First commit; Cloudflare configs for now.

This commit is contained in:
2025-05-03 14:01:59 -04:00
commit 8c77463875
12 changed files with 2035 additions and 0 deletions
+40
View File
@@ -0,0 +1,40 @@
# Local .terraform directories
.terraform/
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
crash.*.log
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Ignore transient lock info files created by terraform apply
.terraform.tfstate.lock.info
# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
# Ignore CLI configuration files
.terraformrc
terraform.rc
# Envs
*.env*
+25
View File
@@ -0,0 +1,25 @@
# This file is maintained automatically by "tofu init".
# Manual edits may be lost in future updates.
provider "registry.opentofu.org/cloudflare/cloudflare" {
version = "4.52.0"
constraints = "~> 4.0"
hashes = [
"h1:NTaOQfYINA0YTG/V1/9+SYtgX1it63+cBugj4WK4FWc=",
"zh:19be1a91c982b902c42aba47766860dfa5dc151eed1e95fd39ca642229381ef0",
"zh:1de451c4d1ecf7efbe67b6dace3426ba810711afdd644b0f1b870364c8ae91f8",
"zh:352b4a2120173298622e669258744554339d959ac3a95607b117a48ee4a83238",
"zh:3c6f1346d9154afbd2d558fabb4b0150fc8d559aa961254144fe1bc17fe6032f",
"zh:4c4c92d53fb535b1e0eff26f222bbd627b97d3b4c891ec9c321268676d06152f",
"zh:53276f68006c9ceb7cdb10a6ccf91a5c1eadd1407a28edb5741e84e88d7e29e8",
"zh:7925a97773948171a63d4f65bb81ee92fd6d07a447e36012977313293a5435c9",
"zh:7dfb0a4496cfe032437386d0a2cd9229a1956e9c30bd920923c141b0f0440060",
"zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
"zh:8d4aa79f0a414bb4163d771063c70cd991c8fac6c766e685bac2ee12903c5bd6",
"zh:a67540c13565616a7e7e51ee9366e88b0dc60046e1d75c72680e150bd02725bb",
"zh:a936383a4767f5393f38f622e92bf2d0c03fe04b69c284951f27345766c7b31b",
"zh:d4887d73c466ff036eecf50ad6404ba38fd82ea4855296b1846d244b0f13c380",
"zh:e9093c8bd5b6cd99c81666e315197791781b8f93afa14fc2e0f732d1bb2a44b7",
"zh:efd3b3f1ec59a37f635aa1d4efcf178734c2fcf8ddb0d56ea690bec342da8672",
]
}
+60
View File
@@ -0,0 +1,60 @@
cloudflare_access_application Account ✅ ✅
cloudflare_access_group Account ✅ ✅
cloudflare_access_identity_provider Account ✅ ❌
cloudflare_access_mutual_tls_certificate Account ✅ ❌
cloudflare_access_policy Account ❌ ❌
cloudflare_access_rule Account ✅ ✅
cloudflare_access_service_token Account ✅ ❌
cloudflare_account_member Account ✅ ✅
cloudflare_api_shield Zone ✅ ❌
cloudflare_api_token User ❌ ❌
cloudflare_argo Zone ✅ ✅
cloudflare_authenticated_origin_pulls Zone ❌ ❌
cloudflare_authenticated_origin_pulls_certificate Zone ❌ ❌
cloudflare_bot_management Zone ✅ ✅
cloudflare_byo_ip_prefix Account ✅ ✅
cloudflare_certificate_pack Zone ✅ ✅
cloudflare_custom_hostname Zone ✅ ✅
cloudflare_custom_hostname_fallback_origin Account ✅ ❌
cloudflare_custom_pages Account or Zone ✅ ✅
cloudflare_custom_ssl Zone ✅ ✅
cloudflare_filter Zone ✅ ✅
cloudflare_firewall_rule Zone ✅ ✅
cloudflare_healthcheck Zone ✅ ✅
cloudflare_ip_list Account ❌ ✅
cloudflare_list Account ✅ ❌
cloudflare_load_balancer Zone ✅ ✅
cloudflare_load_balancer_monitor Account ✅ ✅
cloudflare_load_balancer_pool Account ✅ ✅
cloudflare_logpull_retention Zone ❌ ❌
cloudflare_logpush_job Zone ✅ ❌
cloudflare_logpush_ownership_challenge Zone ❌ ❌
cloudflare_magic_firewall_ruleset Account ❌ ❌
cloudflare_origin_ca_certificate Zone ✅ ✅
cloudflare_page_rule Zone ✅ ✅
cloudflare_rate_limit Zone ✅ ✅
cloudflare_record Zone ✅ ✅
cloudflare_ruleset Account or Zone ✅ ✅
cloudflare_spectrum_application Zone ✅ ✅
cloudflare_tiered_cache Zone ✅ ❌
cloudflare_teams_list Account ✅ ✅
cloudflare_teams_location Account ✅ ✅
cloudflare_teams_proxy_endpoint Account ✅ ✅
cloudflare_teams_rule Account ✅ ✅
cloudflare_tunnel Account ✅ ✅
cloudflare_turnstile_widget Account ✅ ✅
cloudflare_url_normalization_settings Zone ✅ ❌
cloudflare_waf_group Zone ❌ ❌
cloudflare_waf_override Zone ✅ ✅
cloudflare_waf_package Zone ✅ ❌
cloudflare_waf_rule Zone ❌ ❌
cloudflare_waiting_room Zone ✅ ✅
cloudflare_worker_cron_trigger Account ❌ ❌
cloudflare_worker_route Zone ✅ ✅
cloudflare_worker_script Account ❌ ❌
cloudflare_workers_kv Account ❌ ❌
cloudflare_workers_kv_namespace Account ✅ ✅
cloudflare_zone Account ✅ ✅
cloudflare_zone_dnssec Zone ❌ ❌
cloudflare_zone_lockdown Zone ✅ ✅
cloudflare_zone_settings_override Zone ✅ ❌
+60
View File
@@ -0,0 +1,60 @@
cloudflare_access_application
cloudflare_access_group
cloudflare_access_identity_provider
cloudflare_access_mutual_tls_certificate
cloudflare_access_policy
cloudflare_access_rule
cloudflare_access_service_token
cloudflare_account_member
cloudflare_api_shield
cloudflare_api_token
cloudflare_argo
cloudflare_authenticated_origin_pulls
cloudflare_authenticated_origin_pulls_certificate
cloudflare_bot_management
cloudflare_byo_ip_prefix
cloudflare_certificate_pack
cloudflare_custom_hostname
cloudflare_custom_hostname_fallback_origin
cloudflare_custom_pages
cloudflare_custom_ssl
cloudflare_filter
cloudflare_firewall_rule
cloudflare_healthcheck
cloudflare_ip_list
cloudflare_list
cloudflare_load_balancer
cloudflare_load_balancer_monitor
cloudflare_load_balancer_pool
cloudflare_logpull_retention
cloudflare_logpush_job
cloudflare_logpush_ownership_challenge
cloudflare_magic_firewall_ruleset
cloudflare_origin_ca_certificate
cloudflare_page_rule
cloudflare_rate_limit
cloudflare_record
cloudflare_ruleset
cloudflare_spectrum_application
cloudflare_tiered_cache
cloudflare_teams_list
cloudflare_teams_location
cloudflare_teams_proxy_endpoint
cloudflare_teams_rule
cloudflare_tunnel
cloudflare_turnstile_widget
cloudflare_url_normalization_settings
cloudflare_waf_group
cloudflare_waf_override
cloudflare_waf_package
cloudflare_waf_rule
cloudflare_waiting_room
cloudflare_worker_cron_trigger
cloudflare_worker_route
cloudflare_worker_script
cloudflare_workers_kv
cloudflare_workers_kv_namespace
cloudflare_zone
cloudflare_zone_dnssec
cloudflare_zone_lockdown
cloudflare_zone_settings_override
+10
View File
@@ -0,0 +1,10 @@
resource "cloudflare_page_rule" "terraform_managed_resource_6a06432fcb2856a66f0b90a70f81a9ea" {
priority = 1
status = "active"
target = "logs.trez.wtf/"
zone_id = var.cloudflare_zone_id
actions {
rocket_loader = "off"
}
}
File diff suppressed because it is too large Load Diff
+5
View File
@@ -0,0 +1,5 @@
resource "cloudflare_tiered_cache" "terraform_managed_resource_17dbb71212204583b777783d25eb6738" {
cache_type = "smart"
zone_id = var.cloudflare_zone_id
}
+8
View File
@@ -0,0 +1,8 @@
resource "cloudflare_zone" "terraform_managed_resource_17dbb71212204583b777783d25eb6738" {
account_id = var.cloudflare_account_id
paused = false
plan = "free"
type = "full"
zone = "trez.wtf"
}
@@ -0,0 +1,64 @@
resource "cloudflare_zone_settings_override" "terraform_managed_resource_17dbb71212204583b777783d25eb6738" {
zone_id = var.cloudflare_zone_id
settings {
always_online = "on"
always_use_https = "on"
automatic_https_rewrites = "on"
brotli = "on"
browser_cache_ttl = 14400
browser_check = "on"
cache_level = "aggressive"
challenge_ttl = 1800
cname_flattening = "flatten_at_root"
development_mode = "off"
early_hints = "on"
email_obfuscation = "on"
filter_logs_to_cloudflare = "off"
hotlink_protection = "on"
http2 = "on"
http3 = "on"
ip_geolocation = "on"
ipv6 = "on"
log_to_cloudflare = "on"
max_upload = 100
min_tls_version = "1.0"
minify {
css = "off"
html = "off"
js = "off"
}
mirage = "off"
opportunistic_encryption = "on"
opportunistic_onion = "on"
orange_to_orange = "off"
origin_error_page_pass_thru = "off"
polish = "off"
prefetch_preload = "off"
privacy_pass = "on"
proxy_read_timeout = "100"
pseudo_ipv4 = "off"
replace_insecure_js = "on"
response_buffering = "off"
rocket_loader = "on"
security_header {
enabled = false
include_subdomains = false
max_age = 0
nosniff = false
preload = false
}
security_level = "medium"
server_side_exclude = "off"
sort_query_string_for_cache = "off"
ssl = "full"
tls_1_3 = "on"
tls_client_auth = "off"
true_client_ip_header = "off"
visitor_ip = "on"
waf = "off"
webp = "off"
websockets = "on"
zero_rtt = "off"
}
}
+73
View File
@@ -0,0 +1,73 @@
#!/bin/bash
# Script to generate Terraform resources using cf-terraforming for OpenTofu
resources=(
cloudflare_access_application
cloudflare_access_group
cloudflare_access_identity_provider
cloudflare_access_mutual_tls_certificate
cloudflare_access_policy
cloudflare_access_rule
cloudflare_access_service_token
cloudflare_account_member
cloudflare_api_shield
cloudflare_api_token
cloudflare_argo
cloudflare_authenticated_origin_pulls
cloudflare_authenticated_origin_pulls_certificate
cloudflare_bot_management
cloudflare_byo_ip_prefix
cloudflare_certificate_pack
cloudflare_custom_hostname
cloudflare_custom_hostname_fallback_origin
cloudflare_custom_pages
cloudflare_custom_ssl
cloudflare_filter
cloudflare_firewall_rule
cloudflare_healthcheck
cloudflare_ip_list
cloudflare_list
cloudflare_load_balancer
cloudflare_load_balancer_monitor
cloudflare_load_balancer_pool
cloudflare_logpull_retention
cloudflare_logpush_job
cloudflare_logpush_ownership_challenge
cloudflare_magic_firewall_ruleset
cloudflare_origin_ca_certificate
cloudflare_page_rule
cloudflare_rate_limit
cloudflare_record
cloudflare_ruleset
cloudflare_spectrum_application
cloudflare_tiered_cache
cloudflare_teams_list
cloudflare_teams_location
cloudflare_teams_proxy_endpoint
cloudflare_teams_rule
cloudflare_tunnel
cloudflare_turnstile_widget
cloudflare_url_normalization_settings
cloudflare_waf_group
cloudflare_waf_override
cloudflare_waf_package
cloudflare_waf_rule
cloudflare_waiting_room
cloudflare_worker_cron_trigger
cloudflare_worker_route
cloudflare_worker_script
cloudflare_workers_kv
cloudflare_workers_kv_namespace
cloudflare_zone
cloudflare_zone_dnssec
cloudflare_zone_lockdown
cloudflare_zone_settings_override
)
for resource in "${resources[@]}"; do
echo "Generating ${resource}.tf..."
cf-terraforming generate --provider-registry-hostname registry.opentofu.org --resource-type $resource > "${resource}.tf_v5"
done
echo "✅ All Terraform files generated!"
+24
View File
@@ -0,0 +1,24 @@
variable "cloudflare_zone_id" {
description = "The Cloudflare UUID for the Zone to use."
type = string
}
variable "cloudflare_account_id" {
description = "The Cloudflare UUID for the Account the Zone lives in."
type = string
}
variable "cloudflare_email" {
description = "The Cloudflare user."
type = string
}
variable "cloudflare_token" {
description = "The Cloudflare user's API token."
type = string
}
variable "zone" {
description = "The Cloudflare user's API token."
type = string
}
+26
View File
@@ -0,0 +1,26 @@
terraform {
required_providers {
cloudflare = {
source = "cloudflare/cloudflare"
version = "~> 4"
}
}
backend "s3" {
bucket = "rinoa-terraform"
key = "cloudflare/.tfstate"
endpoints = { s3 = "http://192.168.1.254:9001" }
region = "us-east-fh-pln"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
use_path_style = true
skip_requesting_account_id = true # Optional, set to true if MinIO does not support AWS account ID
}
}
provider "cloudflare" {
api_token = var.cloudflare_token
}