infra/dns/README.md

DNS Infrastructure

Pulumi project managing all studyflash.* Cloudflare zones, DNS records, and redirect rulesets.

DNS Infrastructure

Pulumi project managing all studyflash.* Cloudflare zones, DNS records, and redirect rulesets.

Managed domains

DomainPurpose
studyflash.aiPrimary domain — landing page, app, API, email
studyflash.chInternal services, landing page, redirects to .ai
studyflash.devDev environments + internal tools — wildcard A + Zero Trust access
studyflash.atRedirect → studyflash.ai/de
studyflash.comRedirect → studyflash.ai
studyflash.deRedirect → studyflash.ai/de
studyflash.euRedirect → studyflash.ai
studyflash.frRedirect → studyflash.ai/fr
studyflash.itRedirect → studyflash.ai/it
studyflash.nlRedirect → studyflash.ai/nl

File structure

index.ts                    Engine — loops over zone configs, creates Pulumi resources
types.ts                    Shared types (DnsRecord, Redirect, ZoneConfig)
zones/
  studyflash.ai.ts          DNS records + geofence redirect ruleset
  studyflash.ch.ts          DNS records + redirect ruleset
  studyflash.dev.ts         Wildcard DNS + Zero Trust access app
  redirects.ts              Simple redirect domains (at, com, de, eu, fr, it, nl)

Adding a DNS record

Edit the zone file (e.g. zones/studyflash.ai.ts) and add an entry to the records array:

{ name: 'new-subdomain', type: 'CNAME', content: 'target.example.com', ttl: 3600 },

Run pnpm preview to verify, then merge to main — CI runs pulumi up automatically.

Adding a new redirect domain

Add a row to zones/redirects.ts:

{ tld: 'es', zoneId: '<cloudflare-zone-id>', locale: 'es' },

Usage

pnpm preview      # diff against live state (via infisical)
pnpm run pulumi:up # apply changes
pnpm typecheck    # type-check
pnpm format       # apply prettier

Prerequisites

  • Pulumi CLI
  • Infisical CLI (authenticated)
  • pnpm

State is stored in an R2 bucket accessed via PULUMI_BACKEND_URL from Infisical.