mirror of
https://github.com/khuedoan/homelab.git
synced 2024-12-23 01:24:36 +07:00
37 lines
1.0 KiB
HCL
37 lines
1.0 KiB
HCL
resource "random_password" "tunnel_secret" {
|
|
length = 64
|
|
special = false
|
|
}
|
|
|
|
resource "cloudflare_argo_tunnel" "homelab" {
|
|
account_id = var.cloudflare_account_id
|
|
name = "homelab"
|
|
secret = base64encode(random_password.tunnel_secret.result)
|
|
}
|
|
|
|
# Not proxied, not accessible. Just a record for auto-created CNAMEs by external-dns.
|
|
resource "cloudflare_record" "tunnel" {
|
|
zone_id = data.cloudflare_zone.zone.id
|
|
type = "CNAME"
|
|
name = "homelab-tunnel"
|
|
value = "${cloudflare_argo_tunnel.homelab.id}.cfargotunnel.com"
|
|
proxied = false
|
|
ttl = 1 # Auto
|
|
}
|
|
|
|
resource "kubernetes_secret" "cloudflared_credentials" {
|
|
metadata {
|
|
name = "cloudflared-credentials"
|
|
namespace = "cloudflared"
|
|
}
|
|
|
|
data = {
|
|
"credentials.json" = jsonencode({
|
|
AccountTag = var.cloudflare_account_id
|
|
TunnelName = cloudflare_argo_tunnel.homelab.name
|
|
TunnelID = cloudflare_argo_tunnel.homelab.id
|
|
TunnelSecret = base64encode(random_password.tunnel_secret.result)
|
|
})
|
|
}
|
|
}
|