# ============================================================================= # VAULT CONFIGURATION # ============================================================================= variable "vault_url" { description = "URL du serveur Vault" type = string default = "https://vault.tips-of-mine.com" } variable "vault_token" { description = "Token d'authentification Vault (fourni par CI/CD)" type = string sensitive = true } variable "vault_cloudflare_path" { description = "Chemin vers les secrets Cloudflare dans Vault" type = string default = "secret/cloudflare" } # ============================================================================= # CLOUDFLARE CONFIGURATION # ============================================================================= variable "cloudflare_zone" { description = "Domaine principal" type = string default = "tips-of-mine.org" } variable "tunnel_name" { description = "Nom du tunnel Cloudflare" type = string default = "home-tunnel" } variable "tunnel_network" { description = "Network du tunnel Cloudflare" type = string default = "10.0.0.0/24" } variable "tunnel_network_comment" { description = "Commentaire du network du tunnel Cloudflare" type = string default = "Example comment for this route." } variable "cloudflare_api_token" { description = "Token d'API Cloudflare" type = string sensitive = true } variable "cloudflare_access_tags" { type = list(string) description = "Liste des tags Cloudflare Zero Trust à créer" } # ============================================================================= # APPLICATIONS CONFIGURATION # ============================================================================= variable "applications" { description = "Liste des applications à exposer via le tunnel" type = map(object({ subdomain = string origin_url = string no_tls_verify = optional(bool, true) access_enabled = optional(bool, false) access_team_name = optional(string, "") access_aud_tags = optional(list(string), []) })) default = {} } # ============================================================================= # Group # ============================================================================= # # ============================================================================= # ADVANCED OPTIONS # ============================================================================= variable "tunnel_warp_routing_enabled" { description = "Activer le routage WARP pour le tunnel" type = bool default = false } variable "dns_ttl" { description = "TTL pour les enregistrements DNS" type = number default = 1 } variable "dns_proxied" { description = "Activer le proxy Cloudflare pour les DNS" type = bool default = true } #====================================================== # IDENTITY PROVIDERS #====================================================== variable "cf_okta_identity_provider_id" { description = "Okta Identity Provider ID in Cloudflare" type = string sensitive = true } variable "cf_otp_identity_provider_id" { description = "OneTime PIN identity provider ID in Cloudflare" type = string sensitive = true } variable "cf_azure_identity_provider_id" { description = "Azure Entra ID identity provider ID in Cloudflare" type = string sensitive = true } variable "cf_azure_admin_rule_group_id" { description = "Azure Administrators Rule Group ID in Cloudflare" type = string sensitive = true } #====================================================== # OKTA SAML GROUPS #====================================================== variable "okta_infra_admin_saml_group_name" { description = "SAML Group name for InfrastructureAdmin group" type = string } variable "okta_contractors_saml_group_name" { description = "SAML Group name for Contractors group" type = string } variable "okta_sales_eng_saml_group_name" { description = "SAML Group name for SalesEngineering group" type = string } variable "okta_sales_saml_group_name" { description = "SAML Group name for Sales group" type = string } variable "okta_itadmin_saml_group_name" { description = "SAML Group name for ITAdmin group" type = string } #====================================================== # OKTA USER LOGINS #====================================================== variable "okta_bob_user_login" { description = "User login for bob, in an email format" type = string } variable "okta_matthieu_user_login" { description = "User login for matthieu, in an email format" type = string } #====================================================== # AZURE INFRASTRUCTURE #====================================================== variable "azure_engineering_group_id" { description = "Object ID of Azure_Engineering group from Azure AD" type = string } variable "azure_sales_group_id" { description = "Object ID of Azure_Sales group from Azure AD" type = string } variable "azure_subnet_cidr" { description = "Azure address prefix, subnet for VM in Azure" type = string } #====================================================== # DEVICE POSTURE CHECKS #====================================================== variable "cf_gateway_posture_id" { description = "Gateway posture ID in Cloudflare" type = string sensitive = true } variable "cf_macos_posture_id" { description = "Latest macOS version posture ID in Cloudflare" type = string sensitive = true } variable "cf_windows_posture_id" { description = "Latest Windows version posture ID in Cloudflare" type = string sensitive = true } variable "cf_linux_posture_id" { description = "Latest Linux Kernel version posture ID in Cloudflare" type = string sensitive = true } variable "cf_device_os" { description = "This is the OS you are running on your own client machine" type = string } variable "cf_email_domain" { description = "Email Domain used for email authentication in App policies" type = string }