aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'clarkzjw.cc/infra')
-rw-r--r--clarkzjw.cc/infra/cloudflare_access.tf23
-rw-r--r--clarkzjw.cc/infra/dns.tf9
-rw-r--r--clarkzjw.cc/infra/tunnel.tf12
-rw-r--r--clarkzjw.cc/infra/variables.tf6
4 files changed, 50 insertions, 0 deletions
diff --git a/clarkzjw.cc/infra/cloudflare_access.tf b/clarkzjw.cc/infra/cloudflare_access.tf
index 00dfcee..0708a53 100644
--- a/clarkzjw.cc/infra/cloudflare_access.tf
+++ b/clarkzjw.cc/infra/cloudflare_access.tf
@@ -1,5 +1,6 @@
1# Cloudflare Access Policy 1# Cloudflare Access Policy
2 2
3# bt
3resource "cloudflare_access_application" "bt" { 4resource "cloudflare_access_application" "bt" {
4 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id 5 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
5 name = "bt.${var.homelab_main_domain}" 6 name = "bt.${var.homelab_main_domain}"
@@ -20,3 +21,25 @@ resource "cloudflare_access_policy" "bt" {
20 email = [var.cloudflare_access_application_email] 21 email = [var.cloudflare_access_application_email]
21 } 22 }
22} 23}
24
25# router
26resource "cloudflare_access_application" "edgerouterx" {
27 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
28 name = "edgerouterx.${var.homelab_main_domain}"
29 domain = "edgerouterx.${var.homelab_main_domain}"
30 type = "self_hosted"
31 session_duration = "24h"
32 auto_redirect_to_identity = false
33}
34
35resource "cloudflare_access_policy" "edgerouterx" {
36 application_id = cloudflare_access_application.edgerouterx.id
37 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
38 name = "Allow"
39 precedence = "1"
40 decision = "allow"
41
42 include {
43 email = [var.cloudflare_access_application_email]
44 }
45}
diff --git a/clarkzjw.cc/infra/dns.tf b/clarkzjw.cc/infra/dns.tf
index d066f67..30d42fa 100644
--- a/clarkzjw.cc/infra/dns.tf
+++ b/clarkzjw.cc/infra/dns.tf
@@ -28,6 +28,15 @@ resource "cloudflare_record" "bt" {
28 proxied = true 28 proxied = true
29} 29}
30 30
31# EdgeRouterX
32resource "cloudflare_record" "edgerouterx" {
33 name = "edgerouterx.${var.homelab_main_domain}"
34 type = "CNAME"
35 zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
36 value = "${cloudflare_argo_tunnel.atlas_main_tunnel.id}.cfargotunnel.com"
37 proxied = true
38}
39
31# notify 40# notify
32# DNS config for Mailgun 41# DNS config for Mailgun
33resource "cloudflare_record" "notify_SPF" { 42resource "cloudflare_record" "notify_SPF" {
diff --git a/clarkzjw.cc/infra/tunnel.tf b/clarkzjw.cc/infra/tunnel.tf
index 4ec9a7f..ba929c2 100644
--- a/clarkzjw.cc/infra/tunnel.tf
+++ b/clarkzjw.cc/infra/tunnel.tf
@@ -10,12 +10,24 @@ resource "cloudflare_tunnel_config" "atlas_tunnel_route" {
10 tunnel_id = cloudflare_argo_tunnel.atlas_main_tunnel.id 10 tunnel_id = cloudflare_argo_tunnel.atlas_main_tunnel.id
11 11
12 config { 12 config {
13 // TODO: https://github.com/cloudflare/terraform-provider-cloudflare/issues/2072
14 // It seems the `origin_request` here doesn't enable `no_tls_verify` in each ingress_rule
15 // For now, you have to enable `no_tls_verify` in the dashboard
16 origin_request {
17 no_tls_verify = true
18 }
13 ingress_rule { 19 ingress_rule {
14 hostname = "bt.${var.homelab_main_domain}" 20 hostname = "bt.${var.homelab_main_domain}"
15 path = "/" 21 path = "/"
16 service = "http://127.0.0.1:8080" 22 service = "http://127.0.0.1:8080"
17 } 23 }
18 ingress_rule { 24 ingress_rule {
25 hostname = "edgerouterx.${var.homelab_main_domain}"
26 path = "/"
27 service = "https://${var.edgerouterx_ip}"
28
29 }
30 ingress_rule {
19 service = "http_status:404" 31 service = "http_status:404"
20 } 32 }
21 } 33 }
diff --git a/clarkzjw.cc/infra/variables.tf b/clarkzjw.cc/infra/variables.tf
index 5326464..dcee8e9 100644
--- a/clarkzjw.cc/infra/variables.tf
+++ b/clarkzjw.cc/infra/variables.tf
@@ -25,3 +25,9 @@ variable "cloudflare_access_application_email" {
25 type = string 25 type = string
26 sensitive = false 26 sensitive = false
27} 27}
28
29variable "edgerouterx_ip" {
30 description = "IP address for EdgeRouterX"
31 type = string
32 sensitive = false
33}
Powered by cgit v1.2.3 (git 2.41.0)