Tips-Of-Mine/terraform-cloudflare-tunnel-zone-org
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aaf3a85651847ad48a5be603dc855007dc648a1c
terraform-cloudflare-tunnel…/variables.auto.tfvars
Hubert Cornet a3d3b7a810
Some checks failed
Terraform Apply / Terraform Apply (push) Failing after 13s
Details
Update variables.auto.tfvars
2025-11-15 19:52:48 +01:00

109 lines
3.7 KiB
HCL
Raw Blame History

# =============================================================================
# CONFIGURATION TERRAFORM - SANS SECRETS
# =============================================================================
# Les secrets sont gérés via Vault
# Le vault_token est fourni par la CI/CD via variable d'environnement
# Configuration Vault
vault_url = "https://vault.tips-of-mine.com"
vault_cloudflare_path = "secret/cloudflare"
# Configuration Cloudflare
cloudflare_zone = "tips-of-mine.org"
# =============================================================================
# TUNNEL INFORMATION
# =============================================================================
tunnel_name = "Tips-Of-Mine-sldokp02"
tunnel_network = "10.0.2.0/24"
tunnel_network_comment = "Example comment for this route sldokp02."
# Configuration DNS
dns_ttl = 1
dns_proxied = true
# Options avancées
tunnel_warp_routing_enabled = false
# =============================================================================
# APPLICATIONS
# =============================================================================
applications = {
# Application 1 : Service HTTP classique
"http-app" = {
subdomain = "http-app"
origin_url = "https://10.0.4.133"
no_tls_verify = true
access_enabled = false
}
# Application 2 : Service avec Access activé
"secure-app" = {
subdomain = "secure"
origin_url = "http://10.0.4.134:8080"
no_tls_verify = false
access_enabled = true
access_team_name = "tips-of-mine"
access_aud_tags = ["secure-app-tag"]
}
# Application 3 : Autre service
"homeassistant" = {
subdomain = "home"
origin_url = "http://10.0.4.135:8123"
no_tls_verify = false
access_enabled = false
}
}
# =============================================================================
# Groups
# =============================================================================
#
access_policies = {
allow_employees = {
name = "Allow - Employees"
include_groups = ["employees"]
exclude_groups = []
require_mfa = true
require_login_method = false
require_country = false
purpose_justification = false
purpose_justification_prompt = null
}
allow_admins = {
name = "Allow - Admins"
include_groups = ["admins"]
exclude_groups = []
require_mfa = true
require_login_method = true
require_country = true
purpose_justification = true
purpose_justification_prompt = "Why do you need admin access?"
}
}
policy_groups = {
employees = cloudflare_zero_trust_access_group.employees_rule_group.id
admins = cloudflare_zero_trust_access_group.admins_rule_group.id
contractors = cloudflare_zero_trust_access_group.contractors_rule_group.id
sales = cloudflare_zero_trust_access_group.sales_team_rule_group.id
saml_groups = cloudflare_zero_trust_access_group.saml_groups.id
country_requirements = cloudflare_zero_trust_access_group.country_requirements_rule_group.id
latest_os_version_requirements = cloudflare_zero_trust_access_group.latest_os_version_requirements_rule_group.id
}
# =============================================================================
# Tags
# =============================================================================
#
cloudflare_access_tags = [
"engineers",
"developers",
"qa",
"devops"
]
Reference in New Issue View Git Blame Copy Permalink