From 16ef3a0f261a591a20cf9beea7eb696832e1d9f0 Mon Sep 17 00:00:00 2001 From: Hubert Cornet Date: Tue, 18 Nov 2025 09:09:59 +0100 Subject: [PATCH] Update team_resources_devices.tf --- team_resources_devices.tf | 80 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 78 insertions(+), 2 deletions(-) diff --git a/team_resources_devices.tf b/team_resources_devices.tf index 872a4e1..513a581 100644 --- a/team_resources_devices.tf +++ b/team_resources_devices.tf @@ -3,11 +3,11 @@ # ============================================================================= # -resource "cloudflare_zero_trust_device_custom_profile" "example_zero_trust_device_custom_profile" { +resource "cloudflare_zero_trust_device_custom_profile" "zero_trust_device_custom_profile_windows" { account_id = local.cloudflare_account_id enabled = true - name = "Allow Developers" + name = "Allow devices Windows" description = "Policy for test teams." precedence = 100 # match = "identity.email == \"test@cloudflare.com\"" @@ -26,6 +26,82 @@ resource "cloudflare_zero_trust_device_custom_profile" "example_zero_trust_devic # include = [{ # address = "192.0.2.0/24" # description = "Include testing domains in the tunnel" +# }] + lan_allow_minutes = 30 + lan_allow_subnet_size = 24 + register_interface_ip_with_dns = true + sccm_vpn_boundary_support = false + service_mode_v2 = { + mode = "proxy" + port = 3000 + } + support_url = "https://1.1.1.1/help" + switch_locked = true + tunnel_protocol = "wireguard" +} + +# +resource "cloudflare_zero_trust_device_custom_profile" "zero_trust_device_custom_profile_linux" { + account_id = local.cloudflare_account_id + + enabled = true + name = "Allow devices Linux" + description = "Policy for test teams." + precedence = 100 +# match = "identity.email == \"test@cloudflare.com\"" + match = "os.name == \"linux\"" + allow_mode_switch = true + allow_updates = true + allowed_to_leave = true + auto_connect = 0 + captive_portal = 180 + disable_auto_fallback = true +# exclude = [{ +# address = "192.0.2.0/24" +# description = "Exclude testing domains from the tunnel" +# }] + exclude_office_ips = true +# include = [{ +# address = "192.0.2.0/24" +# description = "Include testing domains in the tunnel" +# }] + lan_allow_minutes = 30 + lan_allow_subnet_size = 24 + register_interface_ip_with_dns = true + sccm_vpn_boundary_support = false + service_mode_v2 = { + mode = "proxy" + port = 3000 + } + support_url = "https://1.1.1.1/help" + switch_locked = true + tunnel_protocol = "wireguard" +} + +# +resource "cloudflare_zero_trust_device_custom_profile" "zero_trust_device_custom_profile_mac" { + account_id = local.cloudflare_account_id + + enabled = true + name = "Allow devices Mac" + description = "Policy for test teams." + precedence = 100 +# match = "identity.email == \"test@cloudflare.com\"" + match = "os.name == \"mac\"" + allow_mode_switch = true + allow_updates = true + allowed_to_leave = true + auto_connect = 0 + captive_portal = 180 + disable_auto_fallback = true +# exclude = [{ +# address = "192.0.2.0/24" +# description = "Exclude testing domains from the tunnel" +# }] + exclude_office_ips = true +# include = [{ +# address = "192.0.2.0/24" +# description = "Include testing domains in the tunnel" # }] lan_allow_minutes = 30 lan_allow_subnet_size = 24