gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Terraform added to the project, alongside a README

Browse source
This commit is contained in:
Kat Inskip 2024-01-14 13:33:14 -08:00
parent bea9f708c7
commit 160f2aad20
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
15 changed files with 270 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -3,3 +3,4 @@
/.direnv/ /.direnv/
/wiki /wiki
.DS_Store .DS_Store
.terraform

4
.sops.yaml
View file

@ -31,3 +31,7 @@ creation_rules:
shamir_threshold: 1 shamir_threshold: 1
key_groups: key_groups:
- pgp: *pgp_common - pgp: *pgp_common
- path_regex: tf/terraform.tfvars.sops$
shamir_threshold: 1
key_groups:
- pgp: *pgp_common

17
README.md Normal file
View file

@ -0,0 +1,17 @@
# gensokyo.zone's Infrastructure
Welcome to the Palace of the Earth Spirits!
## Contribution Guidelines
### Nix
* Please use [alejandra](https://github.com/kamadorueda/alejandra) as your source formatter.
* Please check for dead code paths with [deadnix](https://github.com/astro/deadnix).
* Please use [statix](https://github.com/nerdypepper/statix) as your linter.
### Terraform
* Please use `terraform fmt` to format your Terraform work.
* Please use [tflint](https://github.com/terraform-linters/tflint) as your linter.
* Please do not merge into files by category (e.g. variables, outputs, locals).

2
systems/mediabox/nixos.nix
View file

@ -14,6 +14,7 @@
nixos.plex nixos.plex
nixos.tautulli nixos.tautulli
nixos.ombi nixos.ombi
nixos.deluge
# yarr harr fiddle dee dee >w< # yarr harr fiddle dee dee >w<
nixos.radarr nixos.radarr
@ -40,6 +41,7 @@
"radarr.gensokyo.zone".service = "http://localhost:7878"; "radarr.gensokyo.zone".service = "http://localhost:7878";
"bazarr.gensokyo.zone".service = "http://localhost:6767"; "bazarr.gensokyo.zone".service = "http://localhost:6767";
"jackett.gensokyo.zone".service = "http://localhost:9117"; "jackett.gensokyo.zone".service = "http://localhost:9117";
"deluge.gensokyo.zone".service = "http://localhost:9117";
}; };
}; };
}; };

5
systems/mediabox/secrets.yaml
View file

@ -1,4 +1,5 @@
tailscale-key: ENC[AES256_GCM,data:TnXZW2c5NhMYHutOdDn8NG5RcdcNTzcTXuC27Ir+OO/4abF0rCEts1A=,iv:OK2nUBJ6LyP9w9L05JGtHe5rxmfoNyk8+zF6M6jYIG8=,tag:McbAMcTJ93C5OluGzYMvCw==,type:str] tailscale-key: ENC[AES256_GCM,data:TnXZW2c5NhMYHutOdDn8NG5RcdcNTzcTXuC27Ir+OO/4abF0rCEts1A=,iv:OK2nUBJ6LyP9w9L05JGtHe5rxmfoNyk8+zF6M6jYIG8=,tag:McbAMcTJ93C5OluGzYMvCw==,type:str]
deluge-auth: ENC[AES256_GCM,data:C+d1Ft8vhMm+AMe6cEKoEVteN4+1QKEpZhCKUrrah/qh0m0WK97LaDiRQ6RBBPFyIKDYElGLDvuLVXWYqe6cgLLqXZZiQtrg9JvrTA==,iv:+FJtxz5KKjOoQeJ8KTP6aTTWimllNRAqyn88o78bYLw=,tag:mzDbhEayBR+j3cbBs9B4pw==,type:str]
cloudflare_mediabox_tunnel: ENC[AES256_GCM,data:8evCY9lil+SYHTfaHOj8ULYFAX9Q5HHj/caZtfEsG30UiLZCThLWAXUA0FmKgIr8TNAz1tt9ySAaoUyDUFs6leV+FNqUv6fsJGKXQ039+s5YiGZzbKpG6EltDjJ8DYLl8JXuxMxOCsbbAsuhCmzUC8T2jbduxrb1f+nu7e7W6c+j8/5+ujH+Bk3mcd65s5/29Z6bwRhHjCwLDqNwnsI84FOIf8O9JrVXbfWmL33/plxo/xVwo7muffHFPFah8zIMNglg+teM,iv:YBRiJ2WzXsntH13Jv9o8XaNe12hS+VyKjAsbBc3o0EQ=,tag:hLywh0v+SfPkE7p+PLQItw==,type:str] cloudflare_mediabox_tunnel: ENC[AES256_GCM,data:8evCY9lil+SYHTfaHOj8ULYFAX9Q5HHj/caZtfEsG30UiLZCThLWAXUA0FmKgIr8TNAz1tt9ySAaoUyDUFs6leV+FNqUv6fsJGKXQ039+s5YiGZzbKpG6EltDjJ8DYLl8JXuxMxOCsbbAsuhCmzUC8T2jbduxrb1f+nu7e7W6c+j8/5+ujH+Bk3mcd65s5/29Z6bwRhHjCwLDqNwnsI84FOIf8O9JrVXbfWmL33/plxo/xVwo7muffHFPFah8zIMNglg+teM,iv:YBRiJ2WzXsntH13Jv9o8XaNe12hS+VyKjAsbBc3o0EQ=,tag:hLywh0v+SfPkE7p+PLQItw==,type:str]
sops: sops:
shamir_threshold: 1 shamir_threshold: 1
@ -16,8 +17,8 @@ sops:
aDVRZTJtTzh5aElnN3hpcitZWmluQ3MK/je9HcOaN+DiSi2JsCThRXOEbydNQcRM aDVRZTJtTzh5aElnN3hpcitZWmluQ3MK/je9HcOaN+DiSi2JsCThRXOEbydNQcRM
ZBjYlbtPILMjrn4NoUtxnwbmm7vNgGdXVu7EDfQ0OxjWbo9Cv95WZg== ZBjYlbtPILMjrn4NoUtxnwbmm7vNgGdXVu7EDfQ0OxjWbo9Cv95WZg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-12T05:09:30Z" lastmodified: "2024-01-14T18:59:05Z"
mac: ENC[AES256_GCM,data:WBT09CBeXUGOPP7OeJHPOEXVjP39jY+XyvDBniHlWOUFsHQn8N9wCRQ9OfJflw5CHmpxRlQvlzROhEoXvx4dgrEzDB0s6tkoTPkXAsMvTZAJVPl99XcOtmAodzAtn6ejsVnKp5f5EGKEubENsK1RvgzKS4oUoA18l8cAgvnq3kQ=,iv:XM54p8iSKzUNUSUbvanhYtjVrfTTWO3Wjyxnw8UFQ+k=,tag:2kPmBVFBoowqfymQCHAFvQ==,type:str] mac: ENC[AES256_GCM,data:mgYOakhFPkZJgNPiQiqZlZrOpQutTUFi2w3bZCTXj7XPqFk8odcbOn6L0X9ag0j65mP7QqyC9hSI9Q8jEGUAGbmI9WaLsnmrTLoQOL9vSaXmWsd2BQLCJORBT2XMO8DASweOh6gfVNodcyOb4dSZe9voessli0OO5tnKpaCWLuw=,iv:fnB4pfo9tsweWhEUI1rRaXzSqS0VdTePnCJkk7OKYe4=,tag:EXq2/lyi39wnAlKLwg29vw==,type:str]
pgp: pgp:
- created_at: "2024-01-11T22:30:58Z" - created_at: "2024-01-11T22:30:58Z"
enc: |- enc: |-

5
systems/tewi/secrets.yaml
View file

@ -2,7 +2,6 @@ tailscale-key: ENC[AES256_GCM,data:dGqnKoCFSF6ZmeptOP7bGy4HYDdUCC1oTdXpiUURDgXl/
openiscsi-config: ENC[AES256_GCM,data:xyZVJRzR4vK+UAtq3+/QcszLIlcHXYifHnFKm5tVbFUj3c7PjxYGLkvXZfFvERStewdNIQ==,iv:BcbEupXiLECXwfETaVOqfHQ+vkBbrGxkQn54WBYug54=,tag:e0cddYTQAfzSk2AhvzJFvA==,type:str] openiscsi-config: ENC[AES256_GCM,data:xyZVJRzR4vK+UAtq3+/QcszLIlcHXYifHnFKm5tVbFUj3c7PjxYGLkvXZfFvERStewdNIQ==,iv:BcbEupXiLECXwfETaVOqfHQ+vkBbrGxkQn54WBYug54=,tag:e0cddYTQAfzSk2AhvzJFvA==,type:str]
openiscsi-env: ENC[AES256_GCM,data:uAlnrtk64UQukKBWHYrH5J4Ys+GIpu5zDg==,iv:7ahUk9nocs4cSgtr/A4G0Xhlp7pZj/bUlUDLMMYEAMk=,tag:rE2mdBGT3kZqyoDIaKUY3w==,type:str] openiscsi-env: ENC[AES256_GCM,data:uAlnrtk64UQukKBWHYrH5J4Ys+GIpu5zDg==,iv:7ahUk9nocs4cSgtr/A4G0Xhlp7pZj/bUlUDLMMYEAMk=,tag:rE2mdBGT3kZqyoDIaKUY3w==,type:str]
systemd2mqtt-env: ENC[AES256_GCM,data:Zo3+acCcMWgai2ERKbmOlI0hvdkOlNviBqeLb1ALuA==,iv:NxXBDCEevBRqMDY9/3z/Uq2+vENswkYTgTa82wKc32U=,tag:01WUphYRJrwmHv9HE4ac8w==,type:str] systemd2mqtt-env: ENC[AES256_GCM,data:Zo3+acCcMWgai2ERKbmOlI0hvdkOlNviBqeLb1ALuA==,iv:NxXBDCEevBRqMDY9/3z/Uq2+vENswkYTgTa82wKc32U=,tag:01WUphYRJrwmHv9HE4ac8w==,type:str]
deluge-auth: ENC[AES256_GCM,data:qJP/CztnN7RV4Z3pP+jbH1B0zzBm8oa3n3X0pecEVe7UI3+NOSwFaQCBD7Q7JDxzh+qTNdQ/wWi7w0XJDG+aRIikgDG28S9RjdPL/w==,iv:GUEwmuk3JWMgsXsDgDrObW657WcN6wcYAsgXhK4Dvx0=,tag:vZMQ67j5kWBWOa6ZqCaQHw==,type:str]
postgresql-init: ENC[AES256_GCM,data:40s9cdfJMcKjfNBNQikpAY6FZ0cgVEGC52fnXwH3jC5d9qI56hIv84ZZhZ3/kVyxSwpQL+pY0DxNjAKMqLpXx/Ujsp4=,iv:Cj7RPBM7tzTb4jBONM8DYWuJ/STRj6vO2ZU2MTkBPCM=,tag:rq7ROGRyjVZulDDof8qKDg==,type:str] postgresql-init: ENC[AES256_GCM,data:40s9cdfJMcKjfNBNQikpAY6FZ0cgVEGC52fnXwH3jC5d9qI56hIv84ZZhZ3/kVyxSwpQL+pY0DxNjAKMqLpXx/Ujsp4=,iv:Cj7RPBM7tzTb4jBONM8DYWuJ/STRj6vO2ZU2MTkBPCM=,tag:rq7ROGRyjVZulDDof8qKDg==,type:str]
sops: sops:
shamir_threshold: 1 shamir_threshold: 1
@ -29,8 +28,8 @@ sops:
VndVTG0zQWhsUHcwTkFjK2ZPdzRPUUEKJ3flgZ6/s+TjlFgzsANYaOFiEPQuE4zR VndVTG0zQWhsUHcwTkFjK2ZPdzRPUUEKJ3flgZ6/s+TjlFgzsANYaOFiEPQuE4zR
7npNUDFLe26Q32G3j/lLSBzZZfKoOC5SOSp9TB8eWMYSxfNnXEIu0g== 7npNUDFLe26Q32G3j/lLSBzZZfKoOC5SOSp9TB8eWMYSxfNnXEIu0g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-14T21:09:55Z" lastmodified: "2024-01-14T21:35:39Z"
mac: ENC[AES256_GCM,data:P8JSR3EqyuzK6PP3/KnIzsEIXXllCDMOfT2Aq+eiXuHE7w32BSdu8WTljOg8vWFH7jtZ1+P5Noi2F31r0CngMtrwxYKob43+HhQtw3VBNYTlZL6n01nK6qbKHncL8PuA4ieJJri+iItSKVc2ZKzXOyjmw+Z1Ij9xfUV872iO3cA=,iv:238Bm7mk9EAa/XR7LP5en9BTaoYKr0AAdMJO01PrYxE=,tag:I7KazGL7ORJZcJffJb9ZBw==,type:str] mac: ENC[AES256_GCM,data:kkH6Qc81/mmYA8paCGHlQt3K5BUntU7aQm9Rjtqf1rFHIjWFIbpguXPzl555BO4AxUGzNm+OMSIOejLq5GKJ1S749BeADxwExeeR/+zWqECeerQmBfaBQfb1kBr9KlMyhP03fOeUyX1GZmnFyFyAm/xCvW67hatHPKaRrMvSQIY=,iv:DtbabItptKBoibi4g69CLVviURhK5YgPnq3BBkmzhM0=,tag:LDUXWSOdvUGss2S5Oy5KQw==,type:str]
pgp: pgp:
- created_at: "2023-03-10T17:06:53Z" - created_at: "2023-03-10T17:06:53Z"
enc: | enc: |

25
tf/.terraform.lock.hcl generated Normal file
View file

@ -0,0 +1,25 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/cloudflare/cloudflare" {
version = "4.22.0"
constraints = ">= 4.22.0"
hashes = [
"h1:blHUZFk/sm1K0ljOvL48xumk7+sWnn6RhSAEnR9AjMs=",
"zh:3fd76452845661d6536911fd0ec077531d46d0031b1b46139ea1eee6c926f714",
"zh:44ed58c11d3d1c51d6afa446692b441a89017798a15e7f5d5519a3c91935fc4c",
"zh:46f370d4509bdbbaed0b74218ae6532eaea101c6a94b6dcafd54fe2f79e0a521",
"zh:5e303fb782b42aede9a971adb559a5554461da05de9f71de7114db385c3161d3",
"zh:6c1f4ff22fe80098e4ec35c77c24e96a21a01239d06edfeb73956019409b9fee",
"zh:7a995be9edd05b17f33fa4928f847100949c2631c864119acf4c68221bf12a2c",
"zh:84100a29f7f754d37c8ac6e4d083cb33dd815819cf0f8f5ded42a272970a7b54",
"zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
"zh:959ab2fc75472f56a0935c8975e4e6772b708cf0a9d015f99db7663bfaa64776",
"zh:a7f3078eda0057dc8312fd233ca13674e58a1bb62e0652169f34795a4f243378",
"zh:b836b5631522d81fba4c70debf13cdc43a328548ad587f456632cf1dd2d190c2",
"zh:c097295f629e2cdfec44779d9ee0bd61c6ffc1f30b6428dce05eac740693182b",
"zh:cffb10d7e99b18910da2034c775b2bd7222c0860a20e560b0a35f5eeb8937eb6",
"zh:fb4170e6a7bf4150c0c928509b8db77c4322eeb47a3506cdc99250afb93fce46",
"zh:fd068410027acf7fd11864c9427ed1d7783ef2bc05eece01682e33a25c4119b0",
]
}

19
tf/cloudflare_provider.tf Normal file
View file

@ -0,0 +1,19 @@
variable "cloudflare_account_email" {
type = string
sensitive = false
}
variable "cloudflare_account_id" {
type = string
sensitive = true
}
variable "cloudflare_api_key" {
type = string
sensitive = true
}
provider "cloudflare" {
email = var.cloudflare_account_email
api_key = var.cloudflare_api_key
}

67
tf/cloudflare_tunnels.tf Normal file
View file

@ -0,0 +1,67 @@
variable "cloudflare_tunnel_secret_tewi" {
type = string
sensitive = true
}
module "tewi" {
source = "./tunnel"
name = "tewi"
secret = var.cloudflare_tunnel_secret_tewi
account_id = var.cloudflare_account_id
zone_id = cloudflare_zone.gensokyo-zone_zone.id
subdomains = [
"home",
"id",
"login",
"z2m",
]
}
output "cloudflare_tunnel_id_tewi" {
value = module.tewi.id
}
output "cloudflare_tunnel_token_tewi" {
value = module.tewi.token
sensitive = true
}
output "cloudflare_tunnel_cname_tewi" {
value = module.tewi.cname
}
variable "cloudflare_tunnel_secret_mediabox" {
type = string
sensitive = true
}
module "mediabox" {
source = "./tunnel"
name = "mediabox"
secret = var.cloudflare_tunnel_secret_mediabox
account_id = var.cloudflare_account_id
zone_id = cloudflare_zone.gensokyo-zone_zone.id
subdomains = [
"deluge",
"plex",
"sonarr",
"radarr",
"jackett",
"bazarr",
"tatulli",
"ombi",
]
}
output "cloudflare_tunnel_id_mediabox" {
value = module.mediabox.id
}
output "cloudflare_tunnel_token_mediabox" {
value = module.mediabox.token
sensitive = true
}
output "cloudflare_tunnel_cname_mediabox" {
value = module.mediabox.cname
}

21
tf/cloudflare_zones.tf Normal file
View file

@ -0,0 +1,21 @@
variable "bypass_cloudflare" {
type = bool
default = false
}
variable "cloudflare_plan" {
type = string
default = "free"
}
resource "cloudflare_zone" "gensokyo-zone_zone" {
account_id = var.cloudflare_account_id
zone = "gensokyo.zone"
paused = var.bypass_cloudflare
plan = var.cloudflare_plan
type = "full"
}
output "gensokyo-zone_zone_id" {
value = cloudflare_zone.gensokyo-zone_zone.id
}

19
tf/terraform.tf Normal file
View file

@ -0,0 +1,19 @@
terraform {
required_version = ">= 1.6.0"
required_providers {
cloudflare = {
source = "cloudflare/cloudflare"
version = ">= 4.22.0"
}
}
cloud {
organization = "gensokyo-zone"
hostname = "app.terraform.io"
workspaces {
name = "infrastructure"
}
}
}

27
tf/terraform.tfvars.sops Normal file
View file

@ -0,0 +1,27 @@
{
"data": "ENC[AES256_GCM,data:BAlScJC8cjQzPaiZyxFrfG4xbHxRmg//nJxolHgUU7Fchy+fKHE0X1iNvVvr5bObQ/hFxDAeIs32Xe0ZJ8cb+vuDFEFvjgXNzcpifpEXSeENIH1ojgFpY91g/eANUUcJc6H4C6kPAO140e1z/0gBeMTLvtiW5JZxIeSZ0zoFtKUWzVCduIisWz3cc8WMqQMmYuarvi4+GDf9u41fhCr/9uFYJaWdD1Wm1ZCERRCiUHKw0iuaBzcBXC0nIVKZ+UeprnHkHFx7QUeD28khoAwr5L8M/KYcHj8I3zcimYV1BisB+xyra3SvwK9kL2trSGgEFPZzss4tdodlf0tBhwX5iaJncKc8+6Rz2bFewtUymjrFlqEguhMjaR255v4FebWIa2kXsDQX8m5RrPX4ZEVbiDqW9FQ+exERvunzec6H63xEmlV3782SnpLhmY7wnalN8CFzoIvXX8bpWlMxzA8NwFvpF9hyYyHTE2d3MOSd34/8O6TTcouxyx+KbRmeE2wL16hy1PwHcMbnAKFGRtPAiBSzcG0byRjR111US0D1QeHXWxVtyaa8qua/wxpnVm8+re+TxVnRwBg0LFquCcwjDUkdVhCTA6l7G6A4B3rFHFS5EmM00woFhnEs/TiwrNwXkRK43s2WLLM+kLWO7oh/HnUTfB8O,iv:HAMNqftFG/je5o4vvQ9Cr+2JKmhC4xhOiyipm5GPFuU=,tag:9xEBj110g2A2uqchLxhi0g==,type:str]",
"sops": {
"shamir_threshold": 1,
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": null,
"lastmodified": "2024-01-14T20:55:09Z",
"mac": "ENC[AES256_GCM,data:GNh372+4iVRE/3fLBpQdaccJBMFsWibjPUkDmY+goAYjFvba/wLlViLiCkLGLhK7krdm0Ifc0pnf5n8X+vVdPZtwJ2MN12qw1qj2fcRRjJkxmoSA8GrVgGJQNUbhpO8CI6YUmvlC2UKW1KSg0A1PKh/T/vbmBRByQC8qkeMOVWc=,iv:KH6lSsEF4UrHc9YfhkXcg9uIjaMZh02thcNAom91ckw=,tag:a5z8ZkXbUFJiZrLCIXvvZQ==,type:str]",
"pgp": [
{
"created_at": "2024-01-14T19:49:29Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA82M54yws73UARAAs7d2M7JcQBcza/HOGUz6EynNdsYC9aFfMRqIhJmToIrT\nHXBL15fOofyZoqUuWIO2xT7UlF2GqQRVn3eegppuiCv3UVcSAcblJmwZ+o30vuwq\nr4daD0vx9AsgzM0UA2GEO3LhnSObX3Z9e80XZfL4giusjVS39q2zw9Xbx/pzcoTN\nK6VEzM992Q8URa+k/q6XQizOhbmn94haHszKKuiXu9ft25ALc17CixQOexSeAZ/A\nu5Ipr9gq8EIk4wmz5fJbXn4JDIaO8xGpaeITzc+ZcP9+8ByyQXpOuSsZl3vvZDpi\n9cYqzjHrshK6FCVovBPCPf13d5MOhxR/jerkSNPi+wcAHpw2o34XnEiT8HOPZYH2\ngrxfiTCNw993M5OPlE2zi6gqbz3ajtcLEYS18n4Zt0t/VUL0Mgy1lGmh7s6Y40nX\n+NXUPl/w6QncvOSoUJDpNMflHxcTRnxf/z7m3KjQtiVwyiYAivUDQ+IqBPVwgT6+\nAwLcyYrRokLzHSUo40/CPluMrnCDvWfw/u1x49mUl0BCg/F4bICNSn7SH6H14k/8\nqyVJxKEgZgroUpF1e5TVfOjWYOADWNiAm5+mEOE5t8zG3DMqAUgjaJVK0Szkwv2h\nTwt15l+Yi+gHbAPnBskZpuISx+B3+9ogUWfEMkAO1pb+b7Cb9rX8IVGGFjtsSEzS\nXgFNl/Wi4sTopcaCbvC0/gY3NiT/tUlWRifTDMvxJn0Fk/6UDQvtQYIMYuqrCaWI\nnM0LncGQEjg7VkQHZaV6xOY33nz5/5f5NhgdCniNfM4ivFZl2JW261a4iIkOoIo=\n=2G2d\n-----END PGP MESSAGE-----",
"fp": "CD8CE78CB0B3BDD4"
},
{
"created_at": "2024-01-14T19:49:29Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQEMA2W9MER3HLb7AQf8DrHkIV82/GIbNUP7shSOuJlDRuVb+6YJCJKg1wfG1980\nxdmJ6mpwZ/00sC7+ecTiTRqhCsruVX0y98GDkmNJWXWM8VQnkV1Y2m8SdmMg9or0\n7c1AvpALgruwfA1ptN5+Vftha69J/ap7IeRxBg2jF5j9RBOe2T4LaxUpI4AdHs+8\nWWCl+/Zj4IL4+Ko8Qvfb21p+ljqHkIrSOj5ehqrJTMtdbnmKfvnhPNu2LVltRRAg\nROhJ60rDKrstykAjfP+xGVsdS5b21CSm8v6I3s4lzT0wLpxYIeWVRek/TwSH2uxq\nI7jW+Y+uX1VljDfixbjzjRd6lJKu8aBfwf5FRfIZHNJeAVI35xYXsw6SPYK45fRP\nlFj4pN3UhEaqjQhF4FZKZyXiSdFKSjxWYzHfNDvR53z2MB2L5VSK510C7jmaKkSS\neXmCTIv68+B0v4bfP7cZsnB2Pr79Rlsh3DGxJ/0H7g==\n=Qe7C\n-----END PGP MESSAGE-----",
"fp": "65BD3044771CB6FB"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

19
tf/tunnel/records.tf Normal file
View file

@ -0,0 +1,19 @@
variable "zone_id" {
type = string
sensitive = false
}
variable "subdomains" {
type = list(string)
sensitive = false
}
resource "cloudflare_record" "records" {
for_each = toset(var.subdomains)
name = each.value
proxied = true
ttl = 1
type = "CNAME"
value = cloudflare_tunnel.tunnel.cname
zone_id = var.zone_id
}

10
tf/tunnel/terraform.tf Normal file
View file

@ -0,0 +1,10 @@
terraform {
required_version = ">= 1.6.0"
required_providers {
cloudflare = {
source = "cloudflare/cloudflare"
version = ">= 4.22.0"
}
}
}

34
tf/tunnel/tunnel.tf Normal file
View file

@ -0,0 +1,34 @@
variable "account_id" {
type = string
sensitive = true
}
variable "name" {
type = string
sensitive = false
}
variable "secret" {
type = string
sensitive = true
}
resource "cloudflare_tunnel" "tunnel" {
account_id = var.account_id
name = var.name
secret = var.secret
config_src = "local"
}
output "id" {
value = cloudflare_tunnel.tunnel.id
}
output "token" {
value = cloudflare_tunnel.tunnel.tunnel_token
sensitive = true
}
output "cname" {
value = cloudflare_tunnel.tunnel.cname
}