mirror of
https://github.com/jimeh/terraform-cloudflare-email.git
synced 2026-02-19 01:46:40 +00:00
chore: add Claude Code configuration files
Provide project context and coding guidelines for Claude Code via AGENTS.md (architecture, conventions, commands) and CLAUDE.md (pointer to AGENTS.md). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
49
AGENTS.md
Normal file
49
AGENTS.md
Normal file
@@ -0,0 +1,49 @@
|
|||||||
|
# AGENTS.md
|
||||||
|
|
||||||
|
Terraform module for configuring email-related DNS records and services on
|
||||||
|
Cloudflare. Manages MX, SPF, DMARC, DKIM, TLSRPT, and MTA-STS — including a
|
||||||
|
Cloudflare Worker + KV to serve the MTA-STS policy file.
|
||||||
|
|
||||||
|
## Commands
|
||||||
|
|
||||||
|
- `make docs` — regenerate README input/output tables via `terraform-docs`
|
||||||
|
- `terraform fmt` — format HCL files
|
||||||
|
- `terraform validate` — validate configuration
|
||||||
|
|
||||||
|
Tool versions managed with [mise](https://mise.jdx.dev/) (see `.mise.toml`).
|
||||||
|
|
||||||
|
## Architecture
|
||||||
|
|
||||||
|
Single flat module — all resources in `main.tf`, organized by section comments:
|
||||||
|
|
||||||
|
- **General** — `cloudflare_zone` data source lookup
|
||||||
|
- **MX** — MX records for root domain + optional subdomains, flattened via
|
||||||
|
`locals` into a `for_each` map
|
||||||
|
- **SPF** — single TXT record built from configurable terms list
|
||||||
|
- **TLS SMTP** — TLSRPT TXT record
|
||||||
|
- **MTA-STS** — the most involved piece:
|
||||||
|
- Proxied A/AAAA records for `mta-sts.` subdomain (dummy IPs, Cloudflare
|
||||||
|
proxies the traffic)
|
||||||
|
- `_mta-sts` TXT record with SHA1-based policy version
|
||||||
|
- Workers KV namespace + KV entry holding the rendered policy
|
||||||
|
(`mta-sts.txt.tpl`)
|
||||||
|
- Worker script (`mta-sts.js`) serving the policy from KV
|
||||||
|
- Worker route binding `mta-sts.<domain>/*`
|
||||||
|
- **DMARC** — TXT record assembled from multiple variables with mode
|
||||||
|
abbreviation lookup (`relaxed` → `r`, `strict` → `s`)
|
||||||
|
- **Domain Keys (DKIM)** — `for_each` over a map of DKIM keys, supports both
|
||||||
|
TXT and CNAME record types
|
||||||
|
|
||||||
|
## Conventions
|
||||||
|
|
||||||
|
- All DNS resources use `for_each` (not `count`).
|
||||||
|
- Extensive variable validation blocks with custom error messages.
|
||||||
|
- Section comments (`# MX`, `# SPF`, etc.) separate logical groups in all
|
||||||
|
`.tf` files.
|
||||||
|
- Provider constraint: `cloudflare/cloudflare >= 3.0, < 5.0`.
|
||||||
|
|
||||||
|
## Releases
|
||||||
|
|
||||||
|
Automated via [release-please](https://github.com/googleapis/release-please).
|
||||||
|
Uses conventional commits — pushes to `main` trigger the release-please GitHub
|
||||||
|
Action which manages changelog, version bumps, and GitHub releases.
|
||||||
Reference in New Issue
Block a user