From cecb49a197e11a87e8964da965e52a25eba96414 Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Fri, 13 Jan 2023 21:43:44 -0800 Subject: cloudflare: add access application and tunnel for bt --- clarkzjw.cc/infra/cloudflare.tf | 21 +++++++++++++++++++++ clarkzjw.cc/infra/variables.tf | 6 ++++++ 2 files changed, 27 insertions(+) diff --git a/clarkzjw.cc/infra/cloudflare.tf b/clarkzjw.cc/infra/cloudflare.tf index 0b40e57..13e7f41 100644 --- a/clarkzjw.cc/infra/cloudflare.tf +++ b/clarkzjw.cc/infra/cloudflare.tf @@ -62,6 +62,27 @@ resource "cloudflare_tunnel_config" "atlas_tunnel_route" { } } +resource "cloudflare_access_application" "bt" { + zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id + name = "bt.${var.homelab_main_domain}" + domain = "bt.${var.homelab_main_domain}" + type = "self_hosted" + session_duration = "24h" + auto_redirect_to_identity = false +} + +resource "cloudflare_access_policy" "bt" { + application_id = cloudflare_access_application.bt.id + zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id + name = "Allow" + precedence = "1" + decision = "allow" + + include { + email = [var.cloudflare_access_application_email] + } +} + # notify resource "cloudflare_record" "notify_SPF" { zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id diff --git a/clarkzjw.cc/infra/variables.tf b/clarkzjw.cc/infra/variables.tf index a9a8580..5326464 100644 --- a/clarkzjw.cc/infra/variables.tf +++ b/clarkzjw.cc/infra/variables.tf @@ -19,3 +19,9 @@ variable "cloudflare_api_token" { type = string sensitive = true } + +variable "cloudflare_access_application_email" { + description = "Email addresses allowed in Cloudflare Access config" + type = string + sensitive = false +} -- cgit v1.2.3