diff options
Diffstat (limited to 'clarkzjw.cc/infra/cloudflare.tf')
-rw-r--r-- | clarkzjw.cc/infra/cloudflare.tf | 117 |
1 files changed, 0 insertions, 117 deletions
diff --git a/clarkzjw.cc/infra/cloudflare.tf b/clarkzjw.cc/infra/cloudflare.tf index 13e7f41..0361bba 100644 --- a/clarkzjw.cc/infra/cloudflare.tf +++ b/clarkzjw.cc/infra/cloudflare.tf | |||
@@ -7,120 +7,3 @@ data "cloudflare_zones" "homelab_main_domain" { | |||
7 | name = var.homelab_main_domain | 7 | name = var.homelab_main_domain |
8 | } | 8 | } |
9 | } | 9 | } |
10 | |||
11 | # www | ||
12 | variable "homelab_www_domain" { | ||
13 | default = "clarkzjw.cc" | ||
14 | } | ||
15 | |||
16 | variable "homelab_www_ip" { | ||
17 | default = "8.8.8.8" | ||
18 | } | ||
19 | |||
20 | resource "cloudflare_record" "main" { | ||
21 | zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id | ||
22 | name = var.homelab_www_domain | ||
23 | value = var.homelab_www_ip | ||
24 | type = "A" | ||
25 | |||
26 | ttl = 1 | ||
27 | proxied = true | ||
28 | } | ||
29 | |||
30 | # Argo tunnel | ||
31 | resource "random_id" "atlas_tunnel_secret" { | ||
32 | byte_length = 35 | ||
33 | } | ||
34 | |||
35 | resource "cloudflare_argo_tunnel" "atlas_main_tunnel" { | ||
36 | account_id = var.cloudflare_account_id | ||
37 | name = "${var.homelab_main_domain}-tunnel" | ||
38 | secret = random_id.atlas_tunnel_secret.b64_std | ||
39 | } | ||
40 | |||
41 | resource "cloudflare_record" "bt" { | ||
42 | zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id | ||
43 | name = "bt.${var.homelab_main_domain}" | ||
44 | value = "${cloudflare_argo_tunnel.atlas_main_tunnel.id}.cfargotunnel.com" | ||
45 | type = "CNAME" | ||
46 | proxied = true | ||
47 | } | ||
48 | |||
49 | resource "cloudflare_tunnel_config" "atlas_tunnel_route" { | ||
50 | account_id = var.cloudflare_account_id | ||
51 | tunnel_id = cloudflare_argo_tunnel.atlas_main_tunnel.id | ||
52 | |||
53 | config { | ||
54 | ingress_rule { | ||
55 | hostname = "bt.${var.homelab_main_domain}" | ||
56 | path = "/" | ||
57 | service = "http://127.0.0.1:8080" | ||
58 | } | ||
59 | ingress_rule { | ||
60 | service = "http_status:404" | ||
61 | } | ||
62 | } | ||
63 | } | ||
64 | |||
65 | resource "cloudflare_access_application" "bt" { | ||
66 | zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id | ||
67 | name = "bt.${var.homelab_main_domain}" | ||
68 | domain = "bt.${var.homelab_main_domain}" | ||
69 | type = "self_hosted" | ||
70 | session_duration = "24h" | ||
71 | auto_redirect_to_identity = false | ||
72 | } | ||
73 | |||
74 | resource "cloudflare_access_policy" "bt" { | ||
75 | application_id = cloudflare_access_application.bt.id | ||
76 | zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id | ||
77 | name = "Allow" | ||
78 | precedence = "1" | ||
79 | decision = "allow" | ||
80 | |||
81 | include { | ||
82 | email = [var.cloudflare_access_application_email] | ||
83 | } | ||
84 | } | ||
85 | |||
86 | # notify | ||
87 | resource "cloudflare_record" "notify_SPF" { | ||
88 | zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id | ||
89 | # type = "SPF" causes DNS Validation Error (1004) | ||
90 | # https://github.com/cloudflare/terraform-provider-cloudflare/issues/1473 | ||
91 | type = "TXT" | ||
92 | name = "notify.${var.homelab_main_domain}" | ||
93 | value = "v=spf1 include:mailgun.org ~all" | ||
94 | |||
95 | ttl = 1 | ||
96 | } | ||
97 | |||
98 | resource "cloudflare_record" "notify_DKIM" { | ||
99 | name = "pic._domainkey.notify.${var.homelab_main_domain}" | ||
100 | type = "TXT" | ||
101 | zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id | ||
102 | value = var.homelab_notify_DKIM | ||
103 | } | ||
104 | |||
105 | resource "cloudflare_record" "notify_CNAME" { | ||
106 | name = "email.notify.${var.homelab_main_domain}" | ||
107 | type = "CNAME" | ||
108 | zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id | ||
109 | value = "mailgun.org" | ||
110 | } | ||
111 | |||
112 | resource "cloudflare_record" "notify_MX_a" { | ||
113 | name = "notify.${var.homelab_main_domain}" | ||
114 | type = "MX" | ||
115 | zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id | ||
116 | value = "mxa.mailgun.org" | ||
117 | priority = 10 | ||
118 | } | ||
119 | |||
120 | resource "cloudflare_record" "notify_MX_b" { | ||
121 | name = "notify.${var.homelab_main_domain}" | ||
122 | type = "MX" | ||
123 | zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id | ||
124 | value = "mxb.mailgun.org" | ||
125 | priority = 10 | ||
126 | } | ||