."]
-#   ttl     = 3600
-#   depends_on = [desec_domain.nayeonie_com]
-# }
+# Add a record to the root domain
+resource "dnsimple_zone_record" "wildcard_nayeonie_com_cname" {
+  zone_name  = "nayeonie.com"
+  name       = "*"
+  value      = "alicehuston.duckdns.org"
+  type       = "ALIAS"
+  ttl        = 3600
+  depends_on = [dnsimple_zone.nayeonie_com]
+}
 
-resource "desec_rrset" "tiktok_txt" {
-  domain     = "nayeonie.com"
-  subname    = ""
+resource "dnsimple_zone_record" "tiktok_txt" {
+  zone_name  = "nayeonie.com"
+  name       = ""
   type       = "TXT"
-  records    = [trim(data.sops_file.secrets.data["tiktok_txt"], "\"")]
+  value      = data.sops_file.secrets.data["tiktok.txt"]
   ttl        = 3600
-  depends_on = [desec_domain.nayeonie_com]
+  depends_on = [dnsimple_zone.nayeonie_com]
 }
 
-resource "desec_rrset" "gitea_nayeonie_com_srv" {
-  domain     = "nayeonie.com"
-  subname    = "_gitea._tcp"
+resource "dnsimple_zone_record" "gitea_nayeonie_com_srv" {
+  zone_name  = "nayeonie.com"
+  name       = "_gitea._tcp"
   type       = "SRV"
-  records    = ["0 100 2222 nayeonie.com."]
+  value      = "100 2222 nayeonie.com."
   ttl        = 3600
-  depends_on = [desec_domain.nayeonie_com]
+  depends_on = [dnsimple_zone.nayeonie_com]
 }
diff --git a/secrets.json b/secrets.json
deleted file mode 100644
index a8985ac..0000000
--- a/secrets.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
-	"desec_api": "ENC[AES256_GCM,data:3l1SNtRY6Cto3+CwkcJc95IjzHqa+G+Hbe2/yw==,iv:12m1GaG4ZNiWPqSZp1hmBJsbXqUjMn3hOf9bKHaGZuQ=,tag:aKJ8o/2alhzmoPB5dVvRQQ==,type:str]",
-	"tiktok_txt": "ENC[AES256_GCM,data:3sNHYlsJuCgJoDZ6A8RxbXGMwP760qjE8es0Px2HTJJ12eqtK1aB62OP7SJFVFHVm43gg3TUlhtVMffE51Q1TItawiA=,iv:gvcULZVb4EdrtJT9V1uJ8twoCf6pBO5BOGULdQCT5Tw=,tag:LT2EjnlBKQdfOlqxvwzWRw==,type:str]",
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": [
-			{
-				"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBybFUzRTM2NjdZcFV5Vk9W\nNko3Sm1VcWZ1V1FoTnZJS09jK0NST0hXejEwCnZDUzZENDAxZzl4OEluUTAyS0ZC\nem9CL08yb3NJemEvbFROTVcyRmc5S28KLS0tIDZZMlhFd3psY0NpSnl3WXhZY1Q1\neFNoUmR6MmxndmdVc1gzSGwvWW01SDgKA99BQjEcwLZ4EvFz39xO619U+MVH1rEv\n+b8X4jJCgUmqG5QGaYFjJRtUfOQJCU3qNEmFpIZlf63mE0mWweNlcg==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPOUp0M1NJRDlDMGdsT2kr\nTkRHbWdyMlV0WWdZaDRXaUNtdmNGajl2QlgwClphUXlESnFTaUNSOWNmZ1RjZnVu\nbnpBTEZidTYzenl1R2ZycFJ0eFVjSWsKLS0tIGMrTVZmRXZYWlpoaE13Rkp2Smh6\nZStUWG4rNk1qWFR5TysyOHFCUWlRdkUKTj/CgFLWH5msyRTjoh7RePCI7kEIO05v\nQQ9TSRmThLQAQ998hnIeZ1ec3QJ4AvOhHzqFMwZCvwh28drjUADDyg==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUQ0ZEQ0prNjZiZzV6YnlG\nTWlHQk1mV0t2ZE1peFFsdWIybXdVdWh3ZGg0ClJhc3ZsZk10Ti9CbU4yMk8xZ3JS\nQUNXbWtyRXJ6amFBejg0NVhNQmk0MXMKLS0tIHJrVmhETmxOYUV6S3JtY1BVa09i\nSW9wV0pvNWx6ZEZDVE5Hc2syVVo2NjQKV16Dq1BJr/mIsnZMlH04WOIwi2CK2GIV\nc1Rpi1b2GXeXr0avCyhilCBgVJU+R9mEwunm7vfbBjD/hyEZXSYaVg==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2025-02-14T22:18:09Z",
-		"mac": "ENC[AES256_GCM,data:oy6AH5kB2NTkTGq9smpEB8qWoRnnrJPbm++qDFWOJoeyExA6OFkZg78UGQSDzUf04nGqN7XQIiErZc2J5aPayu3XSOM78LwJ/ZsX3q+Fm3cpVgZKjuwLfxVebGYA+DCJtyvdbI8SlLL9U4Z+SeBnF9cCCg3Gcp0oRiJUJvwx73E=,iv:wGOAe27/vn0h02ylHzX2Ru/oIFRhPQRj3sA+gx8cxlE=,tag:f9MzqGtPvAVHqso0VNuKQQ==,type:str]",
-		"pgp": [
-			{
-				"created_at": "2025-02-14T20:43:56Z",
-				"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdAK3zlysJ2QMIjTEfJwN6k1xa/8VmwkSPXU2TDpOuVJjYw\nLj4ANsUO5cFWw0VCR9AcU7Eui3OF7/jSLSM+JGBTy7CSbOo7uAJ46mt7QmzkXaTp\n0l4BLxY6ZHexCArTaN73vunTSFJsmBIw1W15xckcN523A1Dw/cZXYRazkMpQVdXc\nU6SaxkSwgZpcC0wBYUwYjFyUSwD9w3/gmhjnltrbsU7EbKFPz5hBkQpGDwFZgXoJ\n=INhR\n-----END PGP MESSAGE-----",
-				"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
-			}
-		],
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.9.3"
-	}
-}
\ No newline at end of file
diff --git a/secrets.tf b/secrets.tf
index 0811779..b5b291c 100644
--- a/secrets.tf
+++ b/secrets.tf
@@ -1,3 +1,3 @@
 data "sops_file" "secrets" {
-  source_file = "secrets.json"
+  source_file = "secrets.yaml"
 }
diff --git a/secrets.yaml b/secrets.yaml
new file mode 100644
index 0000000..b2905c2
--- /dev/null
+++ b/secrets.yaml
@@ -0,0 +1,56 @@
+desec:
+    api: ENC[AES256_GCM,data:208LIsuEe06aDWOucVnNmVjbUdXjT/9OLVKM1Q==,iv:ft8+ui1/EcGCXM7/FBEk6UwgRJ6CDX5Gy7AMlCSrbsk=,tag:jV0wuKK2Ok0BESMUPNapwA==,type:str]
+tiktok:
+    txt: ENC[AES256_GCM,data:XHtpPSPf/IHh1n9qn7QIBeWIolAS8hNugAryOcpsLAGukSZCHubtPjiRWcErm3rJz2iRgs9IE197AhBORhLa9kNYb0w=,iv:+0K8qxM7hEHVfw+ZZ0suPILjxtjOQLCd4unbrXff61c=,tag:e/t2yltQu/X5zcJZOSA70w==,type:str]
+dnsimple:
+    account: ENC[AES256_GCM,data:3wAR4C3z,iv:bPMrRCySF56ry28rjwVKmi8vvhj7xv3TymKn8l2S7MI=,tag:+q2I37HbzTXAY/Q7H/TNJQ==,type:str]
+    token: ENC[AES256_GCM,data:zJstjpUIR5q6c1ZK9JMg5A6QQ9gLCI/15cgaEEF266D5qclvrCjSzU1pcw==,iv:HgI50IN84iqcSuovtREZUppEEHFeeZGsY8bU5r8B70g=,tag:jWK6a4UNZlCwdk8tsQ7w3Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6Yzg2RG5MMTNJVjBPVHJn
+            RXl1Y2hmMjFZT2wxeWhTZUFMeUswdnZhWmpZCnVuZ3FEdHNRQ1VCMTc2MlZySkhQ
+            VVFxbnhKd0NQM2RrMFBXVlR5TVcvSW8KLS0tIFNMWGt0eG52RXArVVFEdGlGNXpw
+            Q09Od08zQzNTQkFqY2xyVFNmU2dYV2sKQu1lFgLueFfREOqQr/KNzl+QoMMAltvU
+            rw0XzMilOEgd3PzedgGVWgWPF3Bfl0eO0Z85bOXoBowEFF7ZT7ZwHQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5RlhXY3hmUkc2Vysrck90
+            NTcySDVhYlE5L01GcjkzNkJQeVU4L20wdWxZCjBIcFpyQkRJaDdwdGxML045UEov
+            Zm9waTYrb1U0MXZWL3NiMFNEbFFtZUUKLS0tICtYMHNkek5RTVcwK1pJTmI5emFX
+            YkJLU0xMWWY1cDlQVFVCM3BsRjZOK2sK2ukAnhzv2FoNGZNs6kvoK7Uhq9AET3/Y
+            t5CeUgxDrYjmhKg4RK6U0XFayx7h6armhC3MTpS0H30i15Ph9JjGGg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArd20vU2lQbkdUSThIa1Nk
+            YzRPY1NoVytuR0FxWTBMUTNvTURYL0ZvQkN3CmNZYytNZ0lYUzRCSVlRTzhXUEFs
+            N3lqWkIzcDRsTVZqSHVmc3NGTEZhZmMKLS0tIGtrMVMrVmVNT3ErQW04SzB3SXdI
+            Y0pZNTZRNWFiS2o3YmlwbXpHSjU3WEUKeP/QqhWgbVrNO2NNqQq2JzvOugUKmjLZ
+            1VfsllJBQGzcWAllecbV6ZjfuVNLt1btnX4Yug0VDdQs8Ds38xIU5g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-02-27T06:09:54Z"
+    mac: ENC[AES256_GCM,data:T5QplfNf2yU8ZHHF0LFHx72v06OXDHw1a+/T5UbIB0GU8Hsdg45VIAMEQed+QqeTIINMjzEEzfZvDcVQYnhHHjCeWjtq3ZsBE8n49FvnkjltnIvXBZO3pH2Zp7K+sDxPol+CgRSx0SUOF24boUDYFMNitG0BZ5wL6V0+7l6I3Zg=,iv:8+MwOaj5NnB2emAATaXJ2NdlUmwOcTWdQSQe7O0St28=,tag:8ce4QcAHZxOgG/zd4OeTsw==,type:str]
+    pgp:
+        - created_at: "2025-02-27T06:09:54Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hF4DQWNzDMjrP2ISAQdArkYM3X8lh9SmCckGtsmXn0P5Mp/KQybPTGSN4ip53i8w
+            J0FZKicpH+oPDrDa/jU1EUaCebv+vqmzD83zbOcEoLU9bte6OM9MJlnXcnyxAp20
+            0l4Bozr3JjpBoyzKL0GGAOLwoKndhpPZgINqF3W5BT4dbWp1+nEnnU5nW9Dan+Sl
+            UIMCCRonJn6dlunQeIYrMMLo4PCuQrLsSm7z3+jjqA6cL8j9pBEMD5UhwGhjOcu6
+            =i5U/
+            -----END PGP MESSAGE-----
+          fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
+    unencrypted_suffix: _unencrypted
+    version: 3.9.3