terraform: add argo tunnel

author: clarkzjw <[email protected]> 2023-01-13 20:58:10 -0800
committer: clarkzjw <[email protected]> 2023-01-13 20:58:10 -0800
commit: 2e5381257ac797a49e2e33016c11fd99d4565e4e (patch)
tree: e708f4ec454153fdc85498e18fde54b7f72bd3a9
parent: 5e9e3aa28092ceebbb4ba752208566d7239ad234 (diff)
download: homelab-2e5381257ac797a49e2e33016c11fd99d4565e4e.tar.gz
5 files changed, 79 insertions, 1 deletions
diff --git a/clarkzjw.cc/infra/.terraform.lock.hcl b/clarkzjw.cc/infra/.terraform.lock.hcl
index 5a1955d..260ce4a 100644
--- a/clarkzjw.cc/infra/.terraform.lock.hcl
+++ b/clarkzjw.cc/infra/.terraform.lock.hcl
@@ -22,3 +22,22 @@ provider "registry.terraform.io/cloudflare/cloudflare" {
    "zh:f589e8754cb4dc6baf43c0f08004073bb2e8a703aa71680f9ac2efd49fdc7bdf",
  ]
 }
+provider "registry.terraform.io/hashicorp/random" {
+  version = "3.4.3"
+  hashes = [
+    "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=",
+    "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752",
+    "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b",
+    "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3",
+    "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5",
+    "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda",
+    "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6",
+    "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1",
+    "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d",
+    "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8",
+    "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93",
+  ]
+}
diff --git a/clarkzjw.cc/infra/cloudflare.tf b/clarkzjw.cc/infra/cloudflare.tf
index 61d9868..0b40e57 100644
--- a/clarkzjw.cc/infra/cloudflare.tf
+++ b/clarkzjw.cc/infra/cloudflare.tf
@@ -1,3 +1,7 @@
+provider "cloudflare" {
+  api_token = var.cloudflare_api_token
+}
 data "cloudflare_zones" "homelab_main_domain" {
  filter {
    name = var.homelab_main_domain
@@ -23,6 +27,41 @@ resource "cloudflare_record" "main" {
  proxied = true
 }
+# Argo tunnel
+resource "random_id" "atlas_tunnel_secret" {
+  byte_length = 35
+}
+resource "cloudflare_argo_tunnel" "atlas_main_tunnel" {
+  account_id = var.cloudflare_account_id
+  name       = "${var.homelab_main_domain}-tunnel"
+  secret     = random_id.atlas_tunnel_secret.b64_std
+}
+resource "cloudflare_record" "bt" {
+  zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
+  name    = "bt.${var.homelab_main_domain}"
+  value   = "${cloudflare_argo_tunnel.atlas_main_tunnel.id}.cfargotunnel.com"
+  type    = "CNAME"
+  proxied = true
+}
+resource "cloudflare_tunnel_config" "atlas_tunnel_route" {
+  account_id = var.cloudflare_account_id
+  tunnel_id  = cloudflare_argo_tunnel.atlas_main_tunnel.id
+  config {
+    ingress_rule {
+      hostname = "bt.${var.homelab_main_domain}"
+      path     = "/"
+      service  = "http://127.0.0.1:8080"
+    }
+    ingress_rule {
+      service = "http_status:404"
+    }
+  }
+}
 # notify
 resource "cloudflare_record" "notify_SPF" {
  zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
diff --git a/clarkzjw.cc/infra/output.tf b/clarkzjw.cc/infra/output.tf
new file mode 100644
index 0000000..568d3cf
--- /dev/null
+++ b/clarkzjw.cc/infra/output.tf
@@ -0,0 +1,4 @@
+output "atlas_tunnel_token" {
+  value     = cloudflare_argo_tunnel.atlas_main_tunnel.tunnel_token
+  sensitive = true
+}
diff --git a/clarkzjw.cc/infra/variables.tf b/clarkzjw.cc/infra/variables.tf
index 22f201a..a9a8580 100644
--- a/clarkzjw.cc/infra/variables.tf
+++ b/clarkzjw.cc/infra/variables.tf
@@ -6,4 +6,16 @@ variable "homelab_main_domain" {
 variable "homelab_notify_DKIM" {
  description = "DKIM domain value from Mailgun"
  default     = "k=rsa; p=xxxx"
-}
-\ No newline at end of file
+}
+variable "cloudflare_account_id" {
+  description = "The Cloudflare UUID for the Account the Zone lives in."
+  type        = string
+  sensitive   = true
+}
+variable "cloudflare_api_token" {
+  description = "Cloudflare API token"
+  type = string
+  sensitive = true
+}
diff --git a/clarkzjw.cc/infra/versions.tf b/clarkzjw.cc/infra/versions.tf
index 1551173..63e88c2 100644
--- a/clarkzjw.cc/infra/versions.tf
+++ b/clarkzjw.cc/infra/versions.tf
@@ -4,5 +4,9 @@ terraform {
      source  = "cloudflare/cloudflare"
      version = "~> 3.29"
    }
+    random = {
+      source = "hashicorp/random"
+      version = "~> 3.4.3"
+    }
  }
 }
author	clarkzjw <[email protected]>	2023-01-13 20:58:10 -0800
committer	clarkzjw <[email protected]>	2023-01-13 20:58:10 -0800
commit	2e5381257ac797a49e2e33016c11fd99d4565e4e (patch)
tree	e708f4ec454153fdc85498e18fde54b7f72bd3a9
parent	5e9e3aa28092ceebbb4ba752208566d7239ad234 (diff)
download	homelab-2e5381257ac797a49e2e33016c11fd99d4565e4e.tar.gz

diff --git a/clarkzjw.cc/infra/.terraform.lock.hcl b/clarkzjw.cc/infra/.terraform.lock.hcl index 5a1955d..260ce4a 100644 --- a/clarkzjw.cc/infra/.terraform.lock.hcl +++ b/clarkzjw.cc/infra/.terraform.lock.hcl
@@ -22,3 +22,22 @@ provider "registry.terraform.io/cloudflare/cloudflare" {
22	"zh:f589e8754cb4dc6baf43c0f08004073bb2e8a703aa71680f9ac2efd49fdc7bdf",	22	"zh:f589e8754cb4dc6baf43c0f08004073bb2e8a703aa71680f9ac2efd49fdc7bdf",
23	]	23	]
24	}	24	}
		25
		26	provider "registry.terraform.io/hashicorp/random" {
		27	version = "3.4.3"
		28	hashes = [
		29	"h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=",
		30	"zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752",
		31	"zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b",
		32	"zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53",
		33	"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
		34	"zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3",
		35	"zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5",
		36	"zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda",
		37	"zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6",
		38	"zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1",
		39	"zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d",
		40	"zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8",
		41	"zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93",
		42	]
		43	}


diff --git a/clarkzjw.cc/infra/cloudflare.tf b/clarkzjw.cc/infra/cloudflare.tf index 61d9868..0b40e57 100644 --- a/clarkzjw.cc/infra/cloudflare.tf +++ b/clarkzjw.cc/infra/cloudflare.tf
@@ -1,3 +1,7 @@
		1	provider "cloudflare" {
		2	api_token = var.cloudflare_api_token
		3	}
		4
1	data "cloudflare_zones" "homelab_main_domain" {	5	data "cloudflare_zones" "homelab_main_domain" {
2	filter {	6	filter {
3	name = var.homelab_main_domain	7	name = var.homelab_main_domain
@@ -23,6 +27,41 @@ resource "cloudflare_record" "main" {
23	proxied = true	27	proxied = true
24	}	28	}
25		29
		30	# Argo tunnel
		31	resource "random_id" "atlas_tunnel_secret" {
		32	byte_length = 35
		33	}
		34
		35	resource "cloudflare_argo_tunnel" "atlas_main_tunnel" {
		36	account_id = var.cloudflare_account_id
		37	name = "${var.homelab_main_domain}-tunnel"
		38	secret = random_id.atlas_tunnel_secret.b64_std
		39	}
		40
		41	resource "cloudflare_record" "bt" {
		42	zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
		43	name = "bt.${var.homelab_main_domain}"
		44	value = "${cloudflare_argo_tunnel.atlas_main_tunnel.id}.cfargotunnel.com"
		45	type = "CNAME"
		46	proxied = true
		47	}
		48
		49	resource "cloudflare_tunnel_config" "atlas_tunnel_route" {
		50	account_id = var.cloudflare_account_id
		51	tunnel_id = cloudflare_argo_tunnel.atlas_main_tunnel.id
		52
		53	config {
		54	ingress_rule {
		55	hostname = "bt.${var.homelab_main_domain}"
		56	path = "/"
		57	service = "http://127.0.0.1:8080"
		58	}
		59	ingress_rule {
		60	service = "http_status:404"
		61	}
		62	}
		63	}
		64
26	# notify	65	# notify
27	resource "cloudflare_record" "notify_SPF" {	66	resource "cloudflare_record" "notify_SPF" {
28	zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id	67	zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id


diff --git a/clarkzjw.cc/infra/output.tf b/clarkzjw.cc/infra/output.tf new file mode 100644 index 0000000..568d3cf --- /dev/null +++ b/clarkzjw.cc/infra/output.tf
@@ -0,0 +1,4 @@
		1	output "atlas_tunnel_token" {
		2	value = cloudflare_argo_tunnel.atlas_main_tunnel.tunnel_token
		3	sensitive = true
		4	}


diff --git a/clarkzjw.cc/infra/variables.tf b/clarkzjw.cc/infra/variables.tf index 22f201a..a9a8580 100644 --- a/clarkzjw.cc/infra/variables.tf +++ b/clarkzjw.cc/infra/variables.tf
@@ -6,4 +6,16 @@ variable "homelab_main_domain" {
6	variable "homelab_notify_DKIM" {	6	variable "homelab_notify_DKIM" {
7	description = "DKIM domain value from Mailgun"	7	description = "DKIM domain value from Mailgun"
8	default = "k=rsa; p=xxxx"	8	default = "k=rsa; p=xxxx"
9	} \ No newline at end of file	9	}
		10
		11	variable "cloudflare_account_id" {
		12	description = "The Cloudflare UUID for the Account the Zone lives in."
		13	type = string
		14	sensitive = true
		15	}
		16
		17	variable "cloudflare_api_token" {
		18	description = "Cloudflare API token"
		19	type = string
		20	sensitive = true
		21	}


diff --git a/clarkzjw.cc/infra/versions.tf b/clarkzjw.cc/infra/versions.tf index 1551173..63e88c2 100644 --- a/clarkzjw.cc/infra/versions.tf +++ b/clarkzjw.cc/infra/versions.tf
@@ -4,5 +4,9 @@ terraform {
4	source = "cloudflare/cloudflare"	4	source = "cloudflare/cloudflare"
5	version = "~> 3.29"	5	version = "~> 3.29"
6	}	6	}
		7	random = {
		8	source = "hashicorp/random"
		9	version = "~> 3.4.3"
		10	}
7	}	11	}
8	}	12	}