From 61b547c9444ac0f2ae925b794f8c65f3b1a429ce Mon Sep 17 00:00:00 2001
From: clarkzjw <i@jinwei.me>
Date: Fri, 13 Jan 2023 22:12:56 -0800
Subject: cloudflare: add edgerouterx

---
 clarkzjw.cc/infra/cloudflare_access.tf | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'clarkzjw.cc/infra/cloudflare_access.tf')

diff --git a/clarkzjw.cc/infra/cloudflare_access.tf b/clarkzjw.cc/infra/cloudflare_access.tf
index 00dfcee..0708a53 100644
--- a/clarkzjw.cc/infra/cloudflare_access.tf
+++ b/clarkzjw.cc/infra/cloudflare_access.tf
@@ -1,5 +1,6 @@
 # Cloudflare Access Policy
 
+# bt
 resource "cloudflare_access_application" "bt" {
   zone_id                   = data.cloudflare_zones.homelab_main_domain.zones[0].id
   name                      = "bt.${var.homelab_main_domain}"
@@ -20,3 +21,25 @@ resource "cloudflare_access_policy" "bt" {
     email = [var.cloudflare_access_application_email]
   }
 }
+
+# router
+resource "cloudflare_access_application" "edgerouterx" {
+  zone_id                   = data.cloudflare_zones.homelab_main_domain.zones[0].id
+  name                      = "edgerouterx.${var.homelab_main_domain}"
+  domain                    = "edgerouterx.${var.homelab_main_domain}"
+  type                      = "self_hosted"
+  session_duration          = "24h"
+  auto_redirect_to_identity = false
+}
+
+resource "cloudflare_access_policy" "edgerouterx" {
+  application_id = cloudflare_access_application.edgerouterx.id
+  zone_id        = data.cloudflare_zones.homelab_main_domain.zones[0].id
+  name           = "Allow"
+  precedence     = "1"
+  decision       = "allow"
+
+  include {
+    email = [var.cloudflare_access_application_email]
+  }
+}
-- 
cgit v1.2.3