# =============================================================================
# VAULT CONFIGURATION
# =============================================================================
variable "vault_url" {
  description = "URL du serveur Vault"
  type        = string
  default     = "https://vault.tips-of-mine.com"
}

variable "vault_token" {
  description = "Token d'authentification Vault (fourni par CI/CD)"
  type        = string
  sensitive   = true
}

variable "vault_cloudflare_path" {
  description = "Chemin vers les secrets Cloudflare dans Vault"
  type        = string
  default     = "secret/cloudflare"
}

# =============================================================================
# CLOUDFLARE CONFIGURATION
# =============================================================================
variable "cloudflare_zone" {
  description = "Domaine principal"
  type        = string
  default     = "tips-of-mine.org"
}

variable "tunnel_name" {
  description = "Nom du tunnel Cloudflare"
  type        = string
  default     = "home-tunnel"
}

variable "tunnel_network" {
  description = "Network du tunnel Cloudflare"
  type        = string
  default     = "10.0.0.0/24"
}

variable "tunnel_network_comment" {
  description = "Commentaire du network du tunnel Cloudflare"
  type        = string
  default     = "Example comment for this route."
}

variable "cloudflare_api_token" {
  description = "Token d'API Cloudflare"
  type        = string
  sensitive   = true
}

variable "cloudflare_access_tags" {
  type        = list(string)
  description = "Liste des tags Cloudflare Zero Trust à créer"
}

# =============================================================================
# APPLICATIONS CONFIGURATION
# =============================================================================
variable "applications" {
  description = "Liste des applications à exposer via le tunnel"
  type = map(object({
    subdomain          = string
    origin_url         = string
    no_tls_verify      = optional(bool, true)
    access_enabled     = optional(bool, false)
    access_team_name   = optional(string, "")
    access_aud_tags    = optional(list(string), [])
  }))
  default = {}
}

# =============================================================================
# Group
# =============================================================================

#

# =============================================================================
# ADVANCED OPTIONS
# =============================================================================
variable "tunnel_warp_routing_enabled" {
  description = "Activer le routage WARP pour le tunnel"
  type        = bool
  default     = false
}

variable "dns_ttl" {
  description = "TTL pour les enregistrements DNS"
  type        = number
  default     = 1
}

variable "dns_proxied" {
  description = "Activer le proxy Cloudflare pour les DNS"
  type        = bool
  default     = true
}