Allow only exposing services over Tailscale

This works using public DNS, so doesn't need Tailscale's magic DNS to override my local.
2024-03-07 22:30:10 +00:00
parent 451a114262
commit f88d224168
10 changed files with 56 additions and 0 deletions
--- a/terraform/theorangeone.net.tf
+++ b/terraform/theorangeone.net.tf
@ -26,6 +26,14 @@ resource "cloudflare_record" "theorangeonenet_whoami_cdn" {
  ttl     = 1
 }

+resource "cloudflare_record" "theorangeonenet_whoami_private" {
+  zone_id = cloudflare_zone.theorangeonenet.id
+  name    = "whoami-private"
+  value   = cloudflare_record.sys_domain_private.hostname
+  type    = "CNAME"
+  ttl     = 1
+}
+
 resource "cloudflare_record" "theorangeonenet_mx1" {
  zone_id  = cloudflare_zone.theorangeonenet.id
  name     = "@"