2023-01-04 11:55:24 +00:00
|
|
|
variable "cloudflare_account_id" {
|
|
|
|
|
type = string
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-05 14:56:50 +00:00
|
|
|
variable "cloudflare_zone_id" {
|
|
|
|
|
type = string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variable "cloudflare_deploy_domain" {
|
2023-01-04 13:59:43 +00:00
|
|
|
type = string
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-04 11:55:24 +00:00
|
|
|
variable "cloudflare_api_token" {
|
|
|
|
|
type = string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variable "gh_username" {
|
|
|
|
|
type = string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
variable "d1_id" {
|
|
|
|
|
type = string
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-04 16:09:39 +00:00
|
|
|
variable "access_auth_domain" {
|
|
|
|
|
type = string
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-04 11:55:24 +00:00
|
|
|
terraform {
|
|
|
|
|
required_providers {
|
|
|
|
|
cloudflare = {
|
|
|
|
|
source = "cloudflare/cloudflare"
|
|
|
|
|
version = "3.31.0"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
random = {
|
|
|
|
|
source = "hashicorp/random"
|
|
|
|
|
version = "3.4.3"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
provider "cloudflare" {
|
|
|
|
|
api_token = var.cloudflare_api_token
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resource "cloudflare_workers_kv_namespace" "wildebeest_cache" {
|
|
|
|
|
account_id = var.cloudflare_account_id
|
2023-01-04 13:59:43 +00:00
|
|
|
title = "wildebeest-${var.gh_username}-cache"
|
2023-01-04 11:55:24 +00:00
|
|
|
}
|
|
|
|
|
|
2023-01-04 12:34:19 +00:00
|
|
|
resource "random_password" "user_key" {
|
2023-01-04 13:59:43 +00:00
|
|
|
length = 256
|
|
|
|
|
special = false
|
2023-01-04 11:55:24 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resource "cloudflare_pages_project" "wildebeest_pages_project" {
|
|
|
|
|
account_id = var.cloudflare_account_id
|
|
|
|
|
name = "wildebeest-${var.gh_username}"
|
|
|
|
|
production_branch = "main"
|
2023-01-04 13:59:43 +00:00
|
|
|
|
2023-01-04 11:55:24 +00:00
|
|
|
deployment_configs {
|
|
|
|
|
production {
|
|
|
|
|
environment_variables = {
|
2023-01-06 13:34:25 +00:00
|
|
|
CF_ACCOUNT_ID = var.cloudflare_account_id
|
|
|
|
|
CF_API_TOKEN = var.cloudflare_api_token
|
2023-01-04 11:55:24 +00:00
|
|
|
|
2023-01-04 12:34:19 +00:00
|
|
|
USER_KEY = random_password.user_key.result
|
2023-01-04 16:40:55 +00:00
|
|
|
|
2023-01-05 14:56:50 +00:00
|
|
|
DOMAIN = var.cloudflare_deploy_domain
|
2023-01-04 16:09:39 +00:00
|
|
|
ACCESS_AUD = cloudflare_access_application.wildebeest_access.aud
|
|
|
|
|
ACCESS_AUTH_DOMAIN = var.access_auth_domain
|
2023-01-04 11:55:24 +00:00
|
|
|
}
|
|
|
|
|
kv_namespaces = {
|
|
|
|
|
KV_CACHE = cloudflare_workers_kv_namespace.wildebeest_cache.id
|
|
|
|
|
}
|
|
|
|
|
d1_databases = {
|
2023-01-04 13:59:43 +00:00
|
|
|
DATABASE = var.d1_id
|
2023-01-04 11:55:24 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-04 13:59:43 +00:00
|
|
|
resource "cloudflare_record" "record" {
|
2023-01-05 14:56:50 +00:00
|
|
|
zone_id = var.cloudflare_zone_id
|
|
|
|
|
name = var.cloudflare_deploy_domain
|
2023-01-04 13:59:43 +00:00
|
|
|
value = cloudflare_pages_project.wildebeest_pages_project.subdomain
|
|
|
|
|
type = "CNAME"
|
|
|
|
|
ttl = 1
|
|
|
|
|
proxied = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resource "cloudflare_pages_domain" "domain" {
|
|
|
|
|
account_id = var.cloudflare_account_id
|
|
|
|
|
project_name = "wildebeest-${var.gh_username}"
|
2023-01-05 14:56:50 +00:00
|
|
|
domain = var.cloudflare_deploy_domain
|
2023-01-04 17:30:26 +00:00
|
|
|
|
|
|
|
|
depends_on = [
|
|
|
|
|
cloudflare_pages_project.wildebeest_pages_project,
|
|
|
|
|
cloudflare_record.record,
|
|
|
|
|
]
|
2023-01-04 13:59:43 +00:00
|
|
|
}
|
|
|
|
|
|
2023-01-04 11:55:24 +00:00
|
|
|
resource "cloudflare_access_application" "wildebeest_access" {
|
|
|
|
|
account_id = var.cloudflare_account_id
|
|
|
|
|
name = "wildebeest-${var.gh_username}"
|
2023-01-05 14:56:50 +00:00
|
|
|
domain = "${var.cloudflare_deploy_domain}/oauth/authorize"
|
2023-01-04 11:55:24 +00:00
|
|
|
type = "self_hosted"
|
|
|
|
|
session_duration = "168h"
|
|
|
|
|
auto_redirect_to_identity = false
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-04 13:59:43 +00:00
|
|
|
resource "cloudflare_access_policy" "policy" {
|
|
|
|
|
application_id = cloudflare_access_application.wildebeest_access.id
|
2023-01-05 14:56:50 +00:00
|
|
|
account_id = var.cloudflare_account_id
|
2023-01-04 13:59:43 +00:00
|
|
|
name = "policy"
|
|
|
|
|
precedence = "1"
|
|
|
|
|
decision = "allow"
|
|
|
|
|
|
|
|
|
|
include {
|
2023-01-05 14:56:50 +00:00
|
|
|
email = ["CHANGEME@example.com"]
|
2023-01-04 13:59:43 +00:00
|
|
|
}
|
2023-01-04 11:55:24 +00:00
|
|
|
}
|
