From 2e5381257ac797a49e2e33016c11fd99d4565e4e Mon Sep 17 00:00:00 2001
From: clarkzjw <i@jinwei.me>
Date: Fri, 13 Jan 2023 20:58:10 -0800
Subject: terraform: add argo tunnel

---
 clarkzjw.cc/infra/.terraform.lock.hcl | 19 +++++++++++++++++
 clarkzjw.cc/infra/cloudflare.tf       | 39 +++++++++++++++++++++++++++++++++++
 clarkzjw.cc/infra/output.tf           |  4 ++++
 clarkzjw.cc/infra/variables.tf        | 14 ++++++++++++-
 clarkzjw.cc/infra/versions.tf         |  4 ++++
 5 files changed, 79 insertions(+), 1 deletion(-)
 create mode 100644 clarkzjw.cc/infra/output.tf

diff --git a/clarkzjw.cc/infra/.terraform.lock.hcl b/clarkzjw.cc/infra/.terraform.lock.hcl
index 5a1955d..260ce4a 100644
--- a/clarkzjw.cc/infra/.terraform.lock.hcl
+++ b/clarkzjw.cc/infra/.terraform.lock.hcl
@@ -22,3 +22,22 @@ provider "registry.terraform.io/cloudflare/cloudflare" {
     "zh:f589e8754cb4dc6baf43c0f08004073bb2e8a703aa71680f9ac2efd49fdc7bdf",
   ]
 }
+
+provider "registry.terraform.io/hashicorp/random" {
+  version = "3.4.3"
+  hashes = [
+    "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=",
+    "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752",
+    "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b",
+    "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3",
+    "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5",
+    "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda",
+    "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6",
+    "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1",
+    "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d",
+    "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8",
+    "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93",
+  ]
+}
diff --git a/clarkzjw.cc/infra/cloudflare.tf b/clarkzjw.cc/infra/cloudflare.tf
index 61d9868..0b40e57 100644
--- a/clarkzjw.cc/infra/cloudflare.tf
+++ b/clarkzjw.cc/infra/cloudflare.tf
@@ -1,3 +1,7 @@
+provider "cloudflare" {
+  api_token = var.cloudflare_api_token
+}
+
 data "cloudflare_zones" "homelab_main_domain" {
   filter {
     name = var.homelab_main_domain
@@ -23,6 +27,41 @@ resource "cloudflare_record" "main" {
   proxied = true
 }
 
+# Argo tunnel
+resource "random_id" "atlas_tunnel_secret" {
+  byte_length = 35
+}
+
+resource "cloudflare_argo_tunnel" "atlas_main_tunnel" {
+  account_id = var.cloudflare_account_id
+  name       = "${var.homelab_main_domain}-tunnel"
+  secret     = random_id.atlas_tunnel_secret.b64_std
+}
+
+resource "cloudflare_record" "bt" {
+  zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
+  name    = "bt.${var.homelab_main_domain}"
+  value   = "${cloudflare_argo_tunnel.atlas_main_tunnel.id}.cfargotunnel.com"
+  type    = "CNAME"
+  proxied = true
+}
+
+resource "cloudflare_tunnel_config" "atlas_tunnel_route" {
+  account_id = var.cloudflare_account_id
+  tunnel_id  = cloudflare_argo_tunnel.atlas_main_tunnel.id
+
+  config {
+    ingress_rule {
+      hostname = "bt.${var.homelab_main_domain}"
+      path     = "/"
+      service  = "http://127.0.0.1:8080"
+    }
+    ingress_rule {
+      service = "http_status:404"
+    }
+  }
+}
+
 # notify
 resource "cloudflare_record" "notify_SPF" {
   zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
diff --git a/clarkzjw.cc/infra/output.tf b/clarkzjw.cc/infra/output.tf
new file mode 100644
index 0000000..568d3cf
--- /dev/null
+++ b/clarkzjw.cc/infra/output.tf
@@ -0,0 +1,4 @@
+output "atlas_tunnel_token" {
+  value     = cloudflare_argo_tunnel.atlas_main_tunnel.tunnel_token
+  sensitive = true
+}
diff --git a/clarkzjw.cc/infra/variables.tf b/clarkzjw.cc/infra/variables.tf
index 22f201a..a9a8580 100644
--- a/clarkzjw.cc/infra/variables.tf
+++ b/clarkzjw.cc/infra/variables.tf
@@ -6,4 +6,16 @@ variable "homelab_main_domain" {
 variable "homelab_notify_DKIM" {
   description = "DKIM domain value from Mailgun"
   default     = "k=rsa; p=xxxx"
-}
\ No newline at end of file
+}
+
+variable "cloudflare_account_id" {
+  description = "The Cloudflare UUID for the Account the Zone lives in."
+  type        = string
+  sensitive   = true
+}
+
+variable "cloudflare_api_token" {
+  description = "Cloudflare API token"
+  type = string
+  sensitive = true
+}
diff --git a/clarkzjw.cc/infra/versions.tf b/clarkzjw.cc/infra/versions.tf
index 1551173..63e88c2 100644
--- a/clarkzjw.cc/infra/versions.tf
+++ b/clarkzjw.cc/infra/versions.tf
@@ -4,5 +4,9 @@ terraform {
       source  = "cloudflare/cloudflare"
       version = "~> 3.29"
     }
+    random = {
+      source = "hashicorp/random"
+      version = "~> 3.4.3"
+    }
   }
 }
-- 
cgit v1.2.3