First commit; Cloudflare configs for now.
This commit is contained in:
+40
@@ -0,0 +1,40 @@
|
||||
# Local .terraform directories
|
||||
.terraform/
|
||||
|
||||
# .tfstate files
|
||||
*.tfstate
|
||||
*.tfstate.*
|
||||
|
||||
# Crash log files
|
||||
crash.log
|
||||
crash.*.log
|
||||
|
||||
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
|
||||
# password, private keys, and other secrets. These should not be part of version
|
||||
# control as they are data points which are potentially sensitive and subject
|
||||
# to change depending on the environment.
|
||||
*.tfvars
|
||||
*.tfvars.json
|
||||
|
||||
# Ignore override files as they are usually used to override resources locally and so
|
||||
# are not checked in
|
||||
override.tf
|
||||
override.tf.json
|
||||
*_override.tf
|
||||
*_override.tf.json
|
||||
|
||||
# Ignore transient lock info files created by terraform apply
|
||||
.terraform.tfstate.lock.info
|
||||
|
||||
# Include override files you do wish to add to version control using negated pattern
|
||||
# !example_override.tf
|
||||
|
||||
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
|
||||
# example: *tfplan*
|
||||
|
||||
# Ignore CLI configuration files
|
||||
.terraformrc
|
||||
terraform.rc
|
||||
|
||||
# Envs
|
||||
*.env*
|
||||
Generated
+25
@@ -0,0 +1,25 @@
|
||||
# This file is maintained automatically by "tofu init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.opentofu.org/cloudflare/cloudflare" {
|
||||
version = "4.52.0"
|
||||
constraints = "~> 4.0"
|
||||
hashes = [
|
||||
"h1:NTaOQfYINA0YTG/V1/9+SYtgX1it63+cBugj4WK4FWc=",
|
||||
"zh:19be1a91c982b902c42aba47766860dfa5dc151eed1e95fd39ca642229381ef0",
|
||||
"zh:1de451c4d1ecf7efbe67b6dace3426ba810711afdd644b0f1b870364c8ae91f8",
|
||||
"zh:352b4a2120173298622e669258744554339d959ac3a95607b117a48ee4a83238",
|
||||
"zh:3c6f1346d9154afbd2d558fabb4b0150fc8d559aa961254144fe1bc17fe6032f",
|
||||
"zh:4c4c92d53fb535b1e0eff26f222bbd627b97d3b4c891ec9c321268676d06152f",
|
||||
"zh:53276f68006c9ceb7cdb10a6ccf91a5c1eadd1407a28edb5741e84e88d7e29e8",
|
||||
"zh:7925a97773948171a63d4f65bb81ee92fd6d07a447e36012977313293a5435c9",
|
||||
"zh:7dfb0a4496cfe032437386d0a2cd9229a1956e9c30bd920923c141b0f0440060",
|
||||
"zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
|
||||
"zh:8d4aa79f0a414bb4163d771063c70cd991c8fac6c766e685bac2ee12903c5bd6",
|
||||
"zh:a67540c13565616a7e7e51ee9366e88b0dc60046e1d75c72680e150bd02725bb",
|
||||
"zh:a936383a4767f5393f38f622e92bf2d0c03fe04b69c284951f27345766c7b31b",
|
||||
"zh:d4887d73c466ff036eecf50ad6404ba38fd82ea4855296b1846d244b0f13c380",
|
||||
"zh:e9093c8bd5b6cd99c81666e315197791781b8f93afa14fc2e0f732d1bb2a44b7",
|
||||
"zh:efd3b3f1ec59a37f635aa1d4efcf178734c2fcf8ddb0d56ea690bec342da8672",
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,60 @@
|
||||
cloudflare_access_application Account ✅ ✅
|
||||
cloudflare_access_group Account ✅ ✅
|
||||
cloudflare_access_identity_provider Account ✅ ❌
|
||||
cloudflare_access_mutual_tls_certificate Account ✅ ❌
|
||||
cloudflare_access_policy Account ❌ ❌
|
||||
cloudflare_access_rule Account ✅ ✅
|
||||
cloudflare_access_service_token Account ✅ ❌
|
||||
cloudflare_account_member Account ✅ ✅
|
||||
cloudflare_api_shield Zone ✅ ❌
|
||||
cloudflare_api_token User ❌ ❌
|
||||
cloudflare_argo Zone ✅ ✅
|
||||
cloudflare_authenticated_origin_pulls Zone ❌ ❌
|
||||
cloudflare_authenticated_origin_pulls_certificate Zone ❌ ❌
|
||||
cloudflare_bot_management Zone ✅ ✅
|
||||
cloudflare_byo_ip_prefix Account ✅ ✅
|
||||
cloudflare_certificate_pack Zone ✅ ✅
|
||||
cloudflare_custom_hostname Zone ✅ ✅
|
||||
cloudflare_custom_hostname_fallback_origin Account ✅ ❌
|
||||
cloudflare_custom_pages Account or Zone ✅ ✅
|
||||
cloudflare_custom_ssl Zone ✅ ✅
|
||||
cloudflare_filter Zone ✅ ✅
|
||||
cloudflare_firewall_rule Zone ✅ ✅
|
||||
cloudflare_healthcheck Zone ✅ ✅
|
||||
cloudflare_ip_list Account ❌ ✅
|
||||
cloudflare_list Account ✅ ❌
|
||||
cloudflare_load_balancer Zone ✅ ✅
|
||||
cloudflare_load_balancer_monitor Account ✅ ✅
|
||||
cloudflare_load_balancer_pool Account ✅ ✅
|
||||
cloudflare_logpull_retention Zone ❌ ❌
|
||||
cloudflare_logpush_job Zone ✅ ❌
|
||||
cloudflare_logpush_ownership_challenge Zone ❌ ❌
|
||||
cloudflare_magic_firewall_ruleset Account ❌ ❌
|
||||
cloudflare_origin_ca_certificate Zone ✅ ✅
|
||||
cloudflare_page_rule Zone ✅ ✅
|
||||
cloudflare_rate_limit Zone ✅ ✅
|
||||
cloudflare_record Zone ✅ ✅
|
||||
cloudflare_ruleset Account or Zone ✅ ✅
|
||||
cloudflare_spectrum_application Zone ✅ ✅
|
||||
cloudflare_tiered_cache Zone ✅ ❌
|
||||
cloudflare_teams_list Account ✅ ✅
|
||||
cloudflare_teams_location Account ✅ ✅
|
||||
cloudflare_teams_proxy_endpoint Account ✅ ✅
|
||||
cloudflare_teams_rule Account ✅ ✅
|
||||
cloudflare_tunnel Account ✅ ✅
|
||||
cloudflare_turnstile_widget Account ✅ ✅
|
||||
cloudflare_url_normalization_settings Zone ✅ ❌
|
||||
cloudflare_waf_group Zone ❌ ❌
|
||||
cloudflare_waf_override Zone ✅ ✅
|
||||
cloudflare_waf_package Zone ✅ ❌
|
||||
cloudflare_waf_rule Zone ❌ ❌
|
||||
cloudflare_waiting_room Zone ✅ ✅
|
||||
cloudflare_worker_cron_trigger Account ❌ ❌
|
||||
cloudflare_worker_route Zone ✅ ✅
|
||||
cloudflare_worker_script Account ❌ ❌
|
||||
cloudflare_workers_kv Account ❌ ❌
|
||||
cloudflare_workers_kv_namespace Account ✅ ✅
|
||||
cloudflare_zone Account ✅ ✅
|
||||
cloudflare_zone_dnssec Zone ❌ ❌
|
||||
cloudflare_zone_lockdown Zone ✅ ✅
|
||||
cloudflare_zone_settings_override Zone ✅ ❌
|
||||
@@ -0,0 +1,60 @@
|
||||
cloudflare_access_application
|
||||
cloudflare_access_group
|
||||
cloudflare_access_identity_provider
|
||||
cloudflare_access_mutual_tls_certificate
|
||||
cloudflare_access_policy
|
||||
cloudflare_access_rule
|
||||
cloudflare_access_service_token
|
||||
cloudflare_account_member
|
||||
cloudflare_api_shield
|
||||
cloudflare_api_token
|
||||
cloudflare_argo
|
||||
cloudflare_authenticated_origin_pulls
|
||||
cloudflare_authenticated_origin_pulls_certificate
|
||||
cloudflare_bot_management
|
||||
cloudflare_byo_ip_prefix
|
||||
cloudflare_certificate_pack
|
||||
cloudflare_custom_hostname
|
||||
cloudflare_custom_hostname_fallback_origin
|
||||
cloudflare_custom_pages
|
||||
cloudflare_custom_ssl
|
||||
cloudflare_filter
|
||||
cloudflare_firewall_rule
|
||||
cloudflare_healthcheck
|
||||
cloudflare_ip_list
|
||||
cloudflare_list
|
||||
cloudflare_load_balancer
|
||||
cloudflare_load_balancer_monitor
|
||||
cloudflare_load_balancer_pool
|
||||
cloudflare_logpull_retention
|
||||
cloudflare_logpush_job
|
||||
cloudflare_logpush_ownership_challenge
|
||||
cloudflare_magic_firewall_ruleset
|
||||
cloudflare_origin_ca_certificate
|
||||
cloudflare_page_rule
|
||||
cloudflare_rate_limit
|
||||
cloudflare_record
|
||||
cloudflare_ruleset
|
||||
cloudflare_spectrum_application
|
||||
cloudflare_tiered_cache
|
||||
cloudflare_teams_list
|
||||
cloudflare_teams_location
|
||||
cloudflare_teams_proxy_endpoint
|
||||
cloudflare_teams_rule
|
||||
cloudflare_tunnel
|
||||
cloudflare_turnstile_widget
|
||||
cloudflare_url_normalization_settings
|
||||
cloudflare_waf_group
|
||||
cloudflare_waf_override
|
||||
cloudflare_waf_package
|
||||
cloudflare_waf_rule
|
||||
cloudflare_waiting_room
|
||||
cloudflare_worker_cron_trigger
|
||||
cloudflare_worker_route
|
||||
cloudflare_worker_script
|
||||
cloudflare_workers_kv
|
||||
cloudflare_workers_kv_namespace
|
||||
cloudflare_zone
|
||||
cloudflare_zone_dnssec
|
||||
cloudflare_zone_lockdown
|
||||
cloudflare_zone_settings_override
|
||||
@@ -0,0 +1,10 @@
|
||||
resource "cloudflare_page_rule" "terraform_managed_resource_6a06432fcb2856a66f0b90a70f81a9ea" {
|
||||
priority = 1
|
||||
status = "active"
|
||||
target = "logs.trez.wtf/"
|
||||
zone_id = var.cloudflare_zone_id
|
||||
actions {
|
||||
rocket_loader = "off"
|
||||
}
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,5 @@
|
||||
resource "cloudflare_tiered_cache" "terraform_managed_resource_17dbb71212204583b777783d25eb6738" {
|
||||
cache_type = "smart"
|
||||
zone_id = var.cloudflare_zone_id
|
||||
}
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
resource "cloudflare_zone" "terraform_managed_resource_17dbb71212204583b777783d25eb6738" {
|
||||
account_id = var.cloudflare_account_id
|
||||
paused = false
|
||||
plan = "free"
|
||||
type = "full"
|
||||
zone = "trez.wtf"
|
||||
}
|
||||
|
||||
@@ -0,0 +1,64 @@
|
||||
resource "cloudflare_zone_settings_override" "terraform_managed_resource_17dbb71212204583b777783d25eb6738" {
|
||||
zone_id = var.cloudflare_zone_id
|
||||
settings {
|
||||
always_online = "on"
|
||||
always_use_https = "on"
|
||||
automatic_https_rewrites = "on"
|
||||
brotli = "on"
|
||||
browser_cache_ttl = 14400
|
||||
browser_check = "on"
|
||||
cache_level = "aggressive"
|
||||
challenge_ttl = 1800
|
||||
cname_flattening = "flatten_at_root"
|
||||
development_mode = "off"
|
||||
early_hints = "on"
|
||||
email_obfuscation = "on"
|
||||
filter_logs_to_cloudflare = "off"
|
||||
hotlink_protection = "on"
|
||||
http2 = "on"
|
||||
http3 = "on"
|
||||
ip_geolocation = "on"
|
||||
ipv6 = "on"
|
||||
log_to_cloudflare = "on"
|
||||
max_upload = 100
|
||||
min_tls_version = "1.0"
|
||||
minify {
|
||||
css = "off"
|
||||
html = "off"
|
||||
js = "off"
|
||||
}
|
||||
mirage = "off"
|
||||
opportunistic_encryption = "on"
|
||||
opportunistic_onion = "on"
|
||||
orange_to_orange = "off"
|
||||
origin_error_page_pass_thru = "off"
|
||||
polish = "off"
|
||||
prefetch_preload = "off"
|
||||
privacy_pass = "on"
|
||||
proxy_read_timeout = "100"
|
||||
pseudo_ipv4 = "off"
|
||||
replace_insecure_js = "on"
|
||||
response_buffering = "off"
|
||||
rocket_loader = "on"
|
||||
security_header {
|
||||
enabled = false
|
||||
include_subdomains = false
|
||||
max_age = 0
|
||||
nosniff = false
|
||||
preload = false
|
||||
}
|
||||
security_level = "medium"
|
||||
server_side_exclude = "off"
|
||||
sort_query_string_for_cache = "off"
|
||||
ssl = "full"
|
||||
tls_1_3 = "on"
|
||||
tls_client_auth = "off"
|
||||
true_client_ip_header = "off"
|
||||
visitor_ip = "on"
|
||||
waf = "off"
|
||||
webp = "off"
|
||||
websockets = "on"
|
||||
zero_rtt = "off"
|
||||
}
|
||||
}
|
||||
|
||||
Executable
+73
@@ -0,0 +1,73 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Script to generate Terraform resources using cf-terraforming for OpenTofu
|
||||
|
||||
resources=(
|
||||
cloudflare_access_application
|
||||
cloudflare_access_group
|
||||
cloudflare_access_identity_provider
|
||||
cloudflare_access_mutual_tls_certificate
|
||||
cloudflare_access_policy
|
||||
cloudflare_access_rule
|
||||
cloudflare_access_service_token
|
||||
cloudflare_account_member
|
||||
cloudflare_api_shield
|
||||
cloudflare_api_token
|
||||
cloudflare_argo
|
||||
cloudflare_authenticated_origin_pulls
|
||||
cloudflare_authenticated_origin_pulls_certificate
|
||||
cloudflare_bot_management
|
||||
cloudflare_byo_ip_prefix
|
||||
cloudflare_certificate_pack
|
||||
cloudflare_custom_hostname
|
||||
cloudflare_custom_hostname_fallback_origin
|
||||
cloudflare_custom_pages
|
||||
cloudflare_custom_ssl
|
||||
cloudflare_filter
|
||||
cloudflare_firewall_rule
|
||||
cloudflare_healthcheck
|
||||
cloudflare_ip_list
|
||||
cloudflare_list
|
||||
cloudflare_load_balancer
|
||||
cloudflare_load_balancer_monitor
|
||||
cloudflare_load_balancer_pool
|
||||
cloudflare_logpull_retention
|
||||
cloudflare_logpush_job
|
||||
cloudflare_logpush_ownership_challenge
|
||||
cloudflare_magic_firewall_ruleset
|
||||
cloudflare_origin_ca_certificate
|
||||
cloudflare_page_rule
|
||||
cloudflare_rate_limit
|
||||
cloudflare_record
|
||||
cloudflare_ruleset
|
||||
cloudflare_spectrum_application
|
||||
cloudflare_tiered_cache
|
||||
cloudflare_teams_list
|
||||
cloudflare_teams_location
|
||||
cloudflare_teams_proxy_endpoint
|
||||
cloudflare_teams_rule
|
||||
cloudflare_tunnel
|
||||
cloudflare_turnstile_widget
|
||||
cloudflare_url_normalization_settings
|
||||
cloudflare_waf_group
|
||||
cloudflare_waf_override
|
||||
cloudflare_waf_package
|
||||
cloudflare_waf_rule
|
||||
cloudflare_waiting_room
|
||||
cloudflare_worker_cron_trigger
|
||||
cloudflare_worker_route
|
||||
cloudflare_worker_script
|
||||
cloudflare_workers_kv
|
||||
cloudflare_workers_kv_namespace
|
||||
cloudflare_zone
|
||||
cloudflare_zone_dnssec
|
||||
cloudflare_zone_lockdown
|
||||
cloudflare_zone_settings_override
|
||||
)
|
||||
|
||||
for resource in "${resources[@]}"; do
|
||||
echo "Generating ${resource}.tf..."
|
||||
cf-terraforming generate --provider-registry-hostname registry.opentofu.org --resource-type $resource > "${resource}.tf_v5"
|
||||
done
|
||||
|
||||
echo "✅ All Terraform files generated!"
|
||||
@@ -0,0 +1,24 @@
|
||||
variable "cloudflare_zone_id" {
|
||||
description = "The Cloudflare UUID for the Zone to use."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "cloudflare_account_id" {
|
||||
description = "The Cloudflare UUID for the Account the Zone lives in."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "cloudflare_email" {
|
||||
description = "The Cloudflare user."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "cloudflare_token" {
|
||||
description = "The Cloudflare user's API token."
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "zone" {
|
||||
description = "The Cloudflare user's API token."
|
||||
type = string
|
||||
}
|
||||
@@ -0,0 +1,26 @@
|
||||
terraform {
|
||||
required_providers {
|
||||
cloudflare = {
|
||||
source = "cloudflare/cloudflare"
|
||||
version = "~> 4"
|
||||
}
|
||||
}
|
||||
|
||||
backend "s3" {
|
||||
bucket = "rinoa-terraform"
|
||||
key = "cloudflare/.tfstate"
|
||||
|
||||
endpoints = { s3 = "http://192.168.1.254:9001" }
|
||||
|
||||
region = "us-east-fh-pln"
|
||||
skip_credentials_validation = true
|
||||
skip_metadata_api_check = true
|
||||
skip_region_validation = true
|
||||
use_path_style = true
|
||||
skip_requesting_account_id = true # Optional, set to true if MinIO does not support AWS account ID
|
||||
}
|
||||
}
|
||||
|
||||
provider "cloudflare" {
|
||||
api_token = var.cloudflare_token
|
||||
}
|
||||
Reference in New Issue
Block a user