aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorclarkzjw <[email protected]>2023-01-13 22:57:51 -0800
committerclarkzjw <[email protected]>2023-01-13 22:57:51 -0800
commit63673af754d77df0a4bd3fda6b38ebb91dca5bdb (patch)
tree233e9f050eb971340b4806169efa8a72c10800b7
parentad28eb8b886931995b7c294a80357a6c5dca1772 (diff)
downloadhomelab-63673af754d77df0a4bd3fda6b38ebb91dca5bdb.tar.gz
cloudflare: add proxmox
-rw-r--r--clarkzjw.cc/infra/cloudflare_access.tf22
-rw-r--r--clarkzjw.cc/infra/dns.tf9
-rw-r--r--clarkzjw.cc/infra/terraform.tfvars.example7
-rw-r--r--clarkzjw.cc/infra/tunnel.tf11
-rw-r--r--clarkzjw.cc/infra/variables.tf6
5 files changed, 51 insertions, 4 deletions
diff --git a/clarkzjw.cc/infra/cloudflare_access.tf b/clarkzjw.cc/infra/cloudflare_access.tf
index 0708a53..267b1f7 100644
--- a/clarkzjw.cc/infra/cloudflare_access.tf
+++ b/clarkzjw.cc/infra/cloudflare_access.tf
@@ -43,3 +43,25 @@ resource "cloudflare_access_policy" "edgerouterx" {
43 email = [var.cloudflare_access_application_email] 43 email = [var.cloudflare_access_application_email]
44 } 44 }
45} 45}
46
47# proxmox
48resource "cloudflare_access_application" "proxmox" {
49 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
50 name = "proxmox.${var.homelab_main_domain}"
51 domain = "proxmox.${var.homelab_main_domain}"
52 type = "self_hosted"
53 session_duration = "24h"
54 auto_redirect_to_identity = false
55}
56
57resource "cloudflare_access_policy" "proxmox" {
58 application_id = cloudflare_access_application.proxmox.id
59 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
60 name = "Allow"
61 precedence = "1"
62 decision = "allow"
63
64 include {
65 email = [var.cloudflare_access_application_email]
66 }
67}
diff --git a/clarkzjw.cc/infra/dns.tf b/clarkzjw.cc/infra/dns.tf
index 30d42fa..1240399 100644
--- a/clarkzjw.cc/infra/dns.tf
+++ b/clarkzjw.cc/infra/dns.tf
@@ -37,6 +37,15 @@ resource "cloudflare_record" "edgerouterx" {
37 proxied = true 37 proxied = true
38} 38}
39 39
40# Proxmox
41resource "cloudflare_record" "proxmox" {
42 name = "proxmox.${var.homelab_main_domain}"
43 type = "CNAME"
44 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
45 value = "${cloudflare_argo_tunnel.atlas_main_tunnel.id}.cfargotunnel.com"
46 proxied = true
47}
48
40# notify 49# notify
41# DNS config for Mailgun 50# DNS config for Mailgun
42resource "cloudflare_record" "notify_SPF" { 51resource "cloudflare_record" "notify_SPF" {
diff --git a/clarkzjw.cc/infra/terraform.tfvars.example b/clarkzjw.cc/infra/terraform.tfvars.example
index 6fd3085..e7c1085 100644
--- a/clarkzjw.cc/infra/terraform.tfvars.example
+++ b/clarkzjw.cc/infra/terraform.tfvars.example
@@ -1 +1,6 @@
1homelab_notify_DKIM = "k=rsa; p=xxx" 1homelab_notify_DKIM = "k=rsa; p=xxx"
2cloudflare_account_id = ""
3cloudflare_api_token = ""
4cloudflare_access_application_email = ""
5edgerouterx_ip = "192.168.1.85"
6proxmox_ip = "192.168.1.88"
diff --git a/clarkzjw.cc/infra/tunnel.tf b/clarkzjw.cc/infra/tunnel.tf
index 81c6ed4..e891f07 100644
--- a/clarkzjw.cc/infra/tunnel.tf
+++ b/clarkzjw.cc/infra/tunnel.tf
@@ -13,9 +13,9 @@ resource "cloudflare_tunnel_config" "atlas_tunnel_route" {
13 // TODO: https://github.com/cloudflare/terraform-provider-cloudflare/issues/2072 13 // TODO: https://github.com/cloudflare/terraform-provider-cloudflare/issues/2072
14 // It seems the `origin_request` here doesn't enable `no_tls_verify` in each ingress_rule 14 // It seems the `origin_request` here doesn't enable `no_tls_verify` in each ingress_rule
15 // For now, you have to enable `no_tls_verify` in the dashboard 15 // For now, you have to enable `no_tls_verify` in the dashboard
16 origin_request { 16 # origin_request {
17 no_tls_verify = true 17 # no_tls_verify = true
18 } 18 # }
19 ingress_rule { 19 ingress_rule {
20 hostname = "bt.${var.homelab_main_domain}" 20 hostname = "bt.${var.homelab_main_domain}"
21 path = "/" 21 path = "/"
@@ -27,6 +27,11 @@ resource "cloudflare_tunnel_config" "atlas_tunnel_route" {
27 service = "https://${var.edgerouterx_ip}" 27 service = "https://${var.edgerouterx_ip}"
28 } 28 }
29 ingress_rule { 29 ingress_rule {
30 hostname = "proxmox.${var.homelab_main_domain}"
31 path = "/"
32 service = "https://${var.proxmox_ip}:8006"
33 }
34 ingress_rule {
30 service = "http_status:404" 35 service = "http_status:404"
31 } 36 }
32 } 37 }
diff --git a/clarkzjw.cc/infra/variables.tf b/clarkzjw.cc/infra/variables.tf
index 58e8976..bb5b06d 100644
--- a/clarkzjw.cc/infra/variables.tf
+++ b/clarkzjw.cc/infra/variables.tf
@@ -31,3 +31,9 @@ variable "edgerouterx_ip" {
31 type = string 31 type = string
32 sensitive = false 32 sensitive = false
33} 33}
34
35variable "proxmox_ip" {
36 description = "IP address for Proxmox"
37 type = string
38 sensitive = false
39}
Powered by cgit v1.2.3 (git 2.41.0)