From 8ac79d33000762cf3ac5854695872659cd239903 Mon Sep 17 00:00:00 2001
From: Jeremie Fraeys <jfaeys@gmail.com>
Date: Wed, 21 Jan 2026 14:43:43 -0500
Subject: [PATCH] feat(terraform): add services-ssh DNS record

Add non-proxied Cloudflare A/AAAA records for services-ssh to support infra-controller SSH access.
---
 terraform/main.tf | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/terraform/main.tf b/terraform/main.tf
index 064a4c8..34cf7e6 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -164,6 +164,26 @@ resource "cloudflare_record" "services_aaaa" {
   proxied = true
 }
 
+resource "cloudflare_record" "services_ssh_a" {
+  count   = var.enable_cloudflare_dns ? 1 : 0
+  zone_id = var.cloudflare_zone_id
+  name    = "services-ssh"
+  type    = "A"
+  content = sort(tolist(linode_instance.services.ipv4))[0]
+  ttl     = 1
+  proxied = false
+}
+
+resource "cloudflare_record" "services_ssh_aaaa" {
+  count   = var.enable_cloudflare_dns ? 1 : 0
+  zone_id = var.cloudflare_zone_id
+  name    = "services-ssh"
+  type    = "AAAA"
+  content = split("/", linode_instance.services.ipv6)[0]
+  ttl     = 1
+  proxied = false
+}
+
 resource "cloudflare_record" "grafana_a" {
   count   = var.enable_cloudflare_dns ? 1 : 0
   zone_id = var.cloudflare_zone_id