refactor(external): split Cloudflare into multiple files

2024-12-23 01:24:36 +07:00 · 2021-12-25 02:06:05 +07:00 · 2021-12-25 02:06:05 +07:00 · c55b98186d
commit c55b98186d
parent 3adc7d1b69
4 changed files with 97 additions and 99 deletions
--- a/external/cert_manager.tf
+++ b/external/cert_manager.tf
@ -0,0 +1,30 @@
+resource "cloudflare_api_token" "cert_manager" {
+  name = "homelab_cert_manager"
+
+  policy {
+    permission_groups = [
+      data.cloudflare_api_token_permission_groups.all.permissions["Zone Read"],
+      data.cloudflare_api_token_permission_groups.all.permissions["DNS Write"]
+    ]
+    resources = {
+      "com.cloudflare.api.account.zone.*" = "*"
+    }
+  }
+
+  condition {
+    request_ip {
+      in = local.public_ips
+    }
+  }
+}
+
+resource "kubernetes_secret" "cert_manager_token" {
+  metadata {
+    name      = "cloudflare-api-token"
+    namespace = "cert-manager"
+  }
+
+  data = {
+    "api-token" = cloudflare_api_token.cert_manager.value
+  }
+}
--- a/external/cloudflare.tf
+++ b/external/cloudflare.tf
@ -22,102 +22,3 @@ locals {
    # "${chomp(data.http.public_ipv6.body)}/128"
  ]
 }
-
-resource "random_password" "tunnel_secret" {
-  length  = 64
-  special = false
-}
-
-resource "cloudflare_argo_tunnel" "homelab" {
-  account_id = var.cloudflare_account_id
-  name       = "homelab"
-  secret     = base64encode(random_password.tunnel_secret.result)
-}
-
-resource "kubernetes_secret" "cloudflared_credentials" {
-  metadata {
-    name      = "cloudflared-credentials"
-    namespace = "cloudflared"
-  }
-
-  data = {
-    "credentials.json" = jsonencode({
-      AccountTag   = var.cloudflare_account_id
-      TunnelName   = cloudflare_argo_tunnel.homelab.name
-      TunnelID     = cloudflare_argo_tunnel.homelab.id
-      TunnelSecret = base64encode(random_password.tunnel_secret.result)
-    })
-  }
-}
-
-resource "cloudflare_api_token" "external_dns" {
-  name = "homelab_external_dns"
-
-  policy {
-    permission_groups = [
-      data.cloudflare_api_token_permission_groups.all.permissions["Zone Read"],
-      data.cloudflare_api_token_permission_groups.all.permissions["DNS Write"]
-    ]
-    resources = {
-      "com.cloudflare.api.account.zone.*" = "*"
-    }
-  }
-
-  condition {
-    request_ip {
-      in = local.public_ips
-    }
-  }
-}
-
-# Not proxied, not accessible. Just a record for auto-created CNAMEs by external-dns.
-resource "cloudflare_record" "tunnel" {
-  zone_id = data.cloudflare_zone.khuedoan_com.id
-  type    = "CNAME"
-  name    = "homelab-tunnel"
-  value   = "${cloudflare_argo_tunnel.homelab.id}.cfargotunnel.com"
-  proxied = false
-  ttl     = 1 # Auto
-}
-
-resource "kubernetes_secret" "external_dns_token" {
-  metadata {
-    name      = "cloudflare-api-token"
-    namespace = "external-dns"
-  }
-
-  data = {
-    "value" = cloudflare_api_token.external_dns.value
-  }
-}
-
-resource "cloudflare_api_token" "cert_manager" {
-  name = "homelab_cert_manager"
-
-  policy {
-    permission_groups = [
-      data.cloudflare_api_token_permission_groups.all.permissions["Zone Read"],
-      data.cloudflare_api_token_permission_groups.all.permissions["DNS Write"]
-    ]
-    resources = {
-      "com.cloudflare.api.account.zone.*" = "*"
-    }
-  }
-
-  condition {
-    request_ip {
-      in = local.public_ips
-    }
-  }
-}
-
-resource "kubernetes_secret" "cert_manager_token" {
-  metadata {
-    name      = "cloudflare-api-token"
-    namespace = "cert-manager"
-  }
-
-  data = {
-    "api-token" = cloudflare_api_token.cert_manager.value
-  }
-}
--- a/external/cloudflared.tf
+++ b/external/cloudflared.tf
@ -0,0 +1,36 @@
+resource "random_password" "tunnel_secret" {
+  length  = 64
+  special = false
+}
+
+resource "cloudflare_argo_tunnel" "homelab" {
+  account_id = var.cloudflare_account_id
+  name       = "homelab"
+  secret     = base64encode(random_password.tunnel_secret.result)
+}
+
+# Not proxied, not accessible. Just a record for auto-created CNAMEs by external-dns.
+resource "cloudflare_record" "tunnel" {
+  zone_id = data.cloudflare_zone.khuedoan_com.id
+  type    = "CNAME"
+  name    = "homelab-tunnel"
+  value   = "${cloudflare_argo_tunnel.homelab.id}.cfargotunnel.com"
+  proxied = false
+  ttl     = 1 # Auto
+}
+
+resource "kubernetes_secret" "cloudflared_credentials" {
+  metadata {
+    name      = "cloudflared-credentials"
+    namespace = "cloudflared"
+  }
+
+  data = {
+    "credentials.json" = jsonencode({
+      AccountTag   = var.cloudflare_account_id
+      TunnelName   = cloudflare_argo_tunnel.homelab.name
+      TunnelID     = cloudflare_argo_tunnel.homelab.id
+      TunnelSecret = base64encode(random_password.tunnel_secret.result)
+    })
+  }
+}
--- a/external/external_dns.tf
+++ b/external/external_dns.tf
@ -0,0 +1,31 @@
+resource "cloudflare_api_token" "external_dns" {
+  name = "homelab_external_dns"
+
+  policy {
+    permission_groups = [
+      data.cloudflare_api_token_permission_groups.all.permissions["Zone Read"],
+      data.cloudflare_api_token_permission_groups.all.permissions["DNS Write"]
+    ]
+    resources = {
+      "com.cloudflare.api.account.zone.*" = "*"
+    }
+  }
+
+  condition {
+    request_ip {
+      in = local.public_ips
+    }
+  }
+}
+
+resource "kubernetes_secret" "external_dns_token" {
+  metadata {
+    name      = "cloudflare-api-token"
+    namespace = "external-dns"
+  }
+
+  data = {
+    "value" = cloudflare_api_token.external_dns.value
+  }
+}
+