blob: 1b157d8a29501329d730d6e759c95eeb3aed3ba3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
provider "cloudflare" {}
data "cloudflare_zones" "domain" {
filter {
name = var.site_domain
}
}
resource "cloudflare_record" "s3_bucket" {
# Point CNAME record in Cloudflare to Cloudfront
zone_id = data.cloudflare_zones.domain.zones[0].id
name = var.s3_cdn_name
value = aws_cloudfront_distribution.main.domain_name
type = "CNAME"
ttl = 1
proxied = true
}
resource "random_id" "argo_secret" {
byte_length = 35
}
resource "cloudflare_argo_tunnel" "tunnel" {
account_id = var.cloudflare_account_id
name = "${var.name}-aws-tunnel"
secret = random_id.argo_secret.b64_std
}
resource "cloudflare_record" "tunnel_dns" {
zone_id = data.cloudflare_zones.domain.zones[0].id
name = var.site_domain
value = "${cloudflare_argo_tunnel.tunnel.id}.cfargotunnel.com"
type = "CNAME"
proxied = true
}
# TODO
# since cloudflare terraform provider does not provide an argo tunnel data source
# refactor this as a separate module?
# https://registry.terraform.io/providers/cloudflare/cloudflare/3.29.0
resource "cloudflare_record" "rss_dns" {
zone_id = data.cloudflare_zones.domain.zones[0].id
name = var.feed_domain
value = "${cloudflare_argo_tunnel.tunnel.id}.cfargotunnel.com"
type = "CNAME"
proxied = true
}
resource "cloudflare_tunnel_config" "tunnel_route" {
account_id = var.cloudflare_account_id
tunnel_id = cloudflare_argo_tunnel.tunnel.id
config {
ingress_rule {
hostname = "jinwei.me"
path = "/"
service = "http://127.0.0.1:30081"
}
ingress_rule {
hostname = "feed.jinwei.me"
path = "/"
service = "http://127.0.0.1:30082"
}
ingress_rule {
service = "http_status:404"
}
}
}
resource "aws_ssm_parameter" "cloudflare_tunnel_token" {
name = "/${local.name}/cloudflare/tunnel_token"
type = "SecureString"
value = cloudflare_argo_tunnel.tunnel.tunnel_token
}
|
