diff --git a/terraform/cloudflare/account.tf b/terraform/cloudflare/account.tf new file mode 100644 index 00000000..63c61d05 --- /dev/null +++ b/terraform/cloudflare/account.tf @@ -0,0 +1,3 @@ +data "cloudflare_account" "example_account" { + account_id = "replace-with-your-account-id" +} diff --git a/terraform/cloudflare/credentials.tf b/terraform/cloudflare/credentials.tf deleted file mode 100644 index e8a0d24d..00000000 --- a/terraform/cloudflare/credentials.tf +++ /dev/null @@ -1,13 +0,0 @@ -# Cloudflare Credentials -# --- -# Credential Variables needed for Cloudflare - -# Cloudflare Config -variable "cloudflare_email" { - description = "The email address for your Cloudflare account" - type = string -} -variable "cloudflare_api_key" { - description = "The API key for your Cloudflare account" - type = string -} diff --git a/terraform/cloudflare/dns.tf b/terraform/cloudflare/dns.tf deleted file mode 100644 index a67f02e4..00000000 --- a/terraform/cloudflare/dns.tf +++ /dev/null @@ -1,12 +0,0 @@ -# Cloudflare DNS -# --- -# Templates to manage DNS Records on Cloudflare - -# A Record -resource "cloudflare_record" "your-dns-record-name" { - zone_id = "your-zone-id" - name = "your-public-dns-value" - value = "your-public-ip-address" - type = "A" - proxied = false # set to true, to hide public IP -} diff --git a/terraform/cloudflare/dns_record.tf b/terraform/cloudflare/dns_record.tf new file mode 100644 index 00000000..72e97e16 --- /dev/null +++ b/terraform/cloudflare/dns_record.tf @@ -0,0 +1,8 @@ +resource "cloudflare_record" "example.com" { + zone_id = data.cloudflare_zone.example_zone.zone_id + name = "example" + content = "content" + type = "A" + proxied = true + ttl = 3600 +} diff --git a/terraform/cloudflare/provider.tf b/terraform/cloudflare/provider.tf index 58fba424..ccb37749 100644 --- a/terraform/cloudflare/provider.tf +++ b/terraform/cloudflare/provider.tf @@ -1,19 +1,19 @@ -# Cloudflare Provider -# --- -# Initial Provider Configuration for Cloudflare - terraform { required_version = ">= 0.13.0" required_providers { cloudflare = { source = "cloudflare/cloudflare" - version = "~> 4.0" + version = "~> 5.0.0" } } } +variable "CLOUDFLARE_TOKEN" { + type = string + sensitive = true +} + provider "cloudflare" { - email = var.cloudflare_email - api_key = var.cloudflare_api_key + api_token = var.CLOUDFLARE_TOKEN } diff --git a/terraform/cloudflare/zero_trust_access_application.tf b/terraform/cloudflare/zero_trust_access_application.tf new file mode 100644 index 00000000..50c3292a --- /dev/null +++ b/terraform/cloudflare/zero_trust_access_application.tf @@ -0,0 +1,14 @@ +resource "cloudflare_zero_trust_access_application" "example_app" { + zone_id = data.cloudflare_zone.example.id + name = "example_app" + domain = "example_app.example.com" + type = "self_hosted" + session_duration = "30m" + policies = [ + { + id = cloudflare_zero_trust_access_policy.example_policy.id + precedence = 0 + decision = "allow" + } + ] +} diff --git a/terraform/cloudflare/zero_trust_access_policy.tf b/terraform/cloudflare/zero_trust_access_policy.tf new file mode 100644 index 00000000..459d3f65 --- /dev/null +++ b/terraform/cloudflare/zero_trust_access_policy.tf @@ -0,0 +1,12 @@ +resource "cloudflare_zero_trust_access_policy" "example_policy" { + account_id = data.cloudflare_account.example_account.account_id + name = "example_policy" + decision = "allow" + include = [ + { + ip = { + ip = "replace-with-your-ip-address" + } + } + ] +} diff --git a/terraform/cloudflare/zero_trust_tunnel_cloudflared.tf b/terraform/cloudflare/zero_trust_tunnel_cloudflared.tf new file mode 100644 index 00000000..784b247b --- /dev/null +++ b/terraform/cloudflare/zero_trust_tunnel_cloudflared.tf @@ -0,0 +1,4 @@ +data "cloudflare_zero_trust_tunnel_cloudflared" "example_tunnel" { + account_id = data.cloudflare_account.example_account.account_id + tunnel_id = "replace-wiht-your-tunnel-id" +} diff --git a/terraform/cloudflare/zero_trust_tunnel_cloudflared_config.tf b/terraform/cloudflare/zero_trust_tunnel_cloudflared_config.tf new file mode 100644 index 00000000..7c609c73 --- /dev/null +++ b/terraform/cloudflare/zero_trust_tunnel_cloudflared_config.tf @@ -0,0 +1,19 @@ +resource "cloudflare_zero_trust_tunnel_cloudflared_config" "example_tunnel_config" { + account_id = data.cloudflare_account.example_account.account_id + tunnel_id = data.cloudflare_zero_trust_tunnel_cloudflared.example_tunnel.tunnel_id + config = { + ingress = [ + { + hostname = "replace-with-your-hostname" + service = "https://replace-with-your-service-url" + origin_request = { + no_tls_verify = true + } + }, + { + # Catch-all rule: This will match any other requests + service = "http_status:404" + } + ] + } +} diff --git a/terraform/cloudflare/zone.tf b/terraform/cloudflare/zone.tf new file mode 100644 index 00000000..399a3879 --- /dev/null +++ b/terraform/cloudflare/zone.tf @@ -0,0 +1,3 @@ +data "cloudflare_zone" "example_zone" { + zone_id = "replace-with-your-zone-id" +} diff --git a/terraform/templates/cloud-deployment-example/main.tf b/terraform/templates/cloud-deployment-example/main.tf index 467e42cb..043063ca 100644 --- a/terraform/templates/cloud-deployment-example/main.tf +++ b/terraform/templates/cloud-deployment-example/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { cloudflare = { source = "cloudflare/cloudflare" - version = "~> 4.0" + version = "~> 5.0" } civo = { source = "civo/civo" diff --git a/terraform/templates/kubernetes-automation-example/provider.tf b/terraform/templates/kubernetes-automation-example/provider.tf index 489a9513..73073d86 100644 --- a/terraform/templates/kubernetes-automation-example/provider.tf +++ b/terraform/templates/kubernetes-automation-example/provider.tf @@ -21,7 +21,7 @@ terraform { } cloudflare = { source = "cloudflare/cloudflare" - version = "~> 4.0" + version = "~> 5.0" } } }