From 63673af754d77df0a4bd3fda6b38ebb91dca5bdb Mon Sep 17 00:00:00 2001
From: clarkzjw <i@jinwei.me>
Date: Fri, 13 Jan 2023 22:57:51 -0800
Subject: cloudflare: add proxmox

---
 clarkzjw.cc/infra/cloudflare_access.tf | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'clarkzjw.cc/infra/cloudflare_access.tf')

diff --git a/clarkzjw.cc/infra/cloudflare_access.tf b/clarkzjw.cc/infra/cloudflare_access.tf
index 0708a53..267b1f7 100644
--- a/clarkzjw.cc/infra/cloudflare_access.tf
+++ b/clarkzjw.cc/infra/cloudflare_access.tf
@@ -43,3 +43,25 @@ resource "cloudflare_access_policy" "edgerouterx" {
     email = [var.cloudflare_access_application_email]
   }
 }
+
+# proxmox
+resource "cloudflare_access_application" "proxmox" {
+  zone_id                   = data.cloudflare_zones.homelab_main_domain.zones[0].id
+  name                      = "proxmox.${var.homelab_main_domain}"
+  domain                    = "proxmox.${var.homelab_main_domain}"
+  type                      = "self_hosted"
+  session_duration          = "24h"
+  auto_redirect_to_identity = false
+}
+
+resource "cloudflare_access_policy" "proxmox" {
+  application_id = cloudflare_access_application.proxmox.id
+  zone_id        = data.cloudflare_zones.homelab_main_domain.zones[0].id
+  name           = "Allow"
+  precedence     = "1"
+  decision       = "allow"
+
+  include {
+    email = [var.cloudflare_access_application_email]
+  }
+}
-- 
cgit v1.2.3