diff --git a/.github/workflows/deploy-pages.yml b/.github/workflows/deploy-pages.yml index 44d4c76..dc34882 100644 --- a/.github/workflows/deploy-pages.yml +++ b/.github/workflows/deploy-pages.yml @@ -50,9 +50,14 @@ jobs: terraform-validate: name: Terraform validate runs-on: ubuntu-latest + strategy: + matrix: + dir: + - terraform/github-pages + - terraform/cloudflare defaults: run: - working-directory: terraform/github-pages + working-directory: ${{ matrix.dir }} steps: - name: Checkout repository uses: actions/checkout@v4 diff --git a/terraform/cloudflare/main.tf b/terraform/cloudflare/main.tf new file mode 100644 index 0000000..aa3da5f --- /dev/null +++ b/terraform/cloudflare/main.tf @@ -0,0 +1,84 @@ +terraform { + required_providers { + cloudflare = { + source = "cloudflare/cloudflare" + version = "~> 4.0" + } + } +} + +# --------------------------------------------------------------------------- +# Variables +# --------------------------------------------------------------------------- + +variable "cloudflare_api_token" { + description = "Cloudflare API token with Permissions: Zone:DNS:Edit, Account:Cloudflare Pages:Edit" + sensitive = true +} + +variable "cloudflare_zone_id" { + description = "Cloudflare Zone ID for up2cloud.tech (Cloudflare dashboard → up2cloud.tech → Overview → Zone ID)" +} + +# --------------------------------------------------------------------------- +# Locals +# --------------------------------------------------------------------------- + +locals { + account_id = "6e6599da55818139812d41602175cffe" + project_name = "up2cloud-tech" + domain = "up2cloud.tech" +} + +# --------------------------------------------------------------------------- +# Provider +# --------------------------------------------------------------------------- + +provider "cloudflare" { + api_token = var.cloudflare_api_token +} + +# --------------------------------------------------------------------------- +# Cloudflare Pages — register custom domain +# This tells Cloudflare Pages to serve up2cloud.tech from the up2cloud-tech project. +# --------------------------------------------------------------------------- + +resource "cloudflare_pages_domain" "apex" { + account_id = local.account_id + project_name = local.project_name + domain = local.domain +} + +resource "cloudflare_pages_domain" "www" { + account_id = local.account_id + project_name = local.project_name + domain = "www.${local.domain}" +} + +# --------------------------------------------------------------------------- +# DNS records +# Cloudflare CNAME flattening makes a CNAME work for the apex domain. +# proxied = true routes traffic through Cloudflare edge (DDoS, WAF, cache). +# --------------------------------------------------------------------------- + +resource "cloudflare_record" "apex_cname" { + zone_id = var.cloudflare_zone_id + name = "@" + type = "CNAME" + value = "${local.project_name}.pages.dev" + proxied = true + comment = "Cloudflare Pages — up2cloud.tech" + + depends_on = [cloudflare_pages_domain.apex] +} + +resource "cloudflare_record" "www_cname" { + zone_id = var.cloudflare_zone_id + name = "www" + type = "CNAME" + value = "${local.project_name}.pages.dev" + proxied = true + comment = "Cloudflare Pages — www.up2cloud.tech" + + depends_on = [cloudflare_pages_domain.www] +}