te-lang-wakker · November 5, 2024 19:49
diff --git a/main.tf b/main.tf
 terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
    }
  }
 }

 locals {
  zones = {
    example_com = {
      id         = ""
      domain     = "example.com"
      account_id = ""
    }
  }
  cloudflare_credentials = {
    email = var.cloudflare_email
    key   = var.cloudflare_api_key
  }
 }

 data "external" "current_ip" {
  program = ["bash", "-c", "echo '{\"output\": \"'$(curl -s https://ifconfig.me)'\"}'"]
 }

 provider "cloudflare" {
  email   = local.cloudflare_credentials.email
  api_key = local.cloudflare_credentials.key
 }

 # access

 resource "cloudflare_zero_trust_access_policy" "login_policy" {
  account_id = local.zones.nog_al.account_id
  name       = "login policy"
  decision   = "allow"

  include {
    email = [var.cloudflare_email, "[email protected]"]
  }
 }

 resource "cloudflare_zero_trust_access_policy" "service_policy" {
  account_id = local.zones.example_com.account_id
  name       = "service policy"
  decision   = "bypass"

  include {
    ip = [data.external.current_ip.result["output"]]
  }
 }

 # tunnels

 module "coder_tunnel" {
  source      = "./tunnel"
  zone        = local.zones.example_com
  credentials = local.cloudflare_credentials
  application = "coder"
  docker_url  = "http://coder:7080"
  subdomain   = "code"
  policies    = [
    cloudflare_zero_trust_access_policy.login_policy.id,
    cloudflare_zero_trust_access_policy.service_policy.id
  ]
 }

 output "coder_tunnel_token" {
  value     = module.coder_tunnel.tunnel_token
  sensitive = true
 }

 module "example_tunnel" {
  source      = "./tunnel"
  zone        = local.zones.nog_al
  credentials = local.cloudflare_credentials
  application = "example"
  docker_url  = "http://example:3000"
  subdomain   = "example"
  policies    = [cloudflare_zero_trust_access_policy.login_policy.id]
 }

 output "example_tunnel_token" {
  value     = module.example_tunnel.tunnel_token
  sensitive = true
 }
	terraform {
	required_providers {
	cloudflare = {
	source = "cloudflare/cloudflare"
	}
	}
	}

	locals {
	zones = {
	example_com = {
	id = ""
	domain = "example.com"
	account_id = ""
	}
	}
	cloudflare_credentials = {
	email = var.cloudflare_email
	key = var.cloudflare_api_key
	}
	}

	data "external" "current_ip" {
	program = ["bash", "-c", "echo '{\"output\": \"'$(curl -s https://ifconfig.me)'\"}'"]
	}

	provider "cloudflare" {
	email = local.cloudflare_credentials.email
	api_key = local.cloudflare_credentials.key
	}

	# access

	resource "cloudflare_zero_trust_access_policy" "login_policy" {
	account_id = local.zones.nog_al.account_id
	name = "login policy"
	decision = "allow"

	include {
	email = [var.cloudflare_email, "[email protected]"]
	}
	}

	resource "cloudflare_zero_trust_access_policy" "service_policy" {
	account_id = local.zones.example_com.account_id
	name = "service policy"
	decision = "bypass"

	include {
	ip = [data.external.current_ip.result["output"]]
	}
	}

	# tunnels

	module "coder_tunnel" {
	source = "./tunnel"
	zone = local.zones.example_com
	credentials = local.cloudflare_credentials
	application = "coder"
	docker_url = "http://coder:7080"
	subdomain = "code"
	policies = [
	cloudflare_zero_trust_access_policy.login_policy.id,
	cloudflare_zero_trust_access_policy.service_policy.id
	]
	}

	output "coder_tunnel_token" {
	value = module.coder_tunnel.tunnel_token
	sensitive = true
	}

	module "example_tunnel" {
	source = "./tunnel"
	zone = local.zones.nog_al
	credentials = local.cloudflare_credentials
	application = "example"
	docker_url = "http://example:3000"
	subdomain = "example"
	policies = [cloudflare_zero_trust_access_policy.login_policy.id]
	}

	output "example_tunnel_token" {
	value = module.example_tunnel.tunnel_token
	sensitive = true
	}