# ============================================================================= # VAULT CONFIGURATION # ============================================================================= variable "vault_url" { description = "URL du serveur Vault" type = string default = "https://vault.tips-of-mine.com" } variable "vault_token" { description = "Token d'authentification Vault (fourni par CI/CD)" type = string sensitive = true } variable "vault_cloudflare_path" { description = "Chemin vers les secrets Cloudflare dans Vault" type = string default = "secret/cloudflare" } variable "vault_authentik_path" { description = "Chemin vers les secrets Authentik dans Vault" type = string default = "secret/authentik" } # ============================================================================= # CLOUDFLARE CONFIGURATION # ============================================================================= variable "authentik_oidc_client_id_cloudflare" { description = "Client ID for Authentik" type = string default = "exemple" } variable "authentik_oidc_secret_cloudflare" { description = "Secret for Authentik" type = string default = "exemple" } # ============================================================================= # CLOUDFLARE CONFIGURATION # ============================================================================= variable "cloudflare_zone" { description = "Domaine principal" type = string default = "tips-of-mine.org" } variable "tunnel_name" { description = "Nom du tunnel Cloudflare" type = string default = "home-tunnel" } variable "tunnel_network" { description = "Network du tunnel Cloudflare" type = string default = "10.0.0.0/24" } variable "tunnel_network_comment" { description = "Commentaire du network du tunnel Cloudflare" type = string default = "tips-of-mine comment for this route." } variable "cloudflare_api_token" { description = "Token d'API Cloudflare" type = string sensitive = true } variable "cloudflare_access_tags" { type = list(string) description = "Liste des tags Cloudflare Zero Trust à créer" } # ============================================================================= # APPLICATIONS CONFIGURATION # ============================================================================= variable "applications" { description = "Liste des applications à exposer via le tunnel" type = map(object({ subdomain = string origin_url = string no_tls_verify = optional(bool, true) access_enabled = optional(bool, false) access_team_name = optional(string, "") access_aud_tags = optional(list(string), []) })) default = {} } # ============================================================================= # Group # ============================================================================= # #====================================================== # CLOUDFLARE WARP CONNECTOR CONFIGURATION #====================================================== variable "cloudflare_default_cgnat_routes" { description = "default cgnat routes" type = list(object({ address = string description = string })) default = [{ address = "100.64.0.0/10" description = "Default CGNAT Range" }] } variable "cloudflare_custom_cgnat_routes" { description = "List of custom CGNAT routes to add to the device profile" type = list(object({ address = string description = string })) } variable "cloudflare_warp_cgnat_cidr" { description = "default ip range for WARP when overriding local interface IP" type = string } # ============================================================================= # ADVANCED OPTIONS # ============================================================================= variable "tunnel_warp_routing_enabled" { description = "Activer le routage WARP pour le tunnel" type = bool default = false } variable "dns_ttl" { description = "TTL pour les enregistrements DNS" type = number default = 1 } variable "dns_proxied" { description = "Activer le proxy Cloudflare pour les DNS" type = bool default = true } #====================================================== # IDENTITY PROVIDERS #====================================================== variable "cloudflare_okta_identity_provider_id" { description = "Okta Identity Provider ID in Cloudflare" type = string sensitive = true } variable "cloudflare_otp_identity_provider_id" { description = "OneTime PIN identity provider ID in Cloudflare" type = string sensitive = true } #variable "cloudflare_azure_identity_provider_id" { # description = "Azure Entra ID identity provider ID in Cloudflare" # type = string # sensitive = true #} #variable "cloudflare_azure_admin_rule_group_id" { # description = "Azure Administrators Rule Group ID in Cloudflare" # type = string # sensitive = true #} variable "cloudflare_gateway_posture_id" { description = "Gateway posture ID in Cloudflare" type = string sensitive = true } variable "cloudflare_macos_posture_id" { description = "Latest macOS version posture ID in Cloudflare" type = string sensitive = true } variable "cloudflare_windows_posture_id" { description = "Latest Windows version posture ID in Cloudflare" type = string sensitive = true } variable "cloudflare_linux_posture_id" { description = "Latest Linux Kernel version posture ID in Cloudflare" type = string sensitive = true } variable "cloudflare_device_os" { description = "This is the OS you are running on your own client machine" type = string } variable "cloudflare_email_domain" { description = "Email Domain used for email authentication in App policies" type = string } #====================================================== # OKTA SAML GROUPS #====================================================== variable "okta_infra_admin_saml_group_name" { description = "SAML Group name for InfrastructureAdmin group" type = string } variable "okta_contractors_saml_group_name" { description = "SAML Group name for Contractors group" type = string } variable "okta_sales_eng_saml_group_name" { description = "SAML Group name for SalesEngineering group" type = string } variable "okta_sales_saml_group_name" { description = "SAML Group name for Sales group" type = string } variable "okta_itadmin_saml_group_name" { description = "SAML Group name for ITAdmin group" type = string } #====================================================== # OKTA USER LOGINS #====================================================== variable "okta_bob_user_login" { description = "User login for bob, in an email format" type = string } variable "okta_matthieu_user_login" { description = "User login for matthieu, in an email format" type = string } #====================================================== # AZURE INFRASTRUCTURE #====================================================== #variable "azure_engineering_group_id" { # description = "Object ID of Azure_Engineering group from Azure AD" # type = string #} #variable "azure_sales_group_id" { # description = "Object ID of Azure_Sales group from Azure AD" # type = string #} #variable "azure_subnet_cidr" { # description = "Azure address prefix, subnet for VM in Azure" # type = string #} #====================================================== # CLOUDFLARE APPLICATION PORTS #====================================================== variable "cloudflare_intranet_app_port" { description = "Port for the Intranet web App in Cloudflare" type = number } variable "cloudflare_competition_app_port" { description = "Port for the Competition web App in Cloudflare" type = number } variable "cloudflare_domain_controller_rdp_port" { description = "Port for the RDP domain controller" type = number } #====================================================== # #====================================================== variable "cloudflare_subdomain_ssh" { description = "cloudflare_subdomain_ssh" type = string default = "ssh-database.tips-of-mine.com" } variable "cloudflare_subdomain_vnc" { description = "cloudflare_subdomain_ssh" type = string default = "vnc.tips-of-mine.com" } variable "cloudflare_subdomain_web" { description = "cloudflare_subdomain_ssh" type = string default = "intranet.tips-of-mine.com" } variable "cloudflare_subdomain_rdp" { description = "cloudflare_subdomain_ssh" type = string default = "rdp.tips-of-mine.com" } variable "cloudflare_subdomain_web_sensitive" { description = "cloudflare_subdomain_ssh" type = string default = "competition.tips-of-mine.com" } variable "cloudflare_subdomain_training_status" { description = "cloudflare_subdomain_ssh" type = string default = "training-status.tips-of-mine.com" } #====================================================== # GCP Networking #====================================================== variable "gcp_infra_cidr" { description = "CIDR Range for GCP VMs running cloudflared" type = string } variable "gcp_warp_cidr" { description = "CIDR Range for GCP VMs running warp" type = string } variable "gcp_windows_rdp_cidr" { description = "CIDR Range for GCP VMs running cloudflared, Windows and RDP Server" type = string } #====================================================== # AWS Networking #====================================================== variable "aws_vpc_cidr" { description = "AWS vpc cidr, subnet for vpc in AWS" type = string } variable "aws_private_cidr" { description = "AWS private subnet, subnet for VMs in AWS" type = string } variable "aws_public_cidr" { description = "AWS public subnet" type = string } #====================================================== # AZURE Networking #====================================================== variable "azure_subnet_cidr" { description = "Azure address prefix, subnet for VM in Azure" type = string } variable "azure_vnet_cidr" { description = "Azure address vnet, subnet for vnet in Azure" type = string } variable "azure_public_dns_domain" { description = "Azure Public DNS Domain" type = string }