infra: add cloudflare argo tunnel

author: clarkzjw <[email protected]> 2022-12-11 00:45:11 -0800
committer: clarkzjw <[email protected]> 2022-12-11 00:45:11 -0800
commit: a3a3a00d05851b21bbc540722a5c1a0e25c16723 (patch)
tree: 44f8589806ec76384bb81de78f1f72453da4e3a4
parent: a958bdeb69ebbcb440dcf1c1230f62c76c744f8c (diff)
download: jinwei.me-a3a3a00d05851b21bbc540722a5c1a0e25c16723.tar.gz
3 files changed, 23 insertions, 0 deletions
diff --git a/jinwei.me/infra/cloudflare.tf b/jinwei.me/infra/cloudflare.tf
index a6ca299..aa94568 100644
--- a/jinwei.me/infra/cloudflare.tf
+++ b/jinwei.me/infra/cloudflare.tf
@@ -16,3 +16,13 @@ resource "cloudflare_record" "s3_bucket" {
  ttl     = 1
  proxied = true
 }
+resource "random_id" "argo_secret" {
+  byte_length = 35
+}
+resource "cloudflare_argo_tunnel" "tunnel" {
+  account_id = var.cloudflare_account_id
+  name       = "${var.name}-aws-tunnel"
+  secret     = random_id.argo_secret.b64_std
+}
diff --git a/jinwei.me/infra/outputs.tf b/jinwei.me/infra/outputs.tf
index bb21fc5..9962113 100644
--- a/jinwei.me/infra/outputs.tf
+++ b/jinwei.me/infra/outputs.tf
@@ -35,3 +35,10 @@ output "s3" {
    policy = aws_s3_bucket_policy.main.policy
  }
 }
+output "tunnel" {
+  value = {
+    tunnel_secret = cloudflare_argo_tunnel.tunnel.secret
+  }
+  sensitive = true
+}
diff --git a/jinwei.me/infra/variables.tf b/jinwei.me/infra/variables.tf
index 2ae72ed..192424c 100644
--- a/jinwei.me/infra/variables.tf
+++ b/jinwei.me/infra/variables.tf
@@ -64,3 +64,9 @@ variable "s3_cloudfront_name" {
  type = string
  default = "static.jinwei.me"
 }
+variable "cloudflare_account_id" {
+  description = "The Cloudflare UUID for the Account the Zone lives in."
+  type        = string
+  sensitive   = true
+}
author	clarkzjw <[email protected]>	2022-12-11 00:45:11 -0800
committer	clarkzjw <[email protected]>	2022-12-11 00:45:11 -0800
commit	a3a3a00d05851b21bbc540722a5c1a0e25c16723 (patch)
tree	44f8589806ec76384bb81de78f1f72453da4e3a4
parent	a958bdeb69ebbcb440dcf1c1230f62c76c744f8c (diff)
download	jinwei.me-a3a3a00d05851b21bbc540722a5c1a0e25c16723.tar.gz

diff --git a/jinwei.me/infra/cloudflare.tf b/jinwei.me/infra/cloudflare.tf index a6ca299..aa94568 100644 --- a/jinwei.me/infra/cloudflare.tf +++ b/jinwei.me/infra/cloudflare.tf
@@ -16,3 +16,13 @@ resource "cloudflare_record" "s3_bucket" {
16	ttl = 1	16	ttl = 1
17	proxied = true	17	proxied = true
18	}	18	}
		19
		20	resource "random_id" "argo_secret" {
		21	byte_length = 35
		22	}
		23
		24	resource "cloudflare_argo_tunnel" "tunnel" {
		25	account_id = var.cloudflare_account_id
		26	name = "${var.name}-aws-tunnel"
		27	secret = random_id.argo_secret.b64_std
		28	}


diff --git a/jinwei.me/infra/outputs.tf b/jinwei.me/infra/outputs.tf index bb21fc5..9962113 100644 --- a/jinwei.me/infra/outputs.tf +++ b/jinwei.me/infra/outputs.tf
@@ -35,3 +35,10 @@ output "s3" {
35	policy = aws_s3_bucket_policy.main.policy	35	policy = aws_s3_bucket_policy.main.policy
36	}	36	}
37	}	37	}
		38
		39	output "tunnel" {
		40	value = {
		41	tunnel_secret = cloudflare_argo_tunnel.tunnel.secret
		42	}
		43	sensitive = true
		44	}


diff --git a/jinwei.me/infra/variables.tf b/jinwei.me/infra/variables.tf index 2ae72ed..192424c 100644 --- a/jinwei.me/infra/variables.tf +++ b/jinwei.me/infra/variables.tf
@@ -64,3 +64,9 @@ variable "s3_cloudfront_name" {
64	type = string	64	type = string
65	default = "static.jinwei.me"	65	default = "static.jinwei.me"
66	}	66	}
		67
		68	variable "cloudflare_account_id" {
		69	description = "The Cloudflare UUID for the Account the Zone lives in."
		70	type = string
		71	sensitive = true
		72	}