diff --git a/docs/architecture/dns.md b/docs/architecture/dns.md index 6150d226..fe959b52 100644 --- a/docs/architecture/dns.md +++ b/docs/architecture/dns.md @@ -368,6 +368,7 @@ The Cloudflare tunnel uses a **wildcard rule** (`*.viktorbarzin.me → Traefik`) | TXT (MTA-STS) | 1 | `v=STSv1; id=20260412` | TLS enforcement | | TXT (TLSRPT) | 1 | `v=TLSRPTv1; rua=mailto:postmaster@...` | TLS reporting | | A (keyserver) | 1 | `130.162.165.220` (Oracle VPS) | PGP keyserver | +| CNAME (CF Pages) | 1 | `most-6if.pages.dev` (Cloudflare Pages) | `most` — static site hosted off-infra on CF Pages, content deployed via wrangler | ### Proxied vs Non-Proxied diff --git a/stacks/cloudflared/modules/cloudflared/cloudflare.tf b/stacks/cloudflared/modules/cloudflared/cloudflare.tf index ad4d9de8..58d87333 100644 --- a/stacks/cloudflared/modules/cloudflared/cloudflare.tf +++ b/stacks/cloudflared/modules/cloudflared/cloudflare.tf @@ -235,6 +235,18 @@ resource "cloudflare_record" "keyserver" { zone_id = var.cloudflare_zone_id } +# Cloudflare Pages site "мост" (ОбУ „Отец Паисий“ school static site). +# Content is deployed off-infra to the Pages project `most` via +# `wrangler pages deploy`; this record just points the custom domain at it. +resource "cloudflare_record" "most_pages" { + content = "most-6if.pages.dev" + name = "most" + proxied = true + ttl = 1 + type = "CNAME" + zone_id = var.cloudflare_zone_id +} + # Enable HTTP/3 (QUIC) for Cloudflare-proxied domains resource "cloudflare_zone_settings_override" "http3" { zone_id = var.cloudflare_zone_id