# ============================================================================= # VAULT CONFIGURATION # ============================================================================= variable "vault_url" { description = "URL du serveur Vault" type = string default = "https://vault.tips-of-mine.com" } variable "vault_token" { description = "Token d'authentification Vault (fourni par CI/CD)" type = string sensitive = true } variable "vault_cloudflare_path" { description = "Chemin vers les secrets Cloudflare dans Vault" type = string default = "secret/cloudflare" } variable "vault_authentik_path" { description = "Chemin vers les secrets Authentik dans Vault" type = string default = "secret/authentik" } # ============================================================================= # CLOUDFLARE CONFIGURATION # ============================================================================= variable "authentik_oidc_client_id_cloudflare" { description = "Client ID for Authentik" type = string default = "exemple" } variable "authentik_oidc_secret_cloudflare" { description = "Secret for Authentik" type = string default = "exemple" } # ============================================================================= # CLOUDFLARE CONFIGURATION # ============================================================================= variable "cloudflare_zone" { description = "Domaine principal" type = string default = "tips-of-mine.org" } variable "tunnel_name" { description = "Nom du tunnel Cloudflare" type = string default = "home-tunnel" } variable "tunnel_network" { description = "Network du tunnel Cloudflare" type = string default = "10.0.0.0/24" } variable "tunnel_network_comment" { description = "Commentaire du network du tunnel Cloudflare" type = string default = "tips-of-mine comment for this route." } variable "cloudflare_api_token" { description = "Token d'API Cloudflare" type = string sensitive = true } variable "cloudflare_access_tags" { type = list(string) description = "Liste des tags Cloudflare Zero Trust à créer" } # ============================================================================= # APPLICATIONS CONFIGURATION # ============================================================================= variable "applications" { description = "Liste des applications à exposer via le tunnel" type = map(object({ subdomain = string origin_url = string no_tls_verify = optional(bool, true) access_enabled = optional(bool, false) access_team_name = optional(string, "") access_aud_tags = optional(list(string), []) })) default = {} } # ============================================================================= # Group # ============================================================================= # #====================================================== # CLOUDFLARE WARP CONNECTOR CONFIGURATION #====================================================== variable "cloudflare_default_cgnat_routes" { description = "default cgnat routes" type = list(object({ address = string description = string })) default = [{ address = "100.64.0.0/10" description = "Default CGNAT Range" }] } variable "cloudflare_custom_cgnat_routes" { description = "List of custom CGNAT routes to add to the device profile" type = list(object({ address = string description = string })) } variable "cloudflare_warp_cgnat_cidr" { description = "default ip range for WARP when overriding local interface IP" type = string } # ============================================================================= # ADVANCED OPTIONS # ============================================================================= variable "tunnel_warp_routing_enabled" { description = "Activer le routage WARP pour le tunnel" type = bool default = false } variable "dns_ttl" { description = "TTL pour les enregistrements DNS" type = number default = 1 } variable "dns_proxied" { description = "Activer le proxy Cloudflare pour les DNS" type = bool default = true } #====================================================== # IDENTITY PROVIDERS #====================================================== variable "cloudflare_okta_identity_provider_id" { description = "Okta Identity Provider ID in Cloudflare" type = string sensitive = true } variable "cloudflare_otp_identity_provider_id" { description = "OneTime PIN identity provider ID in Cloudflare" type = string sensitive = true } #variable "cloudflare_azure_identity_provider_id" { # description = "Azure Entra ID identity provider ID in Cloudflare" # type = string # sensitive = true #} #variable "cloudflare_azure_admin_rule_group_id" { # description = "Azure Administrators Rule Group ID in Cloudflare" # type = string # sensitive = true #} variable "cloudflare_gateway_posture_id" { description = "Gateway posture ID in Cloudflare" type = string sensitive = true } variable "cloudflare_macos_posture_id" { description = "Latest macOS version posture ID in Cloudflare" type = string sensitive = true } variable "cloudflare_windows_posture_id" { description = "Latest Windows version posture ID in Cloudflare" type = string sensitive = true } variable "cloudflare_linux_posture_id" { description = "Latest Linux Kernel version posture ID in Cloudflare" type = string sensitive = true } variable "cloudflare_device_os" { description = "This is the OS you are running on your own client machine" type = string } variable "cloudflare_email_domain" { description = "Email Domain used for email authentication in App policies" type = string } #====================================================== # OKTA SAML GROUPS #====================================================== variable "okta_infra_admin_saml_group_name" { description = "SAML Group name for InfrastructureAdmin group" type = string } variable "okta_contractors_saml_group_name" { description = "SAML Group name for Contractors group" type = string } variable "okta_sales_eng_saml_group_name" { description = "SAML Group name for SalesEngineering group" type = string } variable "okta_sales_saml_group_name" { description = "SAML Group name for Sales group" type = string } variable "okta_itadmin_saml_group_name" { description = "SAML Group name for ITAdmin group" type = string } #====================================================== # OKTA USER LOGINS #====================================================== variable "okta_bob_user_login" { description = "User login for bob, in an email format" type = string } variable "okta_matthieu_user_login" { description = "User login for matthieu, in an email format" type = string } #====================================================== # AZURE INFRASTRUCTURE #====================================================== #variable "azure_engineering_group_id" { # description = "Object ID of Azure_Engineering group from Azure AD" # type = string #} #variable "azure_sales_group_id" { # description = "Object ID of Azure_Sales group from Azure AD" # type = string #} #variable "azure_subnet_cidr" { # description = "Azure address prefix, subnet for VM in Azure" # type = string #} #====================================================== # CLOUDFLARE APPLICATION PORTS #====================================================== variable "cloudflare_intranet_app_port" { description = "Port for the Intranet web App in Cloudflare" type = number } variable "cloudflare_competition_app_port" { description = "Port for the Competition web App in Cloudflare" type = number } variable "cloudflare_domain_controller_rdp_port" { description = "Port for the RDP domain controller" type = number } #====================================================== # #====================================================== #variable "cloudflare_subdomain_ssh" { # description = "cloudflare_subdomain_ssh" # type = string # default = "ssh-database.tips-of-mine.com" #} #variable "cloudflare_subdomain_vnc" { # description = "cloudflare_subdomain_vnc" # type = string # default = "vnc.tips-of-mine.com" #} #variable "cloudflare_subdomain_web" { # description = "cloudflare_subdomain_web" # type = string # default = "intranet.tips-of-mine.com" #} #variable "cloudflare_subdomain_rdp" { # description = "cloudflare_subdomain_rdp" # type = string # default = "rdp.tips-of-mine.com" #} #variable "cloudflare_subdomain_web_sensitive" { # description = "cloudflare_subdomain_web_sensitive" # type = string # default = "competition.tips-of-mine.com" #} #variable "cloudflare_subdomain_training_status" { # description = "cloudflare_subdomain_training_status" # type = string # default = "training-status.tips-of-mine.com" #} #====================================================== # GCP Networking #====================================================== variable "gcp_vm_internal_ip" { description = "Internal Private IP of GCP Compute Engine Instance" type = string } variable "gcp_windows_vm_internal_ip" { description = "Internal Private IP of GCP Compute Engine Instance running Windows RDP" type = string } variable "gcp_infra_cidr" { description = "CIDR Range for GCP VMs running cloudflared" type = string } variable "gcp_warp_cidr" { description = "CIDR Range for GCP VMs running warp" type = string } variable "gcp_windows_rdp_cidr" { description = "CIDR Range for GCP VMs running cloudflared, Windows and RDP Server" type = string } #====================================================== # AWS Networking #====================================================== variable "aws_vpc_cidr" { description = "AWS vpc cidr, subnet for vpc in AWS" type = string } variable "aws_private_cidr" { description = "AWS private subnet, subnet for VMs in AWS" type = string } variable "aws_public_cidr" { description = "AWS public subnet" type = string } #====================================================== # AZURE Networking #====================================================== variable "azure_subnet_cidr" { description = "Azure address prefix, subnet for VM in Azure" type = string } variable "azure_vnet_cidr" { description = "Azure address vnet, subnet for vnet in Azure" type = string } variable "azure_public_dns_domain" { description = "Azure Public DNS Domain" type = string } #====================================================== # TUNNEL CONFIGURATION #====================================================== variable "cloudflare_tunnel_name_gcp" { description = "Name of the Cloudflared tunnel for GCP" type = string } variable "cloudflare_tunnel_name_aws" { description = "Name of the Cloudflared tunnel for AWS" type = string } variable "cloudflare_tunnel_name_azure" { description = "Name of the Cloudflared tunnel for Azure" type = string } variable "cloudflare_tunnel_name_ovh" { description = "Name of the Cloudflared tunnel for OVH" type = string } variable "cloudflare_windows_rdp_tunnel_name_gcp" { description = "Name of the Cloudflared tunnel for Windows RDP Server GCP" type = string } #====================================================== # WARP CONNECTOR TUNNEL IDS #====================================================== variable "cloudflare_tunnel_warp_connector_azure_id" { description = "ID of the WARP Connector Tunnel manually created for Azure in UI" type = string } variable "cloudflare_tunnel_warp_connector_gcp_id" { description = "ID of the WARP Connector Tunnel manually created for GCP in UI" type = string } variable "cloudflare_tunnel_warp_connector_aws_id" { description = "ID of the WARP Connector Tunnel manually created for AWS in UI" type = string } variable "cloudflare_tunnel_warp_connector_ovh_id" { description = "ID of the WARP Connector Tunnel manually created for OVH in UI" type = string } variable "cloudflare_team_name" { description = "Name of the Team in Cloudflare, essentially zero-trust org name" type = string } #====================================================== # CLOUDFLARE DNS SUBDOMAIN CONFIGURATION #====================================================== variable "cloudflare_subdomain_ssh" { description = "Name of the subdomain for ssh public hostname of tunnel" type = string } variable "cloudflare_subdomain_vnc" { description = "Name of the subdomain for VNC public hostname of tunnel" type = string } variable "cloudflare_subdomain_web" { description = "Name of the subdomain for web public hostname of tunnel" type = string } variable "cloudflare_subdomain_web_sensitive" { description = "Name of the subdomain for web sensitive public hostname of tunnel" type = string } variable "cloudflare_subdomain_rdp" { description = "Name of the subdomain for rdp browser rendered public hostname" type = string } variable "cloudflare_subdomain_training_status" { description = "Name of the subdomain for training status admin portal (OPTIONAL: only needed if using optional-cloudflare-apps.tf)" type = string } #====================================================== # CLOUDFLARE TARGET NAMES #====================================================== variable "cloudflare_target_ssh_name" { description = "Friendly name for the Target hostname in Infrastructure App" type = string } variable "cloudflare_target_rdp_name" { description = "Friendly name for the Target hostname in RDP windows browser rendered App" type = string } #====================================================== # CLOUDFLARE ACCESS APPLICATION CONFIGURATION #====================================================== variable "cloudflare_browser_ssh_app_name" { description = "Name of the Browser Rendering SSH App in Cloudflare" type = string } variable "cloudflare_browser_vnc_app_name" { description = "Name of the Browser Rendering VNC App in Cloudflare" type = string } variable "cloudflare_infra_app_name" { description = "Name of the Infrastructure App in Cloudflare" type = string } variable "cloudflare_sensitive_web_app_name" { description = "Name of the Sensitive web App in Cloudflare" type = string } variable "cloudflare_intranet_web_app_name" { description = "Name of the Intranet web App in Cloudflare" type = string } variable "cloudflare_browser_rdp_app_name" { description = "Name of the RDP windows browser rendered App in Cloudflare" type = string }