>>102648984
It turns out I already started something like this before. I hacked up this script for now. It does the job:
#!/bin/sh
if ! myip="$(curl -s -L -4 https://icanhazip.com)"
then
exit 1
fi
zone="XXX"
name="server-MYDOMAIN.MYTLD"
for rec_type in A AAAA
do
if ! json="$(curl -s -L -X GET "https://api.cloudflare.com/client/v4/zones/${zone}/dns_records?type=${rec_type}&name=${name}" \
-H "Authorization: Bearer XXX" \
-H "Content-Type:application/json")"
then
continue
fi
if ! cloudflare_ip="$(printf "%s" "$json" | jq -r '.result[0].content')"
then
continue
fi
if ! dns_record_identifier="$(printf "%s" "$json" | jq -r '.result[0].id')"
then
continue
fi
case "${cloudflare_ip}" in
"${myip}")
:;;
*)
# static IP for IPv6 I can hardcode this
[ "$rec_type" = "AAAA" ] && myip="2001:XXX::XXX"
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/${zone}/dns_records/${dns_record_identifier}" \
-H "Authorization: Bearer XXX" \
-H "Content-Type: application/json" \
--data "{\"type\":\"${rec_type}\",\"name\":\"${name}\",\"content\":\"${myip}\",\"ttl\":1,\"proxied\":false}"
;;
esac
done