UP2CLOUD · CesarNog · May 31, 2026 · May 31, 2026 · gemini-code-assist · May 31, 2026
diff --git a/.github/workflows/deploy-pages.yml b/.github/workflows/deploy-pages.yml
@@ -50,9 +50,14 @@ jobs:
   terraform-validate:
     name: Terraform validate
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        dir:
+          - terraform/github-pages
+          - terraform/cloudflare
     defaults:
       run:
-        working-directory: terraform/github-pages
+        working-directory: ${{ matrix.dir }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4

diff --git a/terraform/cloudflare/main.tf b/terraform/cloudflare/main.tf
@@ -0,0 +1,84 @@
+terraform {
+  required_providers {
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 4.0"
+    }
+  }
+}
+
+# ---------------------------------------------------------------------------
+# Variables
+# ---------------------------------------------------------------------------
+
+variable "cloudflare_api_token" {
+  description = "Cloudflare API token with Permissions: Zone:DNS:Edit, Account:Cloudflare Pages:Edit"
+  sensitive   = true
+}
+
+variable "cloudflare_zone_id" {
+  description = "Cloudflare Zone ID for up2cloud.tech (Cloudflare dashboard → up2cloud.tech → Overview → Zone ID)"
+}
+
+# ---------------------------------------------------------------------------
+# Locals
+# ---------------------------------------------------------------------------
+
+locals {
+  account_id   = "6e6599da55818139812d41602175cffe"
+  project_name = "up2cloud-tech"
+  domain       = "up2cloud.tech"
+}
+
+# ---------------------------------------------------------------------------
+# Provider
+# ---------------------------------------------------------------------------
+
+provider "cloudflare" {
+  api_token = var.cloudflare_api_token
+}
+
+# ---------------------------------------------------------------------------
+# Cloudflare Pages — register custom domain
+# This tells Cloudflare Pages to serve up2cloud.tech from the up2cloud-tech project.
+# ---------------------------------------------------------------------------
+
+resource "cloudflare_pages_domain" "apex" {
+  account_id   = local.account_id
+  project_name = local.project_name
+  domain       = local.domain
+}
+
+resource "cloudflare_pages_domain" "www" {
+  account_id   = local.account_id
+  project_name = local.project_name
+  domain       = "www.${local.domain}"
+}
+
+# ---------------------------------------------------------------------------
+# DNS records
+# Cloudflare CNAME flattening makes a CNAME work for the apex domain.
+# proxied = true routes traffic through Cloudflare edge (DDoS, WAF, cache).
+# ---------------------------------------------------------------------------
+
+resource "cloudflare_record" "apex_cname" {
+  zone_id = var.cloudflare_zone_id
+  name    = "@"
+  type    = "CNAME"
+  value   = "${local.project_name}.pages.dev"
+  proxied = true
+  comment = "Cloudflare Pages — up2cloud.tech"
+
+  depends_on = [cloudflare_pages_domain.apex]
+}
+
+resource "cloudflare_record" "www_cname" {
+  zone_id = var.cloudflare_zone_id
+  name    = "www"
+  type    = "CNAME"
+  value   = "${local.project_name}.pages.dev"
+  proxied = true
+  comment = "Cloudflare Pages — www.up2cloud.tech"
+
+  depends_on = [cloudflare_pages_domain.www]
+}