Merge pull request #99 from momeemt/config/2025-11-18-6d050e5a-1488-4f65-9932-a8e7b61dfac7

momeemt · web-flow · commit 1fd39194bfbb · 2025-11-18T14:11:56.000+09:00
diff --git a/nix/flakes/per-system.nix b/nix/flakes/per-system.nix
@@ -4,7 +4,12 @@
     config,
     system,
     ...
-  }: {
+  }: let
+    pkgs-master = import inputs.nixpkgs-master {
+      inherit system;
+      config.allowUnfree = true;
+    };
+  in {
     _module.args.pkgs = import inputs.nixpkgs {
       inherit system;
       config.allowUnfree = true;
@@ -20,7 +25,9 @@
       ];
       buildInputs = with pkgs; [
         sops
-        terraform
+        pkgs-master.terraform
+        pkgs-master.terraform-providers.cloudflare_cloudflare
+        pkgs-master.terraform-providers.carlpett_sops
         nodejs_24
       ];
     };
@@ -69,6 +76,7 @@
         };
         statix.enable = true;
         stylua.enable = true;
+        terraform.enable = true;
         yamlfmt.enable = true;
       };
       settings.global.excludes = [
diff --git a/nix/home/example/default.nix b/nix/home/example/default.nix
@@ -1,4 +1,8 @@
-{inputs, ...}: {
+{
+  inputs,
+  pkgs,
+  ...
+}: {
   imports = [
     inputs.nixvim.homeManagerModules.nixvim
     ../../modules/nixvim
@@ -9,6 +13,7 @@
     ../../modules/site/home
   ];
 
+  nix.package = pkgs.nix;
   site.home.username = "example";
   programs.home-manager.enable = true;
 }
diff --git a/secrets/secrets.enc.yml b/secrets/secrets.enc.yml
diff --git a/terraform/.gitignore b/terraform/.gitignore
@@ -0,0 +1,3 @@
+.terraform/*
+*.tfstate
+*.tfstate.*
diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
diff --git a/terraform/cloudflare.tf b/terraform/cloudflare.tf
@@ -0,0 +1,236 @@
+provider "cloudflare" {
+  api_token = local.cloudflare_api_token
+}
+
+resource "cloudflare_dns_record" "www_dns_record" {
+  zone_id = local.cloudflare_zone_id
+  name    = "www"
+  type    = "CNAME"
+  content = "momee.mt"
+  ttl     = 1
+  proxied = true
+  comment = "www.momee.mt"
+}
+
+resource "cloudflare_dns_record" "root_dns_record" {
+  zone_id = local.cloudflare_zone_id
+  name    = "momee.mt"
+  type    = "CNAME"
+  content = "momeemt.github.io"
+  ttl     = 1
+  proxied = false
+  comment = "https://github.com/momeemt/momee.mt"
+}
+
+resource "cloudflare_dns_record" "blog_dns_record" {
+  zone_id = local.cloudflare_zone_id
+  name    = "blog"
+  type    = "CNAME"
+  content = "blog-momee-mt.pages.dev"
+  ttl     = 1
+  proxied = true
+  comment = "https://github.com/momeemt/blog.momee.mt"
+}
+
+resource "cloudflare_dns_record" "wascaml_dns_record" {
+  zone_id = local.cloudflare_zone_id
+  name    = "wascaml"
+  type    = "CNAME"
+  content = "momeemt.github.io"
+  ttl     = 1
+  proxied = false
+  comment = "https://github.com/momeemt/wascaml"
+}
+
+resource "cloudflare_dns_record" "note_dns_record" {
+  zone_id = local.cloudflare_zone_id
+  name    = "note"
+  type    = "CNAME"
+  content = "momeemt.github.io"
+  ttl     = 1
+  proxied = false
+  comment = "https://github.com/momeemt/note.momee.mt"
+}
+
+resource "cloudflare_dns_record" "beta_blog_dns_record" {
+  zone_id = local.cloudflare_zone_id
+  name    = "beta.blog"
+  type    = "CNAME"
+  content = "cname.vercel-dns.com"
+  ttl     = 1
+  proxied = false
+  comment = "https://github.com/momeemt/beta.blog.momee.mt"
+}
+
+resource "cloudflare_dns_record" "discord_verification" {
+  zone_id = local.cloudflare_zone_id
+  name    = "_discord"
+  type    = "TXT"
+  content = "\"dh=2e77ca64445ab63e1f162fcac219561b3c130875\""
+  ttl     = 1
+  comment = "Discord domain verification"
+}
+
+resource "cloudflare_dns_record" "keybase_verification" {
+  zone_id = local.cloudflare_zone_id
+  name    = "momee.mt"
+  type    = "TXT"
+  content = "\"keybase-site-verification=uFhhJXlVtYpXOJu1UUm-CLj_z6YwIa1nKAe40aJez6s\""
+  ttl     = 1
+  comment = "Keybase domain verification"
+}
+
+resource "cloudflare_dns_record" "openai_verification" {
+  zone_id = local.cloudflare_zone_id
+  name    = "openai"
+  type    = "TXT"
+  content = "\"openai-domain-verification=dv-kKZVqBQ4A8qyubcbqOpsFWEh\""
+  ttl     = 1
+  comment = "OpenAI domain verification"
+}
+
+resource "cloudflare_dns_record" "google_site_verification_1" {
+  zone_id = local.cloudflare_zone_id
+  name    = "google-site-verification"
+  type    = "TXT"
+  content = "\"google-site-verification=lJLyU_Pwc5FLoSU3BfswBFEwuovJlgUlwCP8W1_Su-I\""
+  ttl     = 1
+  comment = "Google site verification 1"
+}
+
+resource "cloudflare_dns_record" "google_site_verification_2" {
+  zone_id = local.cloudflare_zone_id
+  name    = "google-site-verification"
+  type    = "TXT"
+  content = "\"google-site-verification=nrsbgKT0ypYdJ5Q0jNJi9pc52dWOL_w1jrw38Xf8AUo\""
+  ttl     = 1
+  comment = "Google site verification 2"
+}
+
+resource "cloudflare_dns_record" "gmail_mx_records_1" {
+  zone_id  = local.cloudflare_zone_id
+  name     = "momee.mt"
+  type     = "MX"
+  priority = 1
+  content  = "aspmx.l.google.com"
+  ttl      = 3600
+  comment  = "Gmail MX record 1"
+}
+
+resource "cloudflare_dns_record" "gmail_mx_records_2" {
+  zone_id  = local.cloudflare_zone_id
+  name     = "momee.mt"
+  type     = "MX"
+  priority = 5
+  content  = "alt1.aspmx.l.google.com"
+  ttl      = 3600
+  comment  = "Gmail MX record 2"
+}
+
+resource "cloudflare_dns_record" "gmail_mx_records_3" {
+  zone_id  = local.cloudflare_zone_id
+  name     = "momee.mt"
+  type     = "MX"
+  priority = 5
+  content  = "alt2.aspmx.l.google.com"
+  ttl      = 3600
+  comment  = "Gmail MX record 3"
+}
+
+resource "cloudflare_dns_record" "gmail_mx_records_4" {
+  zone_id  = local.cloudflare_zone_id
+  name     = "momee.mt"
+  type     = "MX"
+  priority = 10
+  content  = "alt3.aspmx.l.google.com"
+  ttl      = 3600
+  comment  = "Gmail MX record 4"
+}
+
+resource "cloudflare_dns_record" "gmail_mx_records_5" {
+  zone_id  = local.cloudflare_zone_id
+  name     = "momee.mt"
+  type     = "MX"
+  priority = 10
+  content  = "alt4.aspmx.l.google.com"
+  ttl      = 3600
+  comment  = "Gmail MX record 5"
+}
+
+resource "cloudflare_dns_record" "dmarc_record" {
+  zone_id = local.cloudflare_zone_id
+  name    = "_dmarc"
+  type    = "TXT"
+  content = "\"v=DMARC1;  p=none; rua=mailto:59f123c54a6241b2bffded3408e5b014@dmarc-reports.cloudflare.net\""
+  ttl     = 1
+  comment = "Generated by Cloudflare for DMARC"
+}
+
+resource "cloudflare_dns_record" "bluesky_verification" {
+  zone_id = local.cloudflare_zone_id
+  name    = "_atproto"
+  type    = "TXT"
+  content = "\"did=did:plc:w5ccyes44tjzyfza56uffbfz\""
+  ttl     = 1
+  comment = "Bluesky domain verification"
+}
+
+resource "cloudflare_dns_record" "sendgrid_link_branding_1" {
+  zone_id = local.cloudflare_zone_id
+  name    = "39108174"
+  type    = "CNAME"
+  content = "sendgrid.net"
+  ttl     = 1
+  proxied = false
+  comment = "SendGrid Link Branding 1"
+}
+
+resource "cloudflare_dns_record" "sendgrid_link_branding_2" {
+  zone_id = local.cloudflare_zone_id
+  name    = "url5751"
+  type    = "CNAME"
+  content = "sendgrid.net"
+  ttl     = 1
+  proxied = false
+  comment = "SendGrid Link Branding 2"
+}
+
+resource "cloudflare_dns_record" "sendgrid_domain_authentication_dkim_1" {
+  zone_id = local.cloudflare_zone_id
+  name    = "s1._domainkey"
+  type    = "CNAME"
+  content = "s1.domainkey.u39108174.wl175.sendgrid.net"
+  ttl     = 1
+  proxied = false
+  comment = "SendGrid Domain Authentication DKIM 1"
+}
+
+resource "cloudflare_dns_record" "sendgrid_domain_authentication_dkim_2" {
+  zone_id = local.cloudflare_zone_id
+  name    = "s2._domainkey"
+  type    = "CNAME"
+  content = "s2.domainkey.u39108174.wl175.sendgrid.net"
+  ttl     = 1
+  proxied = false
+  comment = "SendGrid Domain Authentication DKIM 2"
+}
+
+resource "cloudflare_dns_record" "sendgrid_domain_authentication_spf" {
+  zone_id = local.cloudflare_zone_id
+  name    = "em40"
+  type    = "CNAME"
+  content = "u39108174.wl175.sendgrid.net"
+  ttl     = 1
+  proxied = false
+  comment = "SendGrid Domain Authentication SPF"
+}
+
+resource "cloudflare_dns_record" "calendly_dns_record" {
+  zone_id = local.cloudflare_zone_id
+  name    = "calendly"
+  type    = "A"
+  content = "192.0.2.1"
+  ttl     = 1
+  proxied = true
+  comment = "https://calendly.com/momeemt/"
+}
diff --git a/terraform/sops.tf b/terraform/sops.tf
@@ -0,0 +1,10 @@
+provider "sops" {}
+
+data "sops_file" "secrets" {
+  source_file = "../secrets/secrets.enc.yml"
+}
+
+locals {
+  cloudflare_api_token = data.sops_file.secrets.data["cloudflare_api_token"]
+  cloudflare_zone_id   = data.sops_file.secrets.data["cloudflare_zone_id"]
+}
diff --git a/terraform/terraform.tf b/terraform/terraform.tf
@@ -0,0 +1,22 @@
+terraform {
+  required_version = "1.13.5"
+
+  required_providers {
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "5.12.0"
+    }
+
+    sops = {
+      source  = "carlpett/sops"
+      version = "1.3.0"
+    }
+  }
+
+  cloud {
+    organization = "momeemt"
+    workspaces {
+      name = "config"
+    }
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+.terraform/*`
	`2`	`+*.tfstate`
	`3`	`+.tfstate.`