From 7c39ee1c77cf7c0cb17137a93373bf9f288d9bbc Mon Sep 17 00:00:00 2001 From: Hubert Cornet Date: Tue, 18 Nov 2025 09:21:02 +0100 Subject: [PATCH] Add networks_routes.tf --- networks_routes.tf | 100 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 networks_routes.tf diff --git a/networks_routes.tf b/networks_routes.tf new file mode 100644 index 0000000..ad5ecc0 --- /dev/null +++ b/networks_routes.tf @@ -0,0 +1,100 @@ +# ============================================================================= +# CLOUDFLARE : Networks : Routes +# ============================================================================= + +# +resource "cloudflare_zero_trust_tunnel_cloudflared_route" "home_tunnel_route" { + account_id = local.cloudflare_account_id + network = var.tunnel_network + tunnel_id = cloudflare_zero_trust_tunnel_cloudflared.home_tunnel.id + comment = var.tunnel_network_comment +} + +# +#data "cloudflare_zero_trust_tunnel_cloudflared_route" "home_tunnel_route_token" { +# account_id = "699d98642c564d2e855e9661899b7252" +# route_id = cloudflare_zero_trust_tunnel_cloudflared_route.home_tunnel_route.id +#} + +# ============================================================================= +# DNS RECORDS (un par application) +# ============================================================================= + +resource "cloudflare_dns_record" "applications" { + for_each = var.applications + + zone_id = local.cloudflare_zone_id + name = each.value.subdomain + content = "${cloudflare_zero_trust_tunnel_cloudflared.home_tunnel.id}.cfargotunnel.com" + type = "CNAME" + ttl = var.dns_ttl + proxied = var.dns_proxied + comment = "Managed by Terraform - ${each.key} via Cloudflare Tunnel" +} + +# ============================================================================= +# TUNNEL CONFIGURATION +# ============================================================================= + +resource "cloudflare_zero_trust_tunnel_cloudflared_config" "home_tunnel_config" { + tunnel_id = cloudflare_zero_trust_tunnel_cloudflared.home_tunnel.id + account_id = local.cloudflare_account_id + + config = { + warp_routing = { + enabled = var.tunnel_warp_routing_enabled + } + + ingress = local.ingress_rules + } + + lifecycle { + # Ignorer les changements manuels dans Cloudflare Dashboard + ignore_changes = [config] + } +} + +# ============================================================================= +# ACCESS POLICIES (optionnel) +# ============================================================================= + +# Exemple de politique d'accès réutilisable +# Décommentez si vous souhaitez utiliser Cloudflare Access +/* +resource "cloudflare_zero_trust_access_policy" "allow_emails" { + account_id = local.cloudflare_account_id + name = "Allow specific emails" + decision = "allow" + + include = [ + { + email = { + email = local.cloudflare_email + } + }, + { + email_domain = { + domain = var.cloudflare_zone + } + } + ] +} + +# Application Access pour chaque application qui l'exige +resource "cloudflare_zero_trust_access_application" "applications" { + for_each = { + for app_name, app_config in var.applications : + app_name => app_config + if app_config.access_enabled + } + + account_id = local.cloudflare_account_id + type = "self_hosted" + name = "Access for ${each.key}" + domain = "${each.value.subdomain}.${var.cloudflare_zone}" + + policies = [ + cloudflare_zero_trust_access_policy.allow_emails.id + ] +} +*/ \ No newline at end of file