From a3a3a00d05851b21bbc540722a5c1a0e25c16723 Mon Sep 17 00:00:00 2001
From: clarkzjw <i@jinwei.me>
Date: Sun, 11 Dec 2022 00:45:11 -0800
Subject: infra: add cloudflare argo tunnel

---
 jinwei.me/infra/cloudflare.tf | 10 ++++++++++
 jinwei.me/infra/outputs.tf    |  7 +++++++
 jinwei.me/infra/variables.tf  |  6 ++++++
 3 files changed, 23 insertions(+)

diff --git a/jinwei.me/infra/cloudflare.tf b/jinwei.me/infra/cloudflare.tf
index a6ca299..aa94568 100644
--- a/jinwei.me/infra/cloudflare.tf
+++ b/jinwei.me/infra/cloudflare.tf
@@ -16,3 +16,13 @@ resource "cloudflare_record" "s3_bucket" {
   ttl     = 1
   proxied = true
 }
+
+resource "random_id" "argo_secret" {
+  byte_length = 35
+}
+
+resource "cloudflare_argo_tunnel" "tunnel" {
+  account_id = var.cloudflare_account_id
+  name       = "${var.name}-aws-tunnel"
+  secret     = random_id.argo_secret.b64_std
+}
diff --git a/jinwei.me/infra/outputs.tf b/jinwei.me/infra/outputs.tf
index bb21fc5..9962113 100644
--- a/jinwei.me/infra/outputs.tf
+++ b/jinwei.me/infra/outputs.tf
@@ -35,3 +35,10 @@ output "s3" {
     policy = aws_s3_bucket_policy.main.policy
   }
 }
+
+output "tunnel" {
+  value = {
+    tunnel_secret = cloudflare_argo_tunnel.tunnel.secret
+  }
+  sensitive = true
+}
diff --git a/jinwei.me/infra/variables.tf b/jinwei.me/infra/variables.tf
index 2ae72ed..192424c 100644
--- a/jinwei.me/infra/variables.tf
+++ b/jinwei.me/infra/variables.tf
@@ -64,3 +64,9 @@ variable "s3_cloudfront_name" {
   type = string
   default = "static.jinwei.me"
 }
+
+variable "cloudflare_account_id" {
+  description = "The Cloudflare UUID for the Account the Zone lives in."
+  type        = string
+  sensitive   = true
+}
-- 
cgit v1.2.3