diff --git a/main.tf b/main.tf
index 72a7836..51368ed 100644
--- a/main.tf
+++ b/main.tf
@@ -1,37 +1,37 @@
 terraform {
   required_providers {
     desec = {
-      source = "Valodim/desec"
+      source  = "Valodim/desec"
       version = "0.5.0"
     }
     sops = {
-      source = "carlpett/sops"
+      source  = "carlpett/sops"
       version = "1.1.1"
     }
   }
 
   backend "s3" {
-     bucket = "tfstate"                       # Name of the S3 bucket
-     endpoints = {
-         s3 = "http://192.168.76.2:8502"      # Minio endpoint
-     }
-     key = "dns-management/desec-io.tfstate"  # Name of the tfstate file
-     workspace_key_prefix="tfstate"
+    bucket = "tfstate" # Name of the S3 bucket
+    endpoints = {
+      s3 = "http://192.168.76.2:8502" # Minio endpoint
+    }
+    key                  = "dns-management/desec-io.tfstate" # Name of the tfstate file
+    workspace_key_prefix = "tfstate"
 
-    
-     profile = "minio"                        # aws profile
-     region = "us-east-1"                     # Region validation will be skipped
-     skip_credentials_validation = true       # Skip AWS related checks and validations
-     skip_requesting_account_id = true
-     skip_metadata_api_check = true
-     skip_region_validation = true
-     skip_s3_checksum = true
-     use_path_style = true                    # Enable path-style S3 URLs (https://<HOST>/<BUCKET> https://developer.hashicorp.com/terraform/language/settings/backends/s3#use_path_style
+
+    profile                     = "minio"     # aws profile
+    region                      = "us-east-1" # Region validation will be skipped
+    skip_credentials_validation = true        # Skip AWS related checks and validations
+    skip_requesting_account_id  = true
+    skip_metadata_api_check     = true
+    skip_region_validation      = true
+    skip_s3_checksum            = true
+    use_path_style              = true # Enable path-style S3 URLs (https://<HOST>/<BUCKET> https://developer.hashicorp.com/terraform/language/settings/backends/s3#use_path_style
   }
 }
 
-provider sops {}
+provider "sops" {}
 
-provider desec {
-  api_token = data.sops_file.desec_secrets.data["desec_api"]
+provider "desec" {
+  api_token = data.sops_file.secrets.data["desec_api"]
 }
diff --git a/nayeonie.com.tf b/nayeonie.com.tf
index f38bbfa..ef38e94 100644
--- a/nayeonie.com.tf
+++ b/nayeonie.com.tf
@@ -1,3 +1,40 @@
 resource "desec_domain" "nayeonie_com" {
   name = "nayeonie.com"
 }
+
+resource "desec_rrset" "wildcard_nayeonie_com_cname" {
+  domain     = "nayeonie.com"
+  subname    = "*"
+  type       = "CNAME"
+  records    = ["alicehuston.duckdns.org."]
+  ttl        = 3600
+  depends_on = [desec_domain.nayeonie_com]
+}
+
+# not needed as its dynamically created
+# resource "desec_rrset" "nayeonie_com_ns" {
+#   domain  = "nayeonie.com"
+#   subname = ""
+#   type    = "NS"
+#   records = ["ns2.desec.org.", "ns1.desec.io."]
+#   ttl     = 3600
+#   depends_on = [desec_domain.nayeonie_com]
+# }
+
+resource "desec_rrset" "tiktok_txt" {
+  domain     = "nayeonie.com"
+  subname    = ""
+  type       = "TXT"
+  records    = [trim(data.sops_file.secrets.data["tiktok_txt"], "\"")]
+  ttl        = 3600
+  depends_on = [desec_domain.nayeonie_com]
+}
+
+resource "desec_rrset" "gitea_nayeonie_com_srv" {
+  domain     = "nayeonie.com"
+  subname    = "_gitea._tcp"
+  type       = "SRV"
+  records    = ["0 100 2222 nayeonie.com."]
+  ttl        = 3600
+  depends_on = [desec_domain.nayeonie_com]
+}
diff --git a/secrets.json b/secrets.json
index 0c3afab..a8985ac 100644
--- a/secrets.json
+++ b/secrets.json
@@ -1,5 +1,6 @@
 {
-	"desec_api": "ENC[AES256_GCM,data:85Gl1Is17tPKMVfqF92AowFjRfPMuO92U8M71A==,iv:NcpQ5c6WTx/02h/tlnpkmyFKBKRMcg9TMNL5tQikZGs=,tag:5M3pSts5AWqODijQIh7MiA==,type:str]",
+	"desec_api": "ENC[AES256_GCM,data:3l1SNtRY6Cto3+CwkcJc95IjzHqa+G+Hbe2/yw==,iv:12m1GaG4ZNiWPqSZp1hmBJsbXqUjMn3hOf9bKHaGZuQ=,tag:aKJ8o/2alhzmoPB5dVvRQQ==,type:str]",
+	"tiktok_txt": "ENC[AES256_GCM,data:3sNHYlsJuCgJoDZ6A8RxbXGMwP760qjE8es0Px2HTJJ12eqtK1aB62OP7SJFVFHVm43gg3TUlhtVMffE51Q1TItawiA=,iv:gvcULZVb4EdrtJT9V1uJ8twoCf6pBO5BOGULdQCT5Tw=,tag:LT2EjnlBKQdfOlqxvwzWRw==,type:str]",
 	"sops": {
 		"kms": null,
 		"gcp_kms": null,
@@ -19,8 +20,8 @@
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUQ0ZEQ0prNjZiZzV6YnlG\nTWlHQk1mV0t2ZE1peFFsdWIybXdVdWh3ZGg0ClJhc3ZsZk10Ti9CbU4yMk8xZ3JS\nQUNXbWtyRXJ6amFBejg0NVhNQmk0MXMKLS0tIHJrVmhETmxOYUV6S3JtY1BVa09i\nSW9wV0pvNWx6ZEZDVE5Hc2syVVo2NjQKV16Dq1BJr/mIsnZMlH04WOIwi2CK2GIV\nc1Rpi1b2GXeXr0avCyhilCBgVJU+R9mEwunm7vfbBjD/hyEZXSYaVg==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2025-02-14T20:50:25Z",
-		"mac": "ENC[AES256_GCM,data:9v0vlgUiYXsOAIewL6S33tMXk9rDZX/LDZWqR+oVl9ZzA/82nTKNzP1oHakN2vTP2zl7YarGiBFZgYen0DQeNiFP+HurAASjyGI3dNY62Fr8QjvDKU0/aYVkSD57/Y2oiPhsBY57NOxP7Y8Aw/nCVoGp1zlG54V3Q6KDBpGBEMQ=,iv:WypPyIyxbY9Cr9xgAvJ2TpttG1+ipPpjjkNgx0PT5R8=,tag:iT0S+PZa8g2i+ttHfCeDlA==,type:str]",
+		"lastmodified": "2025-02-14T22:18:09Z",
+		"mac": "ENC[AES256_GCM,data:oy6AH5kB2NTkTGq9smpEB8qWoRnnrJPbm++qDFWOJoeyExA6OFkZg78UGQSDzUf04nGqN7XQIiErZc2J5aPayu3XSOM78LwJ/ZsX3q+Fm3cpVgZKjuwLfxVebGYA+DCJtyvdbI8SlLL9U4Z+SeBnF9cCCg3Gcp0oRiJUJvwx73E=,iv:wGOAe27/vn0h02ylHzX2Ru/oIFRhPQRj3sA+gx8cxlE=,tag:f9MzqGtPvAVHqso0VNuKQQ==,type:str]",
 		"pgp": [
 			{
 				"created_at": "2025-02-14T20:43:56Z",
diff --git a/secrets.tf b/secrets.tf
index 183c0dc..0811779 100644
--- a/secrets.tf
+++ b/secrets.tf
@@ -1,3 +1,3 @@
-data "sops_file" "desec_secrets" {
+data "sops_file" "secrets" {
   source_file = "secrets.json"
 }