diff --git a/provisioning/main.tf b/provisioning/main.tf
index 8cd9047..d60c284 100644
--- a/provisioning/main.tf
+++ b/provisioning/main.tf
@@ -3,10 +3,15 @@ terraform {
   required_providers {
     hcloud = {
       source = "hetznercloud/hcloud"
+      version = "~> 1.0"
     }
     sops = {
       source  = "carlpett/sops"
-      version = "~> 0.5"
+      version = "~> 1.0"
+    }
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 4.0"
     }
   }
   required_version = ">= 0.13"
@@ -25,6 +30,10 @@ provider "hcloud" {
 
 provider "sops" {}
 
+provider "cloudflare" {
+  api_token = var.cloudflare_api_token
+}
+
 data "sops_file" "secrets" {
   source_file = "secrets.enc.yaml"
 }
@@ -100,6 +109,20 @@ resource "hcloud_firewall" "cluster-firewall" {
   }
 }
 
+data "cloudflare_zones" "domain" {
+  filter {
+    name = data.sops_file.secrets.data["domain_name"]
+  }
+}
+
+resource "cloudflare_record" "cluster" {
+  zone_id = data.cloudflare_zones.domain.zones[0].id
+  name    = "@"
+  value   = hcloud_server.cluster.ipv4_address
+  type    = "A"
+  proxied = false
+}
+
 output "server_ip" {
   value = hcloud_server.cluster.ipv4_address
 }
\ No newline at end of file
diff --git a/provisioning/variables.tf b/provisioning/variables.tf
index 0d5f637..3956b3b 100644
--- a/provisioning/variables.tf
+++ b/provisioning/variables.tf
@@ -3,3 +3,9 @@ variable "hcloud_token" {
   type        = string
   sensitive   = true
 }
+
+variable "cloudflare_api_token" {
+  description = "Cloudflare API Token"
+  type        = string
+  sensitive   = true
+}
\ No newline at end of file