From f21739c250c838bf989148a5cd7291e0c75f7684 Mon Sep 17 00:00:00 2001
From: Slawek Koszewski <slawek@koszewscy.waw.pl>
Date: Fri, 15 Aug 2025 20:45:55 +0200
Subject: [PATCH] Added a custom domain name and validation records.

---
 terraform/main.tf      | 37 ++++++++++++++++++++++++++++++++++++-
 terraform/variables.tf | 12 ++++++++++++
 2 files changed, 48 insertions(+), 1 deletion(-)

diff --git a/terraform/main.tf b/terraform/main.tf
index 657078f..d9c12c3 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -30,6 +30,7 @@ data "azuread_user" "az_lab_admin" {
 
 locals {
   kv_secret_name = "azure-client-secret"
+  app_name = "${var.project_name}-app"
 }
 
 resource "azurerm_resource_group" "rg" {
@@ -82,7 +83,7 @@ resource "azurerm_container_app_environment" "env" {
 }
 
 resource "azurerm_container_app" "app" {
-  name                         = "${var.project_name}-app"
+  name                         = local.app_name
   container_app_environment_id = azurerm_container_app_environment.env.id
   resource_group_name          = azurerm_resource_group.rg.name
   revision_mode                = "Single"
@@ -165,3 +166,37 @@ data "azurerm_container_registry" "acr" {
   name                = "skdomlab"
   resource_group_name = "dom-lab-common"
 }
+
+data "azurerm_dns_zone" "lab_dns_zone" {
+  name                = var.dns_zone_name
+  resource_group_name = var.dns_zone_resource_group_name
+}
+
+resource "azurerm_dns_txt_record" "domain_verification" {
+  name                = "asuid.${var.project_name}"
+  resource_group_name = data.azurerm_dns_zone.lab_dns_zone.resource_group_name
+  zone_name           = data.azurerm_dns_zone.lab_dns_zone.name
+  ttl                 = 300
+
+  record {
+    value = azurerm_container_app.app.custom_domain_verification_id
+  }
+}
+
+resource "azurerm_dns_cname_record" "app_record" {
+  name = var.project_name
+  zone_name = var.dns_zone_name
+  resource_group_name = var.dns_zone_resource_group_name
+  ttl = 300
+
+  record = "${local.app_name}.${azurerm_container_app_environment.env.default_domain}"
+}
+
+resource "azurerm_container_app_custom_domain" "custom_domain" {
+  name = trimsuffix(trimprefix(azurerm_dns_txt_record.domain_verification.fqdn, "asuid."), ".")
+  container_app_id = azurerm_container_app.app.id
+
+  lifecycle {
+    ignore_changes = [ certificate_binding_type, container_app_environment_certificate_id ]
+  }
+}
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 71dd98f..ef27604 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -25,3 +25,15 @@ variable "project_name" {
   description = "The name used to construct Azure resource names."
   type        = string
 }
+
+variable "dns_zone_name" {
+  description = "The name of the DNS zone for domain verification."
+  type        = string
+  default     = "lab.koszewscy.waw.pl"
+}
+
+variable "dns_zone_resource_group_name" {
+  description = "The name of the resource group containing the DNS zone."
+  type        = string
+  default     = "dom-lab-zones"
+}