rebmit/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

infra: init cloudflare

Browse source
This commit is contained in:
Lu Wang 2024-12-01 16:16:09 +08:00
parent c3bdad49ff
commit 4b2dcb5541
Signed by: rebmit
SSH key fingerprint: SHA256:3px8QV1zEerIrEWHaqtH5rR9kjetyRST5EipOPrd+bU
7 changed files with 101 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
flake/devshell.nix
View file

@ -16,6 +16,7 @@
ps: with ps; [ ps: with ps; [
sops sops
tls tls
cloudflare
] ]
)) ))
]; ];

30
infra/cloudflare.tf Normal file
View file

@ -0,0 +1,30 @@
provider "cloudflare" {
api_token = local.secrets.cloudflare.api_token
}
locals {
cloudflare_main_account_id = local.secrets.cloudflare.account_id
cloudflare_workers_zone_id = local.secrets.cloudflare.zone_id
}
resource "cloudflare_record" "dns" {
name = "fallback"
proxied = true
ttl = 1
type = "AAAA"
content = "100::"
zone_id = local.cloudflare_workers_zone_id
}
resource "cloudflare_custom_hostname_fallback_origin" "default" {
zone_id = local.cloudflare_workers_zone_id
origin = "fallback.workers.moe"
}
module "cloudflare_workers_mirror" {
source = "./modules/cloudflare-workers"
name = "mirror"
script = file("${path.module}/resources/cloudflare-workers/mirror.js")
account_id = local.cloudflare_main_account_id
zone_id = local.cloudflare_workers_zone_id
}

53
infra/modules/cloudflare-workers/main.tf Normal file
View file

@ -0,0 +1,53 @@
variable "name" {
type = string
}
variable "script" {
type = string
}
variable "account_id" {
type = string
}
variable "zone_id" {
type = string
}
terraform {
required_providers {
cloudflare = {
source = "registry.terraform.io/cloudflare/cloudflare"
}
}
}
resource "cloudflare_record" "dns" {
name = "${var.name}.rebmit"
proxied = true
ttl = 1
type = "CNAME"
content = "fallback.workers.moe"
zone_id = var.zone_id
}
resource "cloudflare_workers_route" "workers" {
script_name = cloudflare_workers_script.workers.name
pattern = "${cloudflare_record.dns.hostname}/*"
zone_id = var.zone_id
}
resource "cloudflare_workers_script" "workers" {
name = var.name
content = var.script
account_id = var.account_id
module = true
}
resource "cloudflare_custom_hostname" "workers" {
zone_id = var.zone_id
hostname = "${var.name}.rebmit.workers.moe"
ssl {
method = "http"
}
}

3
infra/providers.tf
View file

@ -6,5 +6,8 @@ terraform {
tls = { tls = {
source = "registry.terraform.io/hashicorp/tls" source = "registry.terraform.io/hashicorp/tls"
} }
cloudflare = {
source = "registry.terraform.io/cloudflare/cloudflare"
}
} }
} }

7
infra/resources/cloudflare-workers/mirror.js Normal file
View file

@ -0,0 +1,7 @@
export default {
async fetch(request) {
const url = new URL(request.url);
url.hostname = "cache.nixos.org";
return await fetch(new Request(url, request));
},
};

8
infra/secrets.yaml
View file

@ -1,4 +1,8 @@
tofu: ENC[AES256_GCM,data:wv2zsYRcwM8boVYSaH4EtI4poL/modLixJ8gDoP1T7+JLDyCRyZQsu6WkMR9JPJrRsbMvQ2tFFrk8LPZU2hhh6BqqPX/ZlYUAmAQACuZa1JnUYeskc2TLVNkaL9Glz+cpfylyHQr0ARwEw5Q/cWdC1Xg55pnRFmVOQSY9Sf9asE6fxZ0JIAMPQeVTCe+CQ==,iv:O3smIEUNBPh4pAGUgbnKqLrqjCCK+ZRzVa9mnx9P4s0=,tag:Iv8UFwnUKTUgU+YFQ3gaqg==,type:str] tofu: ENC[AES256_GCM,data:wv2zsYRcwM8boVYSaH4EtI4poL/modLixJ8gDoP1T7+JLDyCRyZQsu6WkMR9JPJrRsbMvQ2tFFrk8LPZU2hhh6BqqPX/ZlYUAmAQACuZa1JnUYeskc2TLVNkaL9Glz+cpfylyHQr0ARwEw5Q/cWdC1Xg55pnRFmVOQSY9Sf9asE6fxZ0JIAMPQeVTCe+CQ==,iv:O3smIEUNBPh4pAGUgbnKqLrqjCCK+ZRzVa9mnx9P4s0=,tag:Iv8UFwnUKTUgU+YFQ3gaqg==,type:str]
cloudflare:
api_token: ENC[AES256_GCM,data:7M6Lr5YADfgzSVsDNRNFWnB5mOwkMuMJmJ/+a7Dc0voZuqJs4tN9dQ==,iv:Kw3Q0D+dZqOowFNhIaFC4DtpD6fIDNuI1AqgzDOW1SA=,tag:Zk4Rjvn7BJAc/bpUZfERxA==,type:str]
account_id: ENC[AES256_GCM,data:sLf/0k/YigCNmuMmJs1oAC0RH33kk/LEYyQ0mTCmGx8=,iv:/aLFeJ6CMUEF13jq/uH/qF+uh/Iw0exXaIiN2KLyiTM=,tag:JODPvMIOKwS1Hiv2u6HQ+A==,type:str]
zone_id: ENC[AES256_GCM,data:iq4Gq3/+DsEVefEmo0wIHkokhi/1EbkVHWiXOdJdCFA=,iv:8CyDCjvVGyg0ekzr9LW3vIWKxjkx8uBP8Rv6i1dxUbE=,tag:+L9tbPbZ4YS4wy8fwmPKLg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -14,8 +18,8 @@ sops:
Rk1mSHZicDNuVVFpL1NMcS9NS0NmRXcKT2GiNJ8L2ADuoJPm5XF1SrkNZtEzh/i5 Rk1mSHZicDNuVVFpL1NMcS9NS0NmRXcKT2GiNJ8L2ADuoJPm5XF1SrkNZtEzh/i5
8gGmswWnE+d7VM0BSnM64la/E4prcIhM4e4Ybyd8El6pwQN919gofQ== 8gGmswWnE+d7VM0BSnM64la/E4prcIhM4e4Ybyd8El6pwQN919gofQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-23T07:54:24Z" lastmodified: "2024-12-01T07:16:24Z"
mac: ENC[AES256_GCM,data:03Bina9HvdovMlUBceqa321L628AR89knW+6wB1Do6fPv3JgDjnSByqq7uewzLms+npVJY6Vj1VtWfwplgnd/UZvvoE0m9yu0Kmv+hOKy5eF5gI+G43j9YKoGzFnqIV+pCXZBF0gqBU+7qpGz3w3C82CG5uHbd6hEQyS0rqDnHA=,iv:lYvY105TcODa3wwmQTJbPxoN3eam6RDNR2ZTI3I3zXw=,tag:h6FNgpN1Kj7sM1gSKZKE0g==,type:str] mac: ENC[AES256_GCM,data:ZS7G5yjWCyi98wMnyxfTbSpgRPc85/AEEjrhEflNcRWlvWW5GuUCBVeTBungU8++JlVC5YOAzFdNMyu+Hyzbhel5+AEHaAf35fnTMyhMSpuRWfse9Mv8dmH1Zsmaj3Ej5sKr+Kxz/UiR140dRYKIn7myNixYKoQaT4lx/q3J5JQ=,iv:T7akw8j4bjdJWR33XCiZMj8NjcLHKkZBMhI85TPldH0=,tag:l+KeG9HOBR9sWPibjLTOHw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.1

2
infra/terraform.tfstate
View file

File diff suppressed because one or more lines are too long