From 2e5381257ac797a49e2e33016c11fd99d4565e4e Mon Sep 17 00:00:00 2001
From: clarkzjw <i@jinwei.me>
Date: Fri, 13 Jan 2023 20:58:10 -0800
Subject: terraform: add argo tunnel

---
 clarkzjw.cc/infra/cloudflare.tf | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

(limited to 'clarkzjw.cc/infra/cloudflare.tf')

diff --git a/clarkzjw.cc/infra/cloudflare.tf b/clarkzjw.cc/infra/cloudflare.tf
index 61d9868..0b40e57 100644
--- a/clarkzjw.cc/infra/cloudflare.tf
+++ b/clarkzjw.cc/infra/cloudflare.tf
@@ -1,3 +1,7 @@
+provider "cloudflare" {
+  api_token = var.cloudflare_api_token
+}
+
 data "cloudflare_zones" "homelab_main_domain" {
   filter {
     name = var.homelab_main_domain
@@ -23,6 +27,41 @@ resource "cloudflare_record" "main" {
   proxied = true
 }
 
+# Argo tunnel
+resource "random_id" "atlas_tunnel_secret" {
+  byte_length = 35
+}
+
+resource "cloudflare_argo_tunnel" "atlas_main_tunnel" {
+  account_id = var.cloudflare_account_id
+  name       = "${var.homelab_main_domain}-tunnel"
+  secret     = random_id.atlas_tunnel_secret.b64_std
+}
+
+resource "cloudflare_record" "bt" {
+  zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
+  name    = "bt.${var.homelab_main_domain}"
+  value   = "${cloudflare_argo_tunnel.atlas_main_tunnel.id}.cfargotunnel.com"
+  type    = "CNAME"
+  proxied = true
+}
+
+resource "cloudflare_tunnel_config" "atlas_tunnel_route" {
+  account_id = var.cloudflare_account_id
+  tunnel_id  = cloudflare_argo_tunnel.atlas_main_tunnel.id
+
+  config {
+    ingress_rule {
+      hostname = "bt.${var.homelab_main_domain}"
+      path     = "/"
+      service  = "http://127.0.0.1:8080"
+    }
+    ingress_rule {
+      service = "http_status:404"
+    }
+  }
+}
+
 # notify
 resource "cloudflare_record" "notify_SPF" {
   zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
-- 
cgit v1.2.3