aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorclarkzjw <[email protected]>2023-01-13 21:49:44 -0800
committerclarkzjw <[email protected]>2023-01-13 21:49:44 -0800
commit4f274f77122479d16d74ade9a0867da71cdf3cee (patch)
tree5cd696e4404242724766499eddf95ee0f9eeefc1
parentcecb49a197e11a87e8964da965e52a25eba96414 (diff)
downloadhomelab-4f274f77122479d16d74ade9a0867da71cdf3cee.tar.gz
cloudflare: reorder
-rw-r--r--clarkzjw.cc/infra/cloudflare.tf117
-rw-r--r--clarkzjw.cc/infra/cloudflare_access.tf22
-rw-r--r--clarkzjw.cc/infra/dns.tf72
-rw-r--r--clarkzjw.cc/infra/random.tf3
-rw-r--r--clarkzjw.cc/infra/tunnel.tf22
5 files changed, 119 insertions, 117 deletions
diff --git a/clarkzjw.cc/infra/cloudflare.tf b/clarkzjw.cc/infra/cloudflare.tf
index 13e7f41..0361bba 100644
--- a/clarkzjw.cc/infra/cloudflare.tf
+++ b/clarkzjw.cc/infra/cloudflare.tf
@@ -7,120 +7,3 @@ data "cloudflare_zones" "homelab_main_domain" {
7 name = var.homelab_main_domain 7 name = var.homelab_main_domain
8 } 8 }
9} 9}
10
11# www
12variable "homelab_www_domain" {
13 default = "clarkzjw.cc"
14}
15
16variable "homelab_www_ip" {
17 default = "8.8.8.8"
18}
19
20resource "cloudflare_record" "main" {
21 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
22 name = var.homelab_www_domain
23 value = var.homelab_www_ip
24 type = "A"
25
26 ttl = 1
27 proxied = true
28}
29
30# Argo tunnel
31resource "random_id" "atlas_tunnel_secret" {
32 byte_length = 35
33}
34
35resource "cloudflare_argo_tunnel" "atlas_main_tunnel" {
36 account_id = var.cloudflare_account_id
37 name = "${var.homelab_main_domain}-tunnel"
38 secret = random_id.atlas_tunnel_secret.b64_std
39}
40
41resource "cloudflare_record" "bt" {
42 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
43 name = "bt.${var.homelab_main_domain}"
44 value = "${cloudflare_argo_tunnel.atlas_main_tunnel.id}.cfargotunnel.com"
45 type = "CNAME"
46 proxied = true
47}
48
49resource "cloudflare_tunnel_config" "atlas_tunnel_route" {
50 account_id = var.cloudflare_account_id
51 tunnel_id = cloudflare_argo_tunnel.atlas_main_tunnel.id
52
53 config {
54 ingress_rule {
55 hostname = "bt.${var.homelab_main_domain}"
56 path = "/"
57 service = "http://127.0.0.1:8080"
58 }
59 ingress_rule {
60 service = "http_status:404"
61 }
62 }
63}
64
65resource "cloudflare_access_application" "bt" {
66 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
67 name = "bt.${var.homelab_main_domain}"
68 domain = "bt.${var.homelab_main_domain}"
69 type = "self_hosted"
70 session_duration = "24h"
71 auto_redirect_to_identity = false
72}
73
74resource "cloudflare_access_policy" "bt" {
75 application_id = cloudflare_access_application.bt.id
76 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
77 name = "Allow"
78 precedence = "1"
79 decision = "allow"
80
81 include {
82 email = [var.cloudflare_access_application_email]
83 }
84}
85
86# notify
87resource "cloudflare_record" "notify_SPF" {
88 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
89 # type = "SPF" causes DNS Validation Error (1004)
90 # https://github.com/cloudflare/terraform-provider-cloudflare/issues/1473
91 type = "TXT"
92 name = "notify.${var.homelab_main_domain}"
93 value = "v=spf1 include:mailgun.org ~all"
94
95 ttl = 1
96}
97
98resource "cloudflare_record" "notify_DKIM" {
99 name = "pic._domainkey.notify.${var.homelab_main_domain}"
100 type = "TXT"
101 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
102 value = var.homelab_notify_DKIM
103}
104
105resource "cloudflare_record" "notify_CNAME" {
106 name = "email.notify.${var.homelab_main_domain}"
107 type = "CNAME"
108 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
109 value = "mailgun.org"
110}
111
112resource "cloudflare_record" "notify_MX_a" {
113 name = "notify.${var.homelab_main_domain}"
114 type = "MX"
115 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
116 value = "mxa.mailgun.org"
117 priority = 10
118}
119
120resource "cloudflare_record" "notify_MX_b" {
121 name = "notify.${var.homelab_main_domain}"
122 type = "MX"
123 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
124 value = "mxb.mailgun.org"
125 priority = 10
126}
diff --git a/clarkzjw.cc/infra/cloudflare_access.tf b/clarkzjw.cc/infra/cloudflare_access.tf
new file mode 100644
index 0000000..00dfcee
--- /dev/null
+++ b/clarkzjw.cc/infra/cloudflare_access.tf
@@ -0,0 +1,22 @@
1# Cloudflare Access Policy
2
3resource "cloudflare_access_application" "bt" {
4 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
5 name = "bt.${var.homelab_main_domain}"
6 domain = "bt.${var.homelab_main_domain}"
7 type = "self_hosted"
8 session_duration = "24h"
9 auto_redirect_to_identity = false
10}
11
12resource "cloudflare_access_policy" "bt" {
13 application_id = cloudflare_access_application.bt.id
14 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
15 name = "Allow"
16 precedence = "1"
17 decision = "allow"
18
19 include {
20 email = [var.cloudflare_access_application_email]
21 }
22}
diff --git a/clarkzjw.cc/infra/dns.tf b/clarkzjw.cc/infra/dns.tf
new file mode 100644
index 0000000..d066f67
--- /dev/null
+++ b/clarkzjw.cc/infra/dns.tf
@@ -0,0 +1,72 @@
1# Cloudflare DNS records
2
3# www
4variable "homelab_www_domain" {
5 default = "clarkzjw.cc"
6}
7
8variable "homelab_www_ip" {
9 default = "8.8.8.8"
10}
11
12resource "cloudflare_record" "main" {
13 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
14 name = var.homelab_www_domain
15 value = var.homelab_www_ip
16 type = "A"
17
18 ttl = 1
19 proxied = true
20}
21
22# bt
23resource "cloudflare_record" "bt" {
24 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
25 name = "bt.${var.homelab_main_domain}"
26 value = "${cloudflare_argo_tunnel.atlas_main_tunnel.id}.cfargotunnel.com"
27 type = "CNAME"
28 proxied = true
29}
30
31# notify
32# DNS config for Mailgun
33resource "cloudflare_record" "notify_SPF" {
34 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
35 # type = "SPF" causes DNS Validation Error (1004)
36 # https://github.com/cloudflare/terraform-provider-cloudflare/issues/1473
37 type = "TXT"
38 name = "notify.${var.homelab_main_domain}"
39 value = "v=spf1 include:mailgun.org ~all"
40
41 ttl = 1
42}
43
44resource "cloudflare_record" "notify_DKIM" {
45 name = "pic._domainkey.notify.${var.homelab_main_domain}"
46 type = "TXT"
47 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
48 value = var.homelab_notify_DKIM
49}
50
51resource "cloudflare_record" "notify_CNAME" {
52 name = "email.notify.${var.homelab_main_domain}"
53 type = "CNAME"
54 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
55 value = "mailgun.org"
56}
57
58resource "cloudflare_record" "notify_MX_a" {
59 name = "notify.${var.homelab_main_domain}"
60 type = "MX"
61 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
62 value = "mxa.mailgun.org"
63 priority = 10
64}
65
66resource "cloudflare_record" "notify_MX_b" {
67 name = "notify.${var.homelab_main_domain}"
68 type = "MX"
69 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
70 value = "mxb.mailgun.org"
71 priority = 10
72}
diff --git a/clarkzjw.cc/infra/random.tf b/clarkzjw.cc/infra/random.tf
new file mode 100644
index 0000000..4dac161
--- /dev/null
+++ b/clarkzjw.cc/infra/random.tf
@@ -0,0 +1,3 @@
1resource "random_id" "atlas_tunnel_secret" {
2 byte_length = 35
3}
diff --git a/clarkzjw.cc/infra/tunnel.tf b/clarkzjw.cc/infra/tunnel.tf
new file mode 100644
index 0000000..4ec9a7f
--- /dev/null
+++ b/clarkzjw.cc/infra/tunnel.tf
@@ -0,0 +1,22 @@
1# Argo tunnel
2resource "cloudflare_argo_tunnel" "atlas_main_tunnel" {
3 account_id = var.cloudflare_account_id
4 name = "${var.homelab_main_domain}-tunnel"
5 secret = random_id.atlas_tunnel_secret.b64_std
6}
7
8resource "cloudflare_tunnel_config" "atlas_tunnel_route" {
9 account_id = var.cloudflare_account_id
10 tunnel_id = cloudflare_argo_tunnel.atlas_main_tunnel.id
11
12 config {
13 ingress_rule {
14 hostname = "bt.${var.homelab_main_domain}"
15 path = "/"
16 service = "http://127.0.0.1:8080"
17 }
18 ingress_rule {
19 service = "http_status:404"
20 }
21 }
22}
Powered by cgit v1.2.3 (git 2.41.0)