jimeh/terraform-cloudflare-email
1
0
Fork 0
mirror of https://github.com/jimeh/terraform-cloudflare-email.git synced 2026-02-19 09:56:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
feat/cloudflare-provider-v5
terraform-cloudflare-email/AGENTS.md
Jim Myhrberg bd2e0128df chore: add Claude Code configuration files 
Provide project context and coding guidelines for Claude Code via
AGENTS.md (architecture, conventions, commands) and CLAUDE.md (pointer
to AGENTS.md).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 14:12:11 +00:00

2.0 KiB
Raw Permalink Blame History

AGENTS.md

Terraform module for configuring email-related DNS records and services on Cloudflare. Manages MX, SPF, DMARC, DKIM, TLSRPT, and MTA-STS — including a Cloudflare Worker + KV to serve the MTA-STS policy file.

Commands

  • make docs — regenerate README input/output tables via terraform-docs
  • terraform fmt — format HCL files
  • terraform validate — validate configuration

Tool versions managed with mise (see .mise.toml).

Architecture

Single flat module — all resources in main.tf, organized by section comments:

  • Generalcloudflare_zone data source lookup
  • MX — MX records for root domain + optional subdomains, flattened via locals into a for_each map
  • SPF — single TXT record built from configurable terms list
  • TLS SMTP — TLSRPT TXT record
  • MTA-STS — the most involved piece:
    • Proxied A/AAAA records for mta-sts. subdomain (dummy IPs, Cloudflare proxies the traffic)
    • _mta-sts TXT record with SHA1-based policy version
    • Workers KV namespace + KV entry holding the rendered policy (mta-sts.txt.tpl)
    • Worker script (mta-sts.js) serving the policy from KV
    • Worker route binding mta-sts.<domain>/*
  • DMARC — TXT record assembled from multiple variables with mode abbreviation lookup (relaxedr, stricts)
  • Domain Keys (DKIM)for_each over a map of DKIM keys, supports both TXT and CNAME record types

Conventions

  • All DNS resources use for_each (not count).
  • Extensive variable validation blocks with custom error messages.
  • Section comments (# MX, # SPF, etc.) separate logical groups in all .tf files.
  • Provider constraint: cloudflare/cloudflare >= 3.0, < 5.0.

Releases

Automated via release-please. Uses conventional commits — pushes to main trigger the release-please GitHub Action which manages changelog, version bumps, and GitHub releases.