terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
    }
  }
}

resource "cloudflare_dns_record" "proxy_ipv4" {
  zone_id = var.domain_zone_id
  name    = "${var.domain_name}"
  content = var.pangolin-proxy-v4
  comment = "Azure VPS"
  type    = "A"
  proxied = false
  ttl     = 1
}

resource "cloudflare_dns_record" "proxy_ipv6" {
  zone_id = var.domain_zone_id
  name    = "${var.domain_name}"
  content = var.pangolin-proxy-v6
  comment = "Azure VPS"
  type    = "AAAA"
  proxied = false
  ttl     = 1
}


resource "cloudflare_dns_record" "subdomains_ipv4" {
  zone_id = var.domain_zone_id
  name    = "*.${var.domain_name}"
  content = var.pangolin-proxy-v4
  comment = "Azure VPS"
  type    = "A"
  proxied = false
  ttl     = 1
}

resource "cloudflare_dns_record" "subdomains_ipv6" {
  zone_id = var.domain_zone_id
  name    = "*.${var.domain_name}"
  content = var.pangolin-proxy-v6
  comment = "Azure VPS"
  type    = "AAAA"
  proxied = false
  ttl     = 1
}

# ── CDN-proxied subdomains ───────────────────────────────────
# Specific records with proxied=true override the wildcard for
# these subdomains, enabling Cloudflare edge caching.

resource "cloudflare_dns_record" "cdn_ipv4" {
  for_each = toset(var.cdn_subdomains)

  zone_id = var.domain_zone_id
  name    = "${each.value}.${var.domain_name}"
  content = var.pangolin-proxy-v4
  comment = "CDN-proxied via Cloudflare"
  type    = "A"
  proxied = true
  ttl     = 1
}

resource "cloudflare_dns_record" "cdn_ipv6" {
  for_each = toset(var.cdn_subdomains)

  zone_id = var.domain_zone_id
  name    = "${each.value}.${var.domain_name}"
  content = var.pangolin-proxy-v6
  comment = "CDN-proxied via Cloudflare"
  type    = "AAAA"
  proxied = true
  ttl     = 1
}