Tips-Of-Mine/terraform-cloudflare-tunnel-zone-org
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Update gateway_policy.tf
Some checks failed
Terraform Apply / Terraform Apply (push) Failing after 13s
Details

Browse Source
This commit is contained in:
Hubert Cornet
2025-11-17 14:55:15 +01:00
parent d70fea8b65
commit 463d0c3c0c
1 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
gateway_policy.tf
View File

@@ -25,15 +25,15 @@ resource "cloudflare_zero_trust_gateway_policy" "block_malware" {
# POLICY: Block Ads # POLICY: Block Ads
locals { locals {
# Iterate through each pihole_domain_list resource and extract its ID # Iterate through each ads_domain_list resource and extract its ID
pihole_domain_lists = [for k, v in cloudflare_teams_list.pihole_domain_lists : v.id] ads_domain_lists = [for k, v in cloudflare_teams_list.ads_domain_lists : v.id]
# Format the values: remove dashes and prepend $ # Format the values: remove dashes and prepend $
pihole_domain_lists_formatted = [for v in local.pihole_domain_lists : format("$%s", replace(v, "-", ""))] ads_domain_lists_formatted = [for v in local.ads_domain_lists : format("$%s", replace(v, "-", ""))]
# Create filters to use in the policy # Create filters to use in the policy
pihole_ad_filters = formatlist("any(dns.domains[*] in %s)", local.pihole_domain_lists_formatted) ads_ad_filters = formatlist("any(dns.domains[*] in %s)", local.ads_domain_lists_formatted)
pihole_ad_filter = join(" or ", local.pihole_ad_filters) ads_ad_filter = join(" or ", local.ads_ad_filters)
} }
resource "cloudflare_zero_trust_gateway_policy" "block_ads" { resource "cloudflare_zero_trust_gateway_policy" "block_ads" {
@@ -48,7 +48,7 @@ resource "cloudflare_zero_trust_gateway_policy" "block_ads" {
# Block domain belonging to lists (defined below) # Block domain belonging to lists (defined below)
filters = ["dns"] filters = ["dns"]
action = "block" action = "block"
traffic = local.pihole_ad_filter traffic = local.ads_ad_filter
rule_settings { rule_settings {
block_page_enabled = false block_page_enabled = false
@@ -57,31 +57,31 @@ resource "cloudflare_zero_trust_gateway_policy" "block_ads" {
locals { locals {
# The full path of the list holding the domain list # The full path of the list holding the domain list
pihole_domain_list_file = "${path.module}/lists/pihole_domain_list.txt" ads_domain_list_file = "${path.module}/lists/pihole_domain_list.txt"
# Parse the file and create a list, one item per line # Parse the file and create a list, one item per line
pihole_domain_list = split("\n", file(local.pihole_domain_list_file)) ads_domain_list = split("\n", file(local.ads_domain_list_file))
# Remove empty lines # Remove empty lines
pihole_domain_list_clean = [for x in local.pihole_domain_list : x if x != ""] ads_domain_list_clean = [for x in local.ads_domain_list : x if x != ""]
# Use chunklist to split a list into fixed-size chunks # Use chunklist to split a list into fixed-size chunks
# It returns a list of lists # It returns a list of lists
pihole_aggregated_lists = chunklist(local.pihole_domain_list_clean, 1000) ads_aggregated_lists = chunklist(local.ads_domain_list_clean, 1000)
# Get the number of lists (chunks) created # Get the number of lists (chunks) created
pihole_list_count = length(local.pihole_aggregated_lists) ads_list_count = length(local.ads_aggregated_lists)
} }
resource "cloudflare_zero_trust_list" "pihole_domain_lists" { resource "cloudflare_zero_trust_list" "ads_domain_lists" {
account_id = local.cloudflare_account_id account_id = local.cloudflare_account_id
for_each = { for_each = {
for i in range(0, local.pihole_list_count) : for i in range(0, local.ads_list_count) :
i => element(local.pihole_aggregated_lists, i) i => element(local.ads_aggregated_lists, i)
} }
name = "pihole_domain_list_${each.key}" name = "ads_domain_list_${each.key}"
type = "DOMAIN" type = "DOMAIN"
items = each.value items = each.value
} }