Skip to content

config: 2025/11/18 #99

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Nov 18, 2025
Merged

config: 2025/11/18 #99

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ee52fa7
add: terraform
momeemt Nov 17, 2025
ee4b785
add: terraform formatter
momeemt Nov 18, 2025
8dd0e8c
add: cloudflare dns records
momeemt Nov 18, 2025
96b7256
fix: terraform-providers/* renamed
momeemt Nov 18, 2025
b870f21
add: terraform sops provider
momeemt Nov 18, 2025
322a01e
fix: nix settings for hm#example
momeemt Nov 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions nix/flakes/per-system.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,12 @@
config,
system,
...
}: {
}: let
pkgs-master = import inputs.nixpkgs-master {
inherit system;
config.allowUnfree = true;
};
in {
_module.args.pkgs = import inputs.nixpkgs {
inherit system;
config.allowUnfree = true;
Expand All @@ -20,7 +25,9 @@
];
buildInputs = with pkgs; [
sops
terraform
pkgs-master.terraform
pkgs-master.terraform-providers.cloudflare_cloudflare
pkgs-master.terraform-providers.carlpett_sops
nodejs_24
];
};
Expand Down Expand Up @@ -69,6 +76,7 @@
};
statix.enable = true;
stylua.enable = true;
terraform.enable = true;
yamlfmt.enable = true;
};
settings.global.excludes = [
Expand Down
7 changes: 6 additions & 1 deletion nix/home/example/default.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
{inputs, ...}: {
{
inputs,
pkgs,
...
}: {
imports = [
inputs.nixvim.homeManagerModules.nixvim
../../modules/nixvim
Expand All @@ -9,6 +13,7 @@
../../modules/site/home
];

nix.package = pkgs.nix;
site.home.username = "example";
programs.home-manager.enable = true;
}
6 changes: 4 additions & 2 deletions secrets/secrets.enc.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions terraform/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
.terraform/*
*.tfstate
*.tfstate.*
34 changes: 34 additions & 0 deletions terraform/.terraform.lock.hcl
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

236 changes: 236 additions & 0 deletions terraform/cloudflare.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,236 @@
provider "cloudflare" {
api_token = local.cloudflare_api_token
}

resource "cloudflare_dns_record" "www_dns_record" {
zone_id = local.cloudflare_zone_id
name = "www"
type = "CNAME"
content = "momee.mt"
ttl = 1
proxied = true
comment = "www.momee.mt"
}

resource "cloudflare_dns_record" "root_dns_record" {
zone_id = local.cloudflare_zone_id
name = "momee.mt"
type = "CNAME"
content = "momeemt.github.io"
ttl = 1
proxied = false
comment = "https://github.com/momeemt/momee.mt"
}

resource "cloudflare_dns_record" "blog_dns_record" {
zone_id = local.cloudflare_zone_id
name = "blog"
type = "CNAME"
content = "blog-momee-mt.pages.dev"
ttl = 1
proxied = true
comment = "https://github.com/momeemt/blog.momee.mt"
}

resource "cloudflare_dns_record" "wascaml_dns_record" {
zone_id = local.cloudflare_zone_id
name = "wascaml"
type = "CNAME"
content = "momeemt.github.io"
ttl = 1
proxied = false
comment = "https://github.com/momeemt/wascaml"
}

resource "cloudflare_dns_record" "note_dns_record" {
zone_id = local.cloudflare_zone_id
name = "note"
type = "CNAME"
content = "momeemt.github.io"
ttl = 1
proxied = false
comment = "https://github.com/momeemt/note.momee.mt"
}

resource "cloudflare_dns_record" "beta_blog_dns_record" {
zone_id = local.cloudflare_zone_id
name = "beta.blog"
type = "CNAME"
content = "cname.vercel-dns.com"
ttl = 1
proxied = false
comment = "https://github.com/momeemt/beta.blog.momee.mt"
}

resource "cloudflare_dns_record" "discord_verification" {
zone_id = local.cloudflare_zone_id
name = "_discord"
type = "TXT"
content = "\"dh=2e77ca64445ab63e1f162fcac219561b3c130875\""
ttl = 1
comment = "Discord domain verification"
}

resource "cloudflare_dns_record" "keybase_verification" {
zone_id = local.cloudflare_zone_id
name = "momee.mt"
type = "TXT"
content = "\"keybase-site-verification=uFhhJXlVtYpXOJu1UUm-CLj_z6YwIa1nKAe40aJez6s\""
ttl = 1
comment = "Keybase domain verification"
}

resource "cloudflare_dns_record" "openai_verification" {
zone_id = local.cloudflare_zone_id
name = "openai"
type = "TXT"
content = "\"openai-domain-verification=dv-kKZVqBQ4A8qyubcbqOpsFWEh\""
ttl = 1
comment = "OpenAI domain verification"
}

resource "cloudflare_dns_record" "google_site_verification_1" {
zone_id = local.cloudflare_zone_id
name = "google-site-verification"
type = "TXT"
content = "\"google-site-verification=lJLyU_Pwc5FLoSU3BfswBFEwuovJlgUlwCP8W1_Su-I\""
ttl = 1
comment = "Google site verification 1"
}

resource "cloudflare_dns_record" "google_site_verification_2" {
zone_id = local.cloudflare_zone_id
name = "google-site-verification"
type = "TXT"
content = "\"google-site-verification=nrsbgKT0ypYdJ5Q0jNJi9pc52dWOL_w1jrw38Xf8AUo\""
ttl = 1
comment = "Google site verification 2"
}

resource "cloudflare_dns_record" "gmail_mx_records_1" {
zone_id = local.cloudflare_zone_id
name = "momee.mt"
type = "MX"
priority = 1
content = "aspmx.l.google.com"
ttl = 3600
comment = "Gmail MX record 1"
}

resource "cloudflare_dns_record" "gmail_mx_records_2" {
zone_id = local.cloudflare_zone_id
name = "momee.mt"
type = "MX"
priority = 5
content = "alt1.aspmx.l.google.com"
ttl = 3600
comment = "Gmail MX record 2"
}

resource "cloudflare_dns_record" "gmail_mx_records_3" {
zone_id = local.cloudflare_zone_id
name = "momee.mt"
type = "MX"
priority = 5
content = "alt2.aspmx.l.google.com"
ttl = 3600
comment = "Gmail MX record 3"
}

resource "cloudflare_dns_record" "gmail_mx_records_4" {
zone_id = local.cloudflare_zone_id
name = "momee.mt"
type = "MX"
priority = 10
content = "alt3.aspmx.l.google.com"
ttl = 3600
comment = "Gmail MX record 4"
}

resource "cloudflare_dns_record" "gmail_mx_records_5" {
zone_id = local.cloudflare_zone_id
name = "momee.mt"
type = "MX"
priority = 10
content = "alt4.aspmx.l.google.com"
ttl = 3600
comment = "Gmail MX record 5"
}

resource "cloudflare_dns_record" "dmarc_record" {
zone_id = local.cloudflare_zone_id
name = "_dmarc"
type = "TXT"
content = "\"v=DMARC1; p=none; rua=mailto:[email protected]\""
ttl = 1
comment = "Generated by Cloudflare for DMARC"
}

resource "cloudflare_dns_record" "bluesky_verification" {
zone_id = local.cloudflare_zone_id
name = "_atproto"
type = "TXT"
content = "\"did=did:plc:w5ccyes44tjzyfza56uffbfz\""
ttl = 1
comment = "Bluesky domain verification"
}

resource "cloudflare_dns_record" "sendgrid_link_branding_1" {
zone_id = local.cloudflare_zone_id
name = "39108174"
type = "CNAME"
content = "sendgrid.net"
ttl = 1
proxied = false
comment = "SendGrid Link Branding 1"
}

resource "cloudflare_dns_record" "sendgrid_link_branding_2" {
zone_id = local.cloudflare_zone_id
name = "url5751"
type = "CNAME"
content = "sendgrid.net"
ttl = 1
proxied = false
comment = "SendGrid Link Branding 2"
}

resource "cloudflare_dns_record" "sendgrid_domain_authentication_dkim_1" {
zone_id = local.cloudflare_zone_id
name = "s1._domainkey"
type = "CNAME"
content = "s1.domainkey.u39108174.wl175.sendgrid.net"
ttl = 1
proxied = false
comment = "SendGrid Domain Authentication DKIM 1"
}

resource "cloudflare_dns_record" "sendgrid_domain_authentication_dkim_2" {
zone_id = local.cloudflare_zone_id
name = "s2._domainkey"
type = "CNAME"
content = "s2.domainkey.u39108174.wl175.sendgrid.net"
ttl = 1
proxied = false
comment = "SendGrid Domain Authentication DKIM 2"
}

resource "cloudflare_dns_record" "sendgrid_domain_authentication_spf" {
zone_id = local.cloudflare_zone_id
name = "em40"
type = "CNAME"
content = "u39108174.wl175.sendgrid.net"
ttl = 1
proxied = false
comment = "SendGrid Domain Authentication SPF"
}

resource "cloudflare_dns_record" "calendly_dns_record" {
zone_id = local.cloudflare_zone_id
name = "calendly"
type = "A"
content = "192.0.2.1"
ttl = 1
proxied = true
comment = "https://calendly.com/momeemt/"
}
10 changes: 10 additions & 0 deletions terraform/sops.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
provider "sops" {}

data "sops_file" "secrets" {
source_file = "../secrets/secrets.enc.yml"
}

locals {
cloudflare_api_token = data.sops_file.secrets.data["cloudflare_api_token"]
cloudflare_zone_id = data.sops_file.secrets.data["cloudflare_zone_id"]
}
22 changes: 22 additions & 0 deletions terraform/terraform.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
terraform {
required_version = "1.13.5"

required_providers {
cloudflare = {
source = "cloudflare/cloudflare"
version = "5.12.0"
}

sops = {
source = "carlpett/sops"
version = "1.3.0"
}
}

cloud {
organization = "momeemt"
workspaces {
name = "config"
}
}
}