From bafe4ccb460a07c228b7a5bf0f6021e77bb598e1 Mon Sep 17 00:00:00 2001
From: hcornet <hcornet@tips-of-mine.fr>
Date: Thu, 20 Nov 2025 15:32:39 +0100
Subject: [PATCH] add other app

---
 Access_Controls-Applications.tf | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/Access_Controls-Applications.tf b/Access_Controls-Applications.tf
index d93a366..bc3a05b 100644
--- a/Access_Controls-Applications.tf
+++ b/Access_Controls-Applications.tf
@@ -154,4 +154,35 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_app_ssh_browser"
       id = cloudflare_zero_trust_access_policy.policies["contractors_browser_rendering"].id
     }
   ]
+}
+
+#======================================================
+# SELF-HOSTED APP: PostgresDB Admin
+#======================================================
+# Creating the Self-hosted Application for Browser rendering VNC
+
+resource "cloudflare_zero_trust_access_application" "cf_app_vnc_browser" {
+  account_id                   = local.cloudflare_account_id
+
+  type                         = "vnc"
+  name                         = var.cloudflare_browser_vnc_app_name
+  app_launcher_visible         = true
+  logo_url                     = "https://blog.zwindler.fr/2015/07/vnc.png"
+  tags                         = ["engineers"]
+  session_duration             = "0s"
+  custom_deny_url              = "https://denied.tips-of-mine.org/"
+  custom_non_identity_deny_url = "https://denied.tips-of-mine.org/"
+
+  destinations = [{
+    type = "public"
+    uri  = var.cloudflare_subdomain_vnc
+  }]
+
+  allowed_idps                = [var.cloudflare_okta_identity_provider_id, var.cloudflare_otp_identity_provider_id]
+  auto_redirect_to_identity   = false
+  allow_authenticate_via_warp = false
+
+  policies = [{
+    id = cloudflare_zero_trust_access_policy.policies["employees_browser_rendering"].id
+  }]
 }
\ No newline at end of file