Hubert Cornet
c5adbc3d73
Some checks failed
Terraform Apply / Terraform Apply (push) Failing after 14s
254 lines
8.4 KiB
HCL
254 lines
8.4 KiB
HCL
# =============================================================================
|
|
# CONFIGURATION TERRAFORM - SANS SECRETS
|
|
# =============================================================================
|
|
# Les secrets sont gérés via Vault
|
|
# Le vault_token est fourni par la CI/CD via variable d'environnement
|
|
|
|
# Configuration Vault
|
|
vault_url = "https://vault.tips-of-mine.com"
|
|
vault_cloudflare_path = "secret/cloudflare"
|
|
vault_authentik_path = "secret/authentik"
|
|
|
|
# Configuration Cloudflare
|
|
cloudflare_zone = "tips-of-mine.org"
|
|
|
|
# =============================================================================
|
|
# TUNNEL INFORMATION
|
|
# =============================================================================
|
|
tunnel_name = "Tips-Of-Mine-sldokp02"
|
|
tunnel_network = "10.0.2.0/24"
|
|
tunnel_network_comment = "Example comment for this route sldokp02."
|
|
|
|
# Configuration DNS
|
|
dns_ttl = 1
|
|
dns_proxied = true
|
|
|
|
# Options avancées
|
|
tunnel_warp_routing_enabled = false
|
|
|
|
# =============================================================================
|
|
# APPLICATIONS
|
|
# =============================================================================
|
|
applications = {
|
|
# Application 1 : Service HTTP classique
|
|
"http-app" = {
|
|
subdomain = "http-app"
|
|
origin_url = "https://10.0.4.133"
|
|
no_tls_verify = true
|
|
access_enabled = false
|
|
}
|
|
|
|
# Application 2 : Service avec Access activé
|
|
"secure-app" = {
|
|
subdomain = "secure"
|
|
origin_url = "http://10.0.4.134:8080"
|
|
no_tls_verify = false
|
|
access_enabled = true
|
|
access_team_name = "tips-of-mine"
|
|
access_aud_tags = ["secure-app-tag"]
|
|
}
|
|
|
|
# Application 3 : Autre service
|
|
"homeassistant" = {
|
|
subdomain = "home"
|
|
origin_url = "http://10.0.4.135:8123"
|
|
no_tls_verify = false
|
|
access_enabled = false
|
|
}
|
|
}
|
|
|
|
# =============================================================================
|
|
# Groups
|
|
# =============================================================================
|
|
|
|
#
|
|
|
|
# =============================================================================
|
|
# Tags
|
|
# =============================================================================
|
|
|
|
#
|
|
cloudflare_access_tags = [
|
|
"engineers",
|
|
"developers",
|
|
"qa",
|
|
"devops"
|
|
]
|
|
|
|
#=====================================
|
|
# Cloudflare variables
|
|
#=====================================
|
|
cloudflare_team_name = "tips-of-mine"
|
|
cloudflare_email_domain = "tips-of-mine.org"
|
|
|
|
# Tunnels
|
|
cloudflare_tunnel_name_gcp = "Tunnel GCP (Access For Infrastructure)"
|
|
cloudflare_tunnel_name_aws = "Tunnel AWS (SSH Browser Rendered)"
|
|
cloudflare_tunnel_name_azure = "Tunnel Azure (SSH Browser Rendered)"
|
|
cloudflare_tunnel_name_ovh = "Tunnel OVH (SSH Browser Rendered)"
|
|
cloudflare_windows_rdp_tunnel_name = "Tunnel GCP (Windows RDP)"
|
|
|
|
# WARP Connector Tunnels - Sensitive: manually retrieved from Cloudflare dashboard
|
|
cloudflare_warp_tunnel_azure_id = "185f0bc0-986d-********"
|
|
cloudflare_warp_tunnel_gcp_id = "ad04a3ed-a1a1-********"
|
|
|
|
# Subdomains
|
|
cloudflare_subdomain_ssh = "ssh-database.tips-of-mine.org"
|
|
cloudflare_subdomain_vnc = "vnc.tips-of-mine.org"
|
|
cloudflare_subdomain_web = "intranet.tips-of-mine.org"
|
|
cloudflare_subdomain_rdp = "rdp.tips-of-mine.org"
|
|
cloudflare_subdomain_web_sensitive = "competition.tips-of-mine.org"
|
|
cloudflare_subdomain_training_status = "training-status.tips-of-mine.org"
|
|
|
|
# Targets
|
|
cloudflare_target_ssh_name = "GCP-database"
|
|
cloudflare_target_rdp_name = "Domain-Controller"
|
|
|
|
# Applications
|
|
cloudflare_infra_app_name = "GCP Infrastructure SSH database"
|
|
cloudflare_browser_ssh_app_name = "AWS Browser SSH database"
|
|
cloudflare_browser_vnc_app_name = "AWS Browser VNC database"
|
|
cloudflare_browser_rdp_app_name = "GCP Browser RDP windows"
|
|
cloudflare_sensitive_web_app_name = "Competition App"
|
|
cloudflare_intranet_web_app_name = "Intranet"
|
|
|
|
# Application Ports
|
|
cloudflare_competition_app_port = 8080
|
|
cloudflare_intranet_app_port = 8181
|
|
cloudflare_domain_controller_rdp_port = 3389
|
|
|
|
# Identity Providers - Sensitive: manually retrieved from Cloudflare dashboard
|
|
cloudflare_okta_identity_provider_id = "8fd4786e-97d7-4257-********"
|
|
cloudflare_otp_identity_provider_id = "a6dfbf35-0e20-4244-********"
|
|
cloudflare_azure_identity_provider_id = "8c593fe8-aee3-4075-********"
|
|
cloudflare_azure_admin_rule_group_id = "5f253130-a400-4215-********"
|
|
|
|
# Device Posture - Sensitive: manually retrieved from Cloudflare dashboard
|
|
cloudflare_gateway_posture_id = "4d8d7499-38c3-4bf0-********"
|
|
cloudflare_macos_posture_id = "6d64ff80-1308-4462-********"
|
|
cloudflare_ios_posture_id = "56454654-1245-8564-********"
|
|
cloudflare_windows_posture_id = "67b05735-3b9b-4bcc-********"
|
|
cloudflare_linux_posture_id = "ed5639c7-3305-4a91-********"
|
|
cloudflare_device_os = "mac" # Options: "linux", "windows", "mac"
|
|
|
|
# WARP CGNAT Routes
|
|
cloudflare_custom_cgnat_routes = [
|
|
{
|
|
address = "100.64.0.0/11"
|
|
description = "WARP Connector CGNAT 1"
|
|
},
|
|
{
|
|
address = "100.112.0.0/12"
|
|
description = "WARP Connector CGNAT 2"
|
|
}
|
|
]
|
|
|
|
cloudflare_default_cgnat_routes = [{
|
|
address = "100.64.0.0/10"
|
|
description = "Default CGNAT Range"
|
|
}]
|
|
|
|
cloudflare_warp_cgnat_cidr = "100.96.0.0/12"
|
|
|
|
|
|
#=====================================
|
|
# Okta
|
|
#=====================================
|
|
|
|
# SAML Group IDs - Unused variables removed
|
|
|
|
# SAML Group names
|
|
okta_sales_eng_saml_group_name = "SalesEngineering"
|
|
okta_itadmin_saml_group_name = "ITAdmin"
|
|
okta_sales_saml_group_name = "Sales"
|
|
okta_contractors_saml_group_name = "Contractors"
|
|
okta_infra_admin_saml_group_name = "InfrastructureAdmin"
|
|
|
|
# User IDs - Unused variables removed
|
|
|
|
# User logins
|
|
okta_bob_user_login = "********3@passfwd.com"
|
|
okta_matthieu_user_login = "********"
|
|
|
|
okta_bob_user_linux_password = "bob"
|
|
|
|
#=====================================
|
|
# AWS variables
|
|
#=====================================
|
|
|
|
# Networking
|
|
# aws_vpc_cidr = "10.10.0.0/20"
|
|
# aws_private_cidr = "10.10.15.0/24"
|
|
# aws_public_cidr = "10.10.20.0/24"
|
|
|
|
aws_vpc_cidr = "10.10.0.0/20"
|
|
aws_public_cidr = "10.10.0.0/24"
|
|
aws_private_cidr = "10.10.1.0/24"
|
|
aws_infra_cidr = "10.10.10.0/24"
|
|
aws_warp_cidr = "10.10.15.0/24"
|
|
aws_windows_rdp_cidr = "10.10.20.0/24"
|
|
|
|
#=====================================
|
|
# GCP Variables
|
|
#=====================================
|
|
|
|
# Networking
|
|
# gcp_vpc_cidr = "10.13.0.0/20"
|
|
# gcp_infra_cidr = "10.11.10.0/24"
|
|
# gcp_warp_cidr = "10.11.15.0/24"
|
|
# gcp_windows_rdp_cidr = "10.11.20.0/24"
|
|
|
|
gcp_vpc_cidr = "10.13.0.0/20"
|
|
gcp_public_cidr = "10.13.0.0/24"
|
|
gcp_private_cidr = "10.13.1.0/24"
|
|
gcp_infra_cidr = "10.13.10.0/24"
|
|
gcp_warp_cidr = "10.13.15.0/24"
|
|
gcp_windows_rdp_cidr = "10.13.20.0/24"
|
|
gcp_vm_internal_ip = "10.13.1.10"
|
|
gcp_windows_vm_internal_ip = "10.13.20.10"
|
|
|
|
#=====================================
|
|
# Azure variables
|
|
#=====================================
|
|
|
|
# Networking
|
|
azure_subnet_cidr = "10.14.25.0/24"
|
|
# azure_vnet_cidr = "192.12.15.0/16"
|
|
# azure_public_dns_domain = "westeurope.cloudapp.azure.com"
|
|
|
|
azure_vnet_cidr = "10.14.0.0/20"
|
|
azure_public_cidr = "10.14.0.0/24"
|
|
azure_private_cidr = "10.14.1.0/24"
|
|
azure_infra_cidr = "10.14.10.0/24"
|
|
azure_warp_cidr = "10.14.15.0/24"
|
|
azure_windows_rdp_cidr = "10.14.20.0/24"
|
|
azure_public_dns_domain = "westeurope.cloudapp.azure.com"
|
|
|
|
#=====================================
|
|
# OVH variables
|
|
#=====================================
|
|
|
|
# Networking
|
|
#ovh_vpc_cidr = "10.13.10.0/20"
|
|
#ovh_warp_cidr = "10.13.15.0/24"
|
|
#ovh_windows_rdp_cidr = "10.13.20.0/24"
|
|
|
|
ovh_vpc_cidr = "10.16.0.0/20"
|
|
ovh_public_cidr = "10.16.0.0/24"
|
|
ovh_private_cidr = "10.16.1.0/24"
|
|
ovh_infra_cidr = "10.16.10.0/24"
|
|
ovh_warp_cidr = "10.16.15.0/24"
|
|
ovh_windows_rdp_cidr = "10.16.20.0/24"
|
|
|
|
# Tunnels
|
|
cloudflare_tunnel_name_gcp = "Tunnel GCP (Access For Infrastructure)"
|
|
cloudflare_tunnel_name_aws = "Tunnel AWS (SSH Browser Rendered)"
|
|
cloudflare_tunnel_name_azure = "Tunnel Azure (SSH Browser Rendered)"
|
|
cloudflare_tunnel_name_ovh = "Tunnel OVH (SSH Browser Rendered)"
|
|
|
|
|
|
|
|
|
|
# Targets
|
|
cloudflare_target_ssh_name = "GCP-database"
|
|
cloudflare_target_rdp_name = "Domain-Controller" |