added adeci devblog and fixed cloudflare tunnel conflicting A record issue

Author: adeci

flake.lock

@@ -28,6 +28,7 @@
       url = "github:natsukium/mcp-servers-nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    devblog.url = "github:adeci/devblog";
     buildbot-nix = {
       url = "github:nix-community/buildbot-nix";
       inputs.nixpkgs.follows = "nixpkgs";

flake.nix

@@ -11,6 +11,7 @@ _: {
             ingress = {
               "vault.decio.us" = "http://localhost:8222";
               #"auth.decio.us" = "http://localhost:9080";
+              "adeci.dev" = "http://localhost:3000";
             };
           };
         };

inventory/services/cloudflare-tunnel.nix

@@ -1,7 +1,26 @@
-_: {
+{ inputs, ... }:
+{
   networking = {
     hostName = "sequoia";
   };
 
   time.timeZone = "America/New_York";
+
+  # adeci's dev blog
+  systemd.services.devblog = {
+    description = "adeci's dev blog";
+    after = [ "network.target" ];
+
+    serviceConfig = {
+      Type = "simple";
+      Restart = "always";
+      RestartSec = "10";
+      User = "alex";
+      Group = "users";
+      ExecStart = "${inputs.devblog.packages.x86_64-linux.default}/bin/devblog";
+    };
+  };
+
+  # Start the service but don't wait for it during deployment
+  systemd.targets.multi-user.wants = [ "devblog.service" ];
 }

machines/sequoia/configuration.nix

@@ -121,6 +121,11 @@ for HOSTNAME in $HOSTNAMES; do
   # Get everything before the base domain as subdomain
   SUBDOMAIN="${HOSTNAME%."$BASE_DOMAIN"}"
 
+  # Handle root domain case (when hostname equals base domain)
+  if [ "$SUBDOMAIN" = "$HOSTNAME" ]; then
+    SUBDOMAIN="@"
+  fi
+
   # Get zone ID for this domain
   ZONE_RESPONSE=$(curl -sf "https://api.cloudflare.com/client/v4/zones?name=$BASE_DOMAIN" \
     -H "Authorization: Bearer $API_TOKEN" \
@@ -133,18 +138,21 @@ for HOSTNAME in $HOSTNAMES; do
     exit 1
   fi
 
-  # Check/Create DNS record
-  DNS_RECORDS=$(curl -sf \
-    "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records?type=CNAME&name=${HOSTNAME}" \
+  # Check for existing DNS records (any type)
+  ALL_RECORDS=$(curl -sf \
+    "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records?name=${HOSTNAME}" \
     -H "Authorization: Bearer $API_TOKEN" \
     -H "Content-Type: application/json")
 
-  RECORD_COUNT=$(echo "$DNS_RECORDS" | jq -r '.result | length')
+  # Check specifically for CNAME records
+  CNAME_RECORDS=$(echo "$ALL_RECORDS" | jq -r '.result[] | select(.type == "CNAME")')
+  CNAME_COUNT=$(echo "$CNAME_RECORDS" | jq -s 'length')
+
   TUNNEL_TARGET="$TUNNEL_ID.cfargotunnel.com"
 
-  if [ "$RECORD_COUNT" -gt 0 ]; then
-    RECORD_ID=$(echo "$DNS_RECORDS" | jq -r '.result[0].id')
-    CURRENT_TARGET=$(echo "$DNS_RECORDS" | jq -r '.result[0].content')
+  if [ "$CNAME_COUNT" -gt 0 ]; then
+    RECORD_ID=$(echo "$CNAME_RECORDS" | jq -r '.id')
+    CURRENT_TARGET=$(echo "$CNAME_RECORDS" | jq -r '.content')
 
     if [ "$CURRENT_TARGET" = "$TUNNEL_TARGET" ]; then
       echo "✓ DNS record for ${HOSTNAME} already correct"
@@ -163,6 +171,20 @@ for HOSTNAME in $HOSTNAMES; do
       echo "✓ DNS record for ${HOSTNAME} updated"
     fi
   else
+    # Check for conflicting A/AAAA records and delete them
+    CONFLICTING_RECORDS=$(echo "$ALL_RECORDS" | jq -r '.result[] | select(.type == "A" or .type == "AAAA") | .id')
+
+    if [ -n "$CONFLICTING_RECORDS" ]; then
+      echo "Removing conflicting A/AAAA records for ${HOSTNAME}..."
+      echo "$CONFLICTING_RECORDS" | while read -r record_id; do
+        if [ -n "$record_id" ]; then
+          curl -sf -X DELETE \
+            "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$record_id" \
+            -H "Authorization: Bearer $API_TOKEN" > /dev/null
+        fi
+      done
+    fi
+
     echo "Creating DNS record for ${HOSTNAME}..."
     curl -sf -X POST \
       "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records" \