From 4f274f77122479d16d74ade9a0867da71cdf3cee Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Fri, 13 Jan 2023 21:49:44 -0800 Subject: cloudflare: reorder --- clarkzjw.cc/infra/cloudflare.tf | 117 --------------------------------- clarkzjw.cc/infra/cloudflare_access.tf | 22 +++++++ clarkzjw.cc/infra/dns.tf | 72 ++++++++++++++++++++ clarkzjw.cc/infra/random.tf | 3 + clarkzjw.cc/infra/tunnel.tf | 22 +++++++ 5 files changed, 119 insertions(+), 117 deletions(-) create mode 100644 clarkzjw.cc/infra/cloudflare_access.tf create mode 100644 clarkzjw.cc/infra/dns.tf create mode 100644 clarkzjw.cc/infra/random.tf create mode 100644 clarkzjw.cc/infra/tunnel.tf (limited to 'clarkzjw.cc/infra') diff --git a/clarkzjw.cc/infra/cloudflare.tf b/clarkzjw.cc/infra/cloudflare.tf index 13e7f41..0361bba 100644 --- a/clarkzjw.cc/infra/cloudflare.tf +++ b/clarkzjw.cc/infra/cloudflare.tf @@ -7,120 +7,3 @@ data "cloudflare_zones" "homelab_main_domain" { name = var.homelab_main_domain } } - -# www -variable "homelab_www_domain" { - default = "clarkzjw.cc" -} - -variable "homelab_www_ip" { - default = "8.8.8.8" -} - -resource "cloudflare_record" "main" { - zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id - name = var.homelab_www_domain - value = var.homelab_www_ip - type = "A" - - ttl = 1 - proxied = true -} - -# Argo tunnel -resource "random_id" "atlas_tunnel_secret" { - byte_length = 35 -} - -resource "cloudflare_argo_tunnel" "atlas_main_tunnel" { - account_id = var.cloudflare_account_id - name = "${var.homelab_main_domain}-tunnel" - secret = random_id.atlas_tunnel_secret.b64_std -} - -resource "cloudflare_record" "bt" { - zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id - name = "bt.${var.homelab_main_domain}" - value = "${cloudflare_argo_tunnel.atlas_main_tunnel.id}.cfargotunnel.com" - type = "CNAME" - proxied = true -} - -resource "cloudflare_tunnel_config" "atlas_tunnel_route" { - account_id = var.cloudflare_account_id - tunnel_id = cloudflare_argo_tunnel.atlas_main_tunnel.id - - config { - ingress_rule { - hostname = "bt.${var.homelab_main_domain}" - path = "/" - service = "http://127.0.0.1:8080" - } - ingress_rule { - service = "http_status:404" - } - } -} - -resource "cloudflare_access_application" "bt" { - zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id - name = "bt.${var.homelab_main_domain}" - domain = "bt.${var.homelab_main_domain}" - type = "self_hosted" - session_duration = "24h" - auto_redirect_to_identity = false -} - -resource "cloudflare_access_policy" "bt" { - application_id = cloudflare_access_application.bt.id - zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id - name = "Allow" - precedence = "1" - decision = "allow" - - include { - email = [var.cloudflare_access_application_email] - } -} - -# notify -resource "cloudflare_record" "notify_SPF" { - zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id - # type = "SPF" causes DNS Validation Error (1004) - # https://github.com/cloudflare/terraform-provider-cloudflare/issues/1473 - type = "TXT" - name = "notify.${var.homelab_main_domain}" - value = "v=spf1 include:mailgun.org ~all" - - ttl = 1 -} - -resource "cloudflare_record" "notify_DKIM" { - name = "pic._domainkey.notify.${var.homelab_main_domain}" - type = "TXT" - zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id - value = var.homelab_notify_DKIM -} - -resource "cloudflare_record" "notify_CNAME" { - name = "email.notify.${var.homelab_main_domain}" - type = "CNAME" - zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id - value = "mailgun.org" -} - -resource "cloudflare_record" "notify_MX_a" { - name = "notify.${var.homelab_main_domain}" - type = "MX" - zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id - value = "mxa.mailgun.org" - priority = 10 -} - -resource "cloudflare_record" "notify_MX_b" { - name = "notify.${var.homelab_main_domain}" - type = "MX" - zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id - value = "mxb.mailgun.org" - priority = 10 -} diff --git a/clarkzjw.cc/infra/cloudflare_access.tf b/clarkzjw.cc/infra/cloudflare_access.tf new file mode 100644 index 0000000..00dfcee --- /dev/null +++ b/clarkzjw.cc/infra/cloudflare_access.tf @@ -0,0 +1,22 @@ +# Cloudflare Access Policy + +resource "cloudflare_access_application" "bt" { + zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id + name = "bt.${var.homelab_main_domain}" + domain = "bt.${var.homelab_main_domain}" + type = "self_hosted" + session_duration = "24h" + auto_redirect_to_identity = false +} + +resource "cloudflare_access_policy" "bt" { + application_id = cloudflare_access_application.bt.id + zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id + name = "Allow" + precedence = "1" + decision = "allow" + + include { + email = [var.cloudflare_access_application_email] + } +} diff --git a/clarkzjw.cc/infra/dns.tf b/clarkzjw.cc/infra/dns.tf new file mode 100644 index 0000000..d066f67 --- /dev/null +++ b/clarkzjw.cc/infra/dns.tf @@ -0,0 +1,72 @@ +# Cloudflare DNS records + +# www +variable "homelab_www_domain" { + default = "clarkzjw.cc" +} + +variable "homelab_www_ip" { + default = "8.8.8.8" +} + +resource "cloudflare_record" "main" { + zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id + name = var.homelab_www_domain + value = var.homelab_www_ip + type = "A" + + ttl = 1 + proxied = true +} + +# bt +resource "cloudflare_record" "bt" { + zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id + name = "bt.${var.homelab_main_domain}" + value = "${cloudflare_argo_tunnel.atlas_main_tunnel.id}.cfargotunnel.com" + type = "CNAME" + proxied = true +} + +# notify +# DNS config for Mailgun +resource "cloudflare_record" "notify_SPF" { + zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id + # type = "SPF" causes DNS Validation Error (1004) + # https://github.com/cloudflare/terraform-provider-cloudflare/issues/1473 + type = "TXT" + name = "notify.${var.homelab_main_domain}" + value = "v=spf1 include:mailgun.org ~all" + + ttl = 1 +} + +resource "cloudflare_record" "notify_DKIM" { + name = "pic._domainkey.notify.${var.homelab_main_domain}" + type = "TXT" + zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id + value = var.homelab_notify_DKIM +} + +resource "cloudflare_record" "notify_CNAME" { + name = "email.notify.${var.homelab_main_domain}" + type = "CNAME" + zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id + value = "mailgun.org" +} + +resource "cloudflare_record" "notify_MX_a" { + name = "notify.${var.homelab_main_domain}" + type = "MX" + zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id + value = "mxa.mailgun.org" + priority = 10 +} + +resource "cloudflare_record" "notify_MX_b" { + name = "notify.${var.homelab_main_domain}" + type = "MX" + zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id + value = "mxb.mailgun.org" + priority = 10 +} diff --git a/clarkzjw.cc/infra/random.tf b/clarkzjw.cc/infra/random.tf new file mode 100644 index 0000000..4dac161 --- /dev/null +++ b/clarkzjw.cc/infra/random.tf @@ -0,0 +1,3 @@ +resource "random_id" "atlas_tunnel_secret" { + byte_length = 35 +} diff --git a/clarkzjw.cc/infra/tunnel.tf b/clarkzjw.cc/infra/tunnel.tf new file mode 100644 index 0000000..4ec9a7f --- /dev/null +++ b/clarkzjw.cc/infra/tunnel.tf @@ -0,0 +1,22 @@ +# Argo tunnel +resource "cloudflare_argo_tunnel" "atlas_main_tunnel" { + account_id = var.cloudflare_account_id + name = "${var.homelab_main_domain}-tunnel" + secret = random_id.atlas_tunnel_secret.b64_std +} + +resource "cloudflare_tunnel_config" "atlas_tunnel_route" { + account_id = var.cloudflare_account_id + tunnel_id = cloudflare_argo_tunnel.atlas_main_tunnel.id + + config { + ingress_rule { + hostname = "bt.${var.homelab_main_domain}" + path = "/" + service = "http://127.0.0.1:8080" + } + ingress_rule { + service = "http_status:404" + } + } +} -- cgit v1.2.3