Initial setup for DNS management

.editorconfig

@@ -0,0 +1,12 @@
+# http://editorconfig.org
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.md]
+trim_trailing_whitespace = false

.github/workflows/terraform.yml

@@ -0,0 +1,48 @@
+name: 'Terraform'
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+
+    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v2
+      with:
+        cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+    # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
+    - name: Terraform Init
+      run: terraform init
+
+    # Checks that all Terraform configuration files adhere to a canonical format
+    - name: Terraform Format
+      run: terraform fmt -check
+
+    # Generates an execution plan for Terraform
+    - name: Terraform Plan
+      run: terraform plan -input=false
+
+      # On push to "main", build or change infrastructure according to Terraform configuration files
+      # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
+    - name: Terraform Apply
+      if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+      run: terraform apply -auto-approve -input=false

.gitignore

@@ -7,14 +7,12 @@
 
 # Crash log files
 crash.log
-crash.*.log
 
-# Exclude all .tfvars files, which are likely to contain sensitive data, such as
-# password, private keys, and other secrets. These should not be part of version 
-# control as they are data points which are potentially sensitive and subject 
-# to change depending on the environment.
-*.tfvars
-*.tfvars.json
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
 
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
@@ -24,11 +22,14 @@ override.tf.json
 *_override.tf.json
 
 # Include override files you do wish to add to version control using negated pattern
+#
 # !example_override.tf
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
 
-# Ignore CLI configuration files
-.terraformrc
-terraform.rc
+
+# OTHER
+*.env
+.vscode/
+IGNORE/

README.md

@@ -1,2 +1,26 @@
-# cloudflare-terraform
-Repository to manage Cloudflare settings using Terraform
+# Cloudflare Infrastructure
+
+Repository to manage Node.js Cloudflare settings using Terraform
+
+### Contributing
+
+To modify the Cloudflare settings, you must fork/clone this repository and submit a pull request with the changes. Any alterations made in the `main` branch will be deployed to the Cloudflare account automatically.
+
+### Historical Context
+
+Today, we use Terraform to manage DNS records in Cloudflare. Previously, we used the Cloudflare UI for this task. To begin using Terraform, we cloned the Cloudflare settings and migrated them as the initial Terraform state using the utility cf-terraforming. This step was completed only once, and the state was stored in Terraform Cloud.
+
+Since the imported resources had non-human friendly names like "terraform_managed_resource_*," we cannot change their names to prevent recreation or updates of the resources. However, we can use our own naming conventions for new Terraform resources, and there is no need to run the cf-terraforming utility again.
+
+
+#### Side notes
+
+- Terraform version `Terraform v1.4.5 on darwin_amd64`
+- Use [Cloudflare Terraforming](https://github.com/cloudflare/cf-terraforming) to bring the cloudflare resources, like `cf-terraforming generate --resource-type "cloudflare_record" --zone {ZONE_ID} --token {TOKEN} > imported.tf` and then import them to the state `cf-terraforming import --resource-type "cloudflare_record" --zone {ZONE_ID} --token {TOKEN}`
+- Use Terraform cloud to safely store the state 
+- Add the token `TF_API_TOKEN` in the Github actions with a valid Terraform cloud API Key
+
+#### Reference
+- [Terraform Cheatsheet](https://acloudguru.com/blog/engineering/the-ultimate-terraform-cheatsheet)
+- [Youtube | Automate Cloudflare with Terraform and GitHub Actions! - Terraform Tutorial for Beginners](https://www.youtube.com/watch?v=FmYvrxYvBP0)
+- [Techno Tim Docs | Automate Cloudflare with Terraform and GitHub Actions! - Terraform Tutorial for Beginners](https://docs.technotim.live/posts/terraform-cloudflare-github/)

cloudflare.tf

@@ -0,0 +1,18 @@
+terraform {
+  cloud {
+    organization = "nodejs"
+
+    workspaces {
+      name = "nodejs-cloudflare"
+    }
+  }
+  required_providers {
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "cloudflare" {
+}

dns_iojs_org.tf

@@ -0,0 +1,146 @@
+resource "cloudflare_record" "terraform_managed_resource_1913231cd4f209515037c1ffee5d4a27" {
+  name    = "direct"
+  proxied = false
+  ttl     = 1
+  type    = "A"
+  value   = "138.197.224.240"
+  zone_id = "8c96c2859d246364a9b78b2fee7bee49"
+}
+
+resource "cloudflare_record" "terraform_managed_resource_0f6b6757054fdba56c054cca6aecc9be" {
+  name    = "iojs.org"
+  proxied = false
+  ttl     = 1
+  type    = "A"
+  value   = "138.197.224.240"
+  zone_id = "8c96c2859d246364a9b78b2fee7bee49"
+}
+
+resource "cloudflare_record" "terraform_managed_resource_3e025abdebca0ae6576a71a2c26d2c1b" {
+  name    = "www"
+  proxied = false
+  ttl     = 1
+  type    = "A"
+  value   = "138.197.224.240"
+  zone_id = "8c96c2859d246364a9b78b2fee7bee49"
+}
+
+resource "cloudflare_record" "terraform_managed_resource_b33f8bbe47906fef181a1592437fd95a" {
+  name    = "iojs.org"
+  proxied = true
+  ttl     = 1
+  type    = "AAAA"
+  value   = "2604:a880:400:d1::a3c:f001"
+  zone_id = "8c96c2859d246364a9b78b2fee7bee49"
+}
+
+resource "cloudflare_record" "terraform_managed_resource_f356629b68819fd225bdd3394c12b560" {
+  name    = "www"
+  proxied = true
+  ttl     = 1
+  type    = "AAAA"
+  value   = "2604:a880:400:d1::a3c:f001"
+  zone_id = "8c96c2859d246364a9b78b2fee7bee49"
+}
+
+resource "cloudflare_record" "terraform_managed_resource_bddb08d52eb2227d0dc3e4f7ce056c8b" {
+  name    = "_19b4f8a51243a804259af6d5b2490cbf"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  value   = "0fa21492b60cd77cef88dd04e54a6c9b.d5ddcd1a90d12402e4751fb51f52d610.w0936042001502710049.comodoca.com"
+  zone_id = "8c96c2859d246364a9b78b2fee7bee49"
+}
+
+resource "cloudflare_record" "terraform_managed_resource_ddd771da56ee034b1d3203b2c67bbfeb" {
+  name    = "email.iojs.org"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  value   = "mailgun.org"
+  zone_id = "8c96c2859d246364a9b78b2fee7bee49"
+}
+
+resource "cloudflare_record" "terraform_managed_resource_1aad4db1f51e00a30cb1d81e5150e32c" {
+  name    = "logos"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  value   = "iojs.org"
+  zone_id = "8c96c2859d246364a9b78b2fee7bee49"
+}
+
+resource "cloudflare_record" "terraform_managed_resource_a78309035efe195a7a2607c3f52e7f15" {
+  name    = "new-nodejs"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  value   = "www.iojs.org"
+  zone_id = "8c96c2859d246364a9b78b2fee7bee49"
+}
+
+resource "cloudflare_record" "terraform_managed_resource_e146702ef04508a564c99f69e84e78e7" {
+  name    = "roadmap"
+  proxied = false
+  ttl     = 1
+  type    = "CNAME"
+  value   = "iojs.org"
+  zone_id = "8c96c2859d246364a9b78b2fee7bee49"
+}
+
+resource "cloudflare_record" "terraform_managed_resource_78ef7407c3d14a5c679084b035abe76b" {
+  name     = "iojs.org"
+  priority = 10
+  proxied  = false
+  ttl      = 1
+  type     = "MX"
+  value    = "mxb.mailgun.org"
+  zone_id  = "8c96c2859d246364a9b78b2fee7bee49"
+}
+
+resource "cloudflare_record" "terraform_managed_resource_73d56ede702145a55657302ed70a4def" {
+  name     = "iojs.org"
+  priority = 10
+  proxied  = false
+  ttl      = 1
+  type     = "MX"
+  value    = "mxa.mailgun.org"
+  zone_id  = "8c96c2859d246364a9b78b2fee7bee49"
+}
+
+resource "cloudflare_record" "terraform_managed_resource_fe6cb302ca689b99a71a55c503ddba72" {
+  name    = "_dmarc"
+  proxied = false
+  ttl     = 1
+  type    = "TXT"
+  value   = "v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; sp=reject; ri=86400"
+  zone_id = "8c96c2859d246364a9b78b2fee7bee49"
+}
+
+resource "cloudflare_record" "terraform_managed_resource_a586614f723184920a970d2967a5b0f8" {
+  name    = "iojs.org"
+  proxied = false
+  ttl     = 1
+  type    = "TXT"
+  value   = "\"google-site-verification=sLdkuluh-xi3YZs_Uhobiw1XA_Wjalt8D8O_2jiwudg\""
+  zone_id = "8c96c2859d246364a9b78b2fee7bee49"
+}
+
+resource "cloudflare_record" "terraform_managed_resource_1d4e8509d885efb04761863b0493cbfc" {
+  name    = "iojs.org"
+  proxied = false
+  ttl     = 1
+  type    = "TXT"
+  value   = "\"v=spf1 include:mailgun.org ~all\""
+  zone_id = "8c96c2859d246364a9b78b2fee7bee49"
+}
+
+resource "cloudflare_record" "terraform_managed_resource_8966613ab75b29a56f3c787f8bb10e56" {
+  name    = "mailo._domainkey"
+  proxied = false
+  ttl     = 1
+  type    = "TXT"
+  value   = "\"k=rsa\\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBvSPBv8CLasvSnADi672NJNMa2hK0CTuTIpzCLIz1hfZKcFybimLDvMGFTAhxG3SnQOT9Torm4Ep16kIxjl6c2ms1fmoZr7e0iia4l45vO0/mYs3sZJIOlGDh1r0Vwr6aOB5eJL3D41+HPfdw236mTX+v+W6swQNCHrlXZeIoTQIDAQAB\""
+  zone_id = "8c96c2859d246364a9b78b2fee7bee49"
+}
+