Paul Tibbetts Profile Photo

Paul Tibbetts

DevOps Engineer

IaC

    Setting up my Micro.blog sub-domain using IaC, Terraform and Cloudflare

    The last step to setting up my new Micro.blog was to use it from my own domain.

    I debated using it exclusively at paultibbetts.uk but I want to work on my own blog for that address.

    So I’m going to use Micro.blog as… my microblog… at micro.paultibbetts.uk.

    Instead of doing it by hand on Cloudflare’s website I wrote it down as code.

    Infrastructure as Code

    Writing down your infrastructure as code has a lot of benefits:

    • it’s in one central place instead of spread out in different UIs on different sites
    • it can be version controlled
    • it can be readable by robots as well as other humans

    You can use tools like Terraform, OpenTofu or Pulumi to do this.

    Terraform

    I’m using Terraform at the moment. I might look into Pulumi in the future.

    Terraform uses HCL for its configuration.

    main.tf

    terraform {
  required_providers {
    cloudflare = {
      source  = "cloudflare/cloudflare"
      version = "~> 4.0"
    }
  }
}

    My domain is managed by Cloudflare so at the start of my code I tell Terraform to use the cloudflare/cloudflare provider. This means I can manage different things in Cloudflare using a few settings.

    provider "cloudflare" {
  api_token = var.cloudflare_api_token
}

    Next I tell the Cloudflare provider to use a variable for my API token.

    data "cloudflare_zone" "paultibbetts_dot_uk" {
  name = "paultibbetts.uk"
}

    Originally I asked ChatGPT how to do this, and it was technically correct, but it wanted me to go on the Cloudflare site, go to my domain, and copy the zone_id to pass in as a variable. Which is missing the point of doing this with code.

    Instead, using data means this block is a data source, called paultibbetts_dot_uk, which uses Cloudflare’s cloudflare_zone module to get a zone (domain) with a name of paultibbetts.uk.

    I don’t know or care what the ID is and I can automate the process of finding it out.

    resource "cloudflare_record" "microblog" {
  zone_id = data.cloudflare_zone.paultibbetts_dot_uk.id
  name    = "micro"
  type    = "CNAME"
  value   = "paultibbetts.micro.blog"
  ttl     = 300
}

    When I create a cloudflare_record resource, called microblog, I can use the data source to get the ID of the zone for which domain the CNAME record should be added to.

    vars.tf

    variable "cloudflare_api_token" {
  type        = string
  description = "api token"
}

    Because I don’t want to write down my API token in my code I set it up as a variable.

    I can now pass in the token when I run Terraform:

    terraform apply \ 
-var cloudflare_api_token="********" \

    but I prefer loading it in as an environment variable.

    You can do this by prefixing the variable with TF_VAR:

    # secrets.sh
export TF_VAR_cloudflare_api_token=********

    and remembering to source this file before you run Terraform commands

    source secrets.sh
terraform apply

    apply

    Now I can run terraform apply, confirm the proposed changes, and Terraform will use the Cloudlfare API to add the CNAME to my domain for me.

    After making a quick change in Micro.blog I’m live at my own domain 🥳