# =============================================================================
# CONFIGURATION TERRAFORM - SANS SECRETS
# =============================================================================
# Les secrets sont gérés via Vault
# Le vault_token est fourni par la CI/CD via variable d'environnement

# Configuration Vault
vault_url                = "https://vault.tips-of-mine.com"
vault_cloudflare_path    = "secret/cloudflare"

# Configuration Cloudflare
cloudflare_zone          = "tips-of-mine.org"

# =============================================================================
# TUNNEL INFORMATION
# =============================================================================
tunnel_name              = "Tips-Of-Mine-sldokp02"
tunnel_network           = "10.0.2.0/24"
tunnel_network_comment   = "Example comment for this route sldokp02."

# Configuration DNS
dns_ttl                  = 1
dns_proxied              = true

# Options avancées
tunnel_warp_routing_enabled = false

# =============================================================================
# APPLICATIONS
# =============================================================================
applications = {
  # Application 1 : Service HTTP classique
  "http-app" = {
    subdomain      = "http-app"
    origin_url     = "https://10.0.4.133"
    no_tls_verify  = true
    access_enabled = false
  }

  # Application 2 : Service avec Access activé
  "secure-app" = {
    subdomain        = "secure"
    origin_url       = "http://10.0.4.134:8080"
    no_tls_verify    = false
    access_enabled   = true
    access_team_name = "tips-of-mine"
    access_aud_tags  = ["secure-app-tag"]
  }

  # Application 3 : Autre service
  "homeassistant" = {
    subdomain      = "home"
    origin_url     = "http://10.0.4.135:8123"
    no_tls_verify  = false
    access_enabled = false
  }
}

# =============================================================================
# Groups
# =============================================================================

#

# =============================================================================
# Tags
# =============================================================================

#
cloudflare_access_tags = [
  "engineers",
  "developers",
  "qa",
  "devops"
]