Hubert Cornet
59ce6229b0
Some checks failed
Terraform Apply / Terraform Apply (push) Failing after 12s
118 lines
3.5 KiB
HCL
118 lines
3.5 KiB
HCL
# =============================================================================
|
|
# VAULT CONFIGURATION
|
|
# =============================================================================
|
|
variable "vault_url" {
|
|
description = "URL du serveur Vault"
|
|
type = string
|
|
default = "https://vault.tips-of-mine.com"
|
|
}
|
|
|
|
variable "vault_token" {
|
|
description = "Token d'authentification Vault (fourni par CI/CD)"
|
|
type = string
|
|
sensitive = true
|
|
}
|
|
|
|
variable "vault_cloudflare_path" {
|
|
description = "Chemin vers les secrets Cloudflare dans Vault"
|
|
type = string
|
|
default = "secret/cloudflare"
|
|
}
|
|
|
|
# =============================================================================
|
|
# CLOUDFLARE CONFIGURATION
|
|
# =============================================================================
|
|
variable "cloudflare_zone" {
|
|
description = "Domaine principal"
|
|
type = string
|
|
default = "tips-of-mine.org"
|
|
}
|
|
|
|
variable "tunnel_name" {
|
|
description = "Nom du tunnel Cloudflare"
|
|
type = string
|
|
default = "home-tunnel"
|
|
}
|
|
|
|
variable "tunnel_network" {
|
|
description = "Network du tunnel Cloudflare"
|
|
type = string
|
|
default = "10.0.0.0/24"
|
|
}
|
|
|
|
variable "tunnel_network_comment" {
|
|
description = "Commentaire du network du tunnel Cloudflare"
|
|
type = string
|
|
default = "Example comment for this route."
|
|
}
|
|
|
|
variable "cloudflare_api_token" {
|
|
description = "Token d'API Cloudflare"
|
|
type = string
|
|
sensitive = true
|
|
}
|
|
|
|
variable "cloudflare_access_tags" {
|
|
type = list(string)
|
|
description = "Liste des tags Cloudflare Zero Trust à créer"
|
|
}
|
|
|
|
# =============================================================================
|
|
# APPLICATIONS CONFIGURATION
|
|
# =============================================================================
|
|
variable "applications" {
|
|
description = "Liste des applications à exposer via le tunnel"
|
|
type = map(object({
|
|
subdomain = string
|
|
origin_url = string
|
|
no_tls_verify = optional(bool, true)
|
|
access_enabled = optional(bool, false)
|
|
access_team_name = optional(string, "")
|
|
access_aud_tags = optional(list(string), [])
|
|
}))
|
|
default = {}
|
|
}
|
|
|
|
# =============================================================================
|
|
# Group
|
|
# =============================================================================
|
|
|
|
variable "access_policies" {
|
|
description = "Liste des policies d'accès au format map"
|
|
type = map(object({
|
|
name = string
|
|
include_groups = list(string)
|
|
exclude_groups = list(string)
|
|
require_mfa = optional(bool)
|
|
require_login_method = optional(bool)
|
|
require_country = optional(bool)
|
|
purpose_justification = optional(bool)
|
|
purpose_justification_prompt = optional(string)
|
|
}))
|
|
}
|
|
|
|
variable "policy_groups" {
|
|
description = "Map des groupes utilisés dans les policies"
|
|
type = map(string)
|
|
}
|
|
|
|
# =============================================================================
|
|
# ADVANCED OPTIONS
|
|
# =============================================================================
|
|
variable "tunnel_warp_routing_enabled" {
|
|
description = "Activer le routage WARP pour le tunnel"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "dns_ttl" {
|
|
description = "TTL pour les enregistrements DNS"
|
|
type = number
|
|
default = 1
|
|
}
|
|
|
|
variable "dns_proxied" {
|
|
description = "Activer le proxy Cloudflare pour les DNS"
|
|
type = bool
|
|
default = true
|
|
} |