61 lines
1.7 KiB
HCL
61 lines
1.7 KiB
HCL
terraform {
|
|
required_providers {
|
|
cloudflare = {
|
|
source = "cloudflare/cloudflare"
|
|
version = "~> 5"
|
|
}
|
|
}
|
|
}
|
|
|
|
provider "cloudflare" {
|
|
api_token = var.cloudflare_api_token
|
|
}
|
|
|
|
module "services" {
|
|
source = "./services"
|
|
}
|
|
|
|
module "dns" {
|
|
source = "./dns"
|
|
services = module.services.services
|
|
cloudflare_zone_id = var.cloudflare_zone_id
|
|
cloudflare_tunnel_id = cloudflare_zero_trust_tunnel_cloudflared.ratchet_tunnel.id
|
|
}
|
|
|
|
module "policies" {
|
|
source = "./policies"
|
|
cloudflare_zone_id = var.cloudflare_zone_id
|
|
cloudflare_account_id = var.cloudflare_account_id
|
|
cloudflare_email = var.cloudflare_email
|
|
}
|
|
|
|
resource "cloudflare_zero_trust_tunnel_cloudflared" "ratchet_tunnel" {
|
|
account_id = var.cloudflare_account_id
|
|
tunnel_secret = var.cloudflared_tunnel_secret
|
|
name = "cloudflare > ratchet tunnel"
|
|
config_src = "cloudflare"
|
|
}
|
|
|
|
resource "cloudflare_zero_trust_tunnel_cloudflared_config" "ratchet_tunnel_config" {
|
|
account_id = var.cloudflare_account_id
|
|
tunnel_id = cloudflare_zero_trust_tunnel_cloudflared.ratchet_tunnel.id
|
|
config = {
|
|
ingress = concat([for k,v in module.services.services : { hostname = "${v.subdomain}.madunde.ad", service = v.service} ], [{ service = "http_status:404" }])
|
|
}
|
|
}
|
|
|
|
resource "cloudflare_zero_trust_access_application" "access_application" {
|
|
for_each = module.services.services
|
|
account_id = var.cloudflare_account_id
|
|
zone_id = var.cloudflare_zone_id
|
|
domain = "${each.value.subdomain}.madunde.ad"
|
|
type = "self_hosted"
|
|
name = "Access application for ${each.value.subdomain}.madunde.ad"
|
|
policies = [
|
|
{
|
|
id = module.policies[each.value.policy].id
|
|
precedence = 1
|
|
}
|
|
]
|
|
}
|