cloudflare: add access application and tunnel for bt

author: clarkzjw <[email protected]> 2023-01-13 21:43:44 -0800
committer: clarkzjw <[email protected]> 2023-01-13 21:43:44 -0800
commit: cecb49a197e11a87e8964da965e52a25eba96414 (patch)
tree: 29aa7752f58428a49ff37082092e23cf8cb1e24b
parent: 21cc52e300a50520f21ea11f7710a6bc132bef89 (diff)
download: homelab-cecb49a197e11a87e8964da965e52a25eba96414.tar.gz
2 files changed, 27 insertions, 0 deletions
diff --git a/clarkzjw.cc/infra/cloudflare.tf b/clarkzjw.cc/infra/cloudflare.tf
index 0b40e57..13e7f41 100644
--- a/clarkzjw.cc/infra/cloudflare.tf
+++ b/clarkzjw.cc/infra/cloudflare.tf
@@ -62,6 +62,27 @@ resource "cloudflare_tunnel_config" "atlas_tunnel_route" {
  }
 }
+resource "cloudflare_access_application" "bt" {
+  zone_id                   = data.cloudflare_zones.homelab_main_domain.zones[0].id
+  name                      = "bt.${var.homelab_main_domain}"
+  domain                    = "bt.${var.homelab_main_domain}"
+  type                      = "self_hosted"
+  session_duration          = "24h"
+  auto_redirect_to_identity = false
+}
+resource "cloudflare_access_policy" "bt" {
+  application_id = cloudflare_access_application.bt.id
+  zone_id        = data.cloudflare_zones.homelab_main_domain.zones[0].id
+  name           = "Allow"
+  precedence     = "1"
+  decision       = "allow"
+  include {
+    email = [var.cloudflare_access_application_email]
+  }
+}
 # notify
 resource "cloudflare_record" "notify_SPF" {
  zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
diff --git a/clarkzjw.cc/infra/variables.tf b/clarkzjw.cc/infra/variables.tf
index a9a8580..5326464 100644
--- a/clarkzjw.cc/infra/variables.tf
+++ b/clarkzjw.cc/infra/variables.tf
@@ -19,3 +19,9 @@ variable "cloudflare_api_token" {
  type = string
  sensitive = true
 }
+variable "cloudflare_access_application_email" {
+  description = "Email addresses allowed in Cloudflare Access config"
+  type = string
+  sensitive = false
+}
author	clarkzjw <[email protected]>	2023-01-13 21:43:44 -0800
committer	clarkzjw <[email protected]>	2023-01-13 21:43:44 -0800
commit	cecb49a197e11a87e8964da965e52a25eba96414 (patch)
tree	29aa7752f58428a49ff37082092e23cf8cb1e24b
parent	21cc52e300a50520f21ea11f7710a6bc132bef89 (diff)
download	homelab-cecb49a197e11a87e8964da965e52a25eba96414.tar.gz

diff --git a/clarkzjw.cc/infra/cloudflare.tf b/clarkzjw.cc/infra/cloudflare.tf index 0b40e57..13e7f41 100644 --- a/clarkzjw.cc/infra/cloudflare.tf +++ b/clarkzjw.cc/infra/cloudflare.tf
@@ -62,6 +62,27 @@ resource "cloudflare_tunnel_config" "atlas_tunnel_route" {
62	}	62	}
63	}	63	}
64		64
		65	resource "cloudflare_access_application" "bt" {
		66	zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
		67	name = "bt.${var.homelab_main_domain}"
		68	domain = "bt.${var.homelab_main_domain}"
		69	type = "self_hosted"
		70	session_duration = "24h"
		71	auto_redirect_to_identity = false
		72	}
		73
		74	resource "cloudflare_access_policy" "bt" {
		75	application_id = cloudflare_access_application.bt.id
		76	zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
		77	name = "Allow"
		78	precedence = "1"
		79	decision = "allow"
		80
		81	include {
		82	email = [var.cloudflare_access_application_email]
		83	}
		84	}
		85
65	# notify	86	# notify
66	resource "cloudflare_record" "notify_SPF" {	87	resource "cloudflare_record" "notify_SPF" {
67	zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id	88	zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id


diff --git a/clarkzjw.cc/infra/variables.tf b/clarkzjw.cc/infra/variables.tf index a9a8580..5326464 100644 --- a/clarkzjw.cc/infra/variables.tf +++ b/clarkzjw.cc/infra/variables.tf
@@ -19,3 +19,9 @@ variable "cloudflare_api_token" {
19	type = string	19	type = string
20	sensitive = true	20	sensitive = true
21	}	21	}
		22
		23	variable "cloudflare_access_application_email" {
		24	description = "Email addresses allowed in Cloudflare Access config"
		25	type = string
		26	sensitive = false
		27	}