From 88eab4ace1fabedda0621c54a7f7fd38fbfff46b Mon Sep 17 00:00:00 2001
From: Khue Doan <mail@khuedoan.com>
Date: Fri, 22 Dec 2023 12:58:42 +0700
Subject: [PATCH] refactor(external): remove IP whitelist for Cloudflare tokens

For home networks without static IP, external-dns and cert-manager might
fail after some time if this module is not applied.
---
 external/modules/cloudflare/main.tf | 27 ---------------------------
 1 file changed, 27 deletions(-)

diff --git a/external/modules/cloudflare/main.tf b/external/modules/cloudflare/main.tf
index dcdb0bda..fdebeed1 100644
--- a/external/modules/cloudflare/main.tf
+++ b/external/modules/cloudflare/main.tf
@@ -4,21 +4,6 @@ data "cloudflare_zone" "zone" {
 
 data "cloudflare_api_token_permission_groups" "all" {}
 
-data "http" "public_ipv4" {
-  url = "https://ipv4.icanhazip.com"
-}
-
-# data "http" "public_ipv6" {
-#   url = "https://ipv6.icanhazip.com"
-# }
-
-locals {
-  public_ips = [
-    "${chomp(data.http.public_ipv4.body)}/32",
-    # "${chomp(data.http.public_ipv6.body)}/128"
-  ]
-}
-
 resource "random_password" "tunnel_secret" {
   length  = 64
   special = false
@@ -68,12 +53,6 @@ resource "cloudflare_api_token" "external_dns" {
       "com.cloudflare.api.account.zone.*" = "*"
     }
   }
-
-  condition {
-    request_ip {
-      in = local.public_ips
-    }
-  }
 }
 
 resource "kubernetes_secret" "external_dns_token" {
@@ -99,12 +78,6 @@ resource "cloudflare_api_token" "cert_manager" {
       "com.cloudflare.api.account.zone.*" = "*"
     }
   }
-
-  condition {
-    request_ip {
-      in = local.public_ips
-    }
-  }
 }
 
 resource "kubernetes_secret" "cert_manager_token" {