Tips-Of-Mine/terraform-cloudflare-tunnel-zone-org
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5d0119981e7215af2e6ff89abb9f8af22acbd6a2
terraform-cloudflare-tunnel…/variables.tf
Hubert Cornet 5d0119981e
Some checks failed
Terraform Apply / Terraform Apply (push) Failing after 14s
Details
Update variables.tf
2025-11-19 09:51:15 +01:00

293 lines
8.0 KiB
HCL
Raw Blame History

# =============================================================================
# VAULT CONFIGURATION
# =============================================================================
variable "vault_url" {
description = "URL du serveur Vault"
type = string
default = "https://vault.tips-of-mine.com"
}
variable "vault_token" {
description = "Token d'authentification Vault (fourni par CI/CD)"
type = string
sensitive = true
}
variable "vault_cloudflare_path" {
description = "Chemin vers les secrets Cloudflare dans Vault"
type = string
default = "secret/cloudflare"
}
variable "vault_authentik_path" {
description = "Chemin vers les secrets Authentik dans Vault"
type = string
default = "secret/authentik"
}
# =============================================================================
# CLOUDFLARE CONFIGURATION
# =============================================================================
variable "authentik_oidc_client_id_cloudflare" {
description = "Client ID for Authentik"
type = string
default = "exemple"
}
variable "authentik_oidc_secret_cloudflare" {
description = "Secret for Authentik"
type = string
default = "exemple"
}
# =============================================================================
# CLOUDFLARE CONFIGURATION
# =============================================================================
variable "cloudflare_zone" {
description = "Domaine principal"
type = string
default = "tips-of-mine.org"
}
variable "tunnel_name" {
description = "Nom du tunnel Cloudflare"
type = string
default = "home-tunnel"
}
variable "tunnel_network" {
description = "Network du tunnel Cloudflare"
type = string
default = "10.0.0.0/24"
}
variable "tunnel_network_comment" {
description = "Commentaire du network du tunnel Cloudflare"
type = string
default = "tips-of-mine comment for this route."
}
variable "cloudflare_api_token" {
description = "Token d'API Cloudflare"
type = string
sensitive = true
}
variable "cloudflare_access_tags" {
type = list(string)
description = "Liste des tags Cloudflare Zero Trust à créer"
}
# =============================================================================
# APPLICATIONS CONFIGURATION
# =============================================================================
variable "applications" {
description = "Liste des applications à exposer via le tunnel"
type = map(object({
subdomain = string
origin_url = string
no_tls_verify = optional(bool, true)
access_enabled = optional(bool, false)
access_team_name = optional(string, "")
access_aud_tags = optional(list(string), [])
}))
default = {}
}
# =============================================================================
# Group
# =============================================================================
#
# =============================================================================
# ADVANCED OPTIONS
# =============================================================================
variable "tunnel_warp_routing_enabled" {
description = "Activer le routage WARP pour le tunnel"
type = bool
default = false
}
variable "dns_ttl" {
description = "TTL pour les enregistrements DNS"
type = number
default = 1
}
variable "dns_proxied" {
description = "Activer le proxy Cloudflare pour les DNS"
type = bool
default = true
}
#======================================================
# IDENTITY PROVIDERS
#======================================================
variable "cloudflare_okta_identity_provider_id" {
description = "Okta Identity Provider ID in Cloudflare"
type = string
sensitive = true
}
variable "cloudflare_otp_identity_provider_id" {
description = "OneTime PIN identity provider ID in Cloudflare"
type = string
sensitive = true
}
#variable "cloudflare_azure_identity_provider_id" {
# description = "Azure Entra ID identity provider ID in Cloudflare"
# type = string
# sensitive = true
#}
#variable "cloudflare_azure_admin_rule_group_id" {
# description = "Azure Administrators Rule Group ID in Cloudflare"
# type = string
# sensitive = true
#}
variable "cloudflare_gateway_posture_id" {
description = "Gateway posture ID in Cloudflare"
type = string
sensitive = true
}
variable "cloudflare_macos_posture_id" {
description = "Latest macOS version posture ID in Cloudflare"
type = string
sensitive = true
}
variable "cloudflare_windows_posture_id" {
description = "Latest Windows version posture ID in Cloudflare"
type = string
sensitive = true
}
variable "cloudflare_linux_posture_id" {
description = "Latest Linux Kernel version posture ID in Cloudflare"
type = string
sensitive = true
}
variable "cloudflare_device_os" {
description = "This is the OS you are running on your own client machine"
type = string
}
variable "cloudflare_email_domain" {
description = "Email Domain used for email authentication in App policies"
type = string
}
#======================================================
# OKTA SAML GROUPS
#======================================================
variable "okta_infra_admin_saml_group_name" {
description = "SAML Group name for InfrastructureAdmin group"
type = string
}
variable "okta_contractors_saml_group_name" {
description = "SAML Group name for Contractors group"
type = string
}
variable "okta_sales_eng_saml_group_name" {
description = "SAML Group name for SalesEngineering group"
type = string
}
variable "okta_sales_saml_group_name" {
description = "SAML Group name for Sales group"
type = string
}
variable "okta_itadmin_saml_group_name" {
description = "SAML Group name for ITAdmin group"
type = string
}
#======================================================
# OKTA USER LOGINS
#======================================================
variable "okta_bob_user_login" {
description = "User login for bob, in an email format"
type = string
}
variable "okta_matthieu_user_login" {
description = "User login for matthieu, in an email format"
type = string
}
#======================================================
# AZURE INFRASTRUCTURE
#======================================================
#variable "azure_engineering_group_id" {
# description = "Object ID of Azure_Engineering group from Azure AD"
# type = string
#}
#variable "azure_sales_group_id" {
# description = "Object ID of Azure_Sales group from Azure AD"
# type = string
#}
#variable "azure_subnet_cidr" {
# description = "Azure address prefix, subnet for VM in Azure"
# type = string
#}
#======================================================
#
#======================================================
variable "cloudflare_domain_controller_rdp_port" {
description = "Port for the RDP domain controller"
type = number
}
#======================================================
#
#======================================================
variable "cloudflare_subdomain_ssh" {
description = "cloudflare_subdomain_ssh"
type = string
default = "ssh-database.tips-of-mine.com"
}
variable "cloudflare_subdomain_vnc" {
description = "cloudflare_subdomain_ssh"
type = string
default = "vnc.tips-of-mine.com"
}
variable "cloudflare_subdomain_web" {
description = "cloudflare_subdomain_ssh"
type = string
default = "intranet.tips-of-mine.com"
}
variable "cloudflare_subdomain_rdp" {
description = "cloudflare_subdomain_ssh"
type = string
default = "rdp.tips-of-mine.com"
}
variable "cloudflare_subdomain_web_sensitive" {
description = "cloudflare_subdomain_ssh"
type = string
default = "competition.tips-of-mine.com"
}
variable "cloudflare_subdomain_training_status" {
description = "cloudflare_subdomain_ssh"
type = string
default = "training-status.tips-of-mine.com"
}
Reference in New Issue View Git Blame Copy Permalink