infra: init cloudflare
This commit is contained in:
parent
c3bdad49ff
commit
4b2dcb5541
SSH key fingerprint:
SHA256:3px8QV1zEerIrEWHaqtH5rR9kjetyRST5EipOPrd+bU
|
|
@ -16,6 +16,7 @@
|
|||
ps: with ps; [
|
||||
sops
|
||||
tls
|
||||
cloudflare
|
||||
]
|
||||
))
|
||||
];
|
||||
|
|
|
|||
30
infra/cloudflare.tf
Normal file
30
infra/cloudflare.tf
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
provider "cloudflare" {
|
||||
api_token = local.secrets.cloudflare.api_token
|
||||
}
|
||||
|
||||
locals {
|
||||
cloudflare_main_account_id = local.secrets.cloudflare.account_id
|
||||
cloudflare_workers_zone_id = local.secrets.cloudflare.zone_id
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "dns" {
|
||||
name = "fallback"
|
||||
proxied = true
|
||||
ttl = 1
|
||||
type = "AAAA"
|
||||
content = "100::"
|
||||
zone_id = local.cloudflare_workers_zone_id
|
||||
}
|
||||
|
||||
resource "cloudflare_custom_hostname_fallback_origin" "default" {
|
||||
zone_id = local.cloudflare_workers_zone_id
|
||||
origin = "fallback.workers.moe"
|
||||
}
|
||||
|
||||
module "cloudflare_workers_mirror" {
|
||||
source = "./modules/cloudflare-workers"
|
||||
name = "mirror"
|
||||
script = file("${path.module}/resources/cloudflare-workers/mirror.js")
|
||||
account_id = local.cloudflare_main_account_id
|
||||
zone_id = local.cloudflare_workers_zone_id
|
||||
}
|
||||
53
infra/modules/cloudflare-workers/main.tf
Normal file
53
infra/modules/cloudflare-workers/main.tf
Normal file
|
|
@ -0,0 +1,53 @@
|
|||
variable "name" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "script" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "account_id" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "zone_id" {
|
||||
type = string
|
||||
}
|
||||
|
||||
terraform {
|
||||
required_providers {
|
||||
cloudflare = {
|
||||
source = "registry.terraform.io/cloudflare/cloudflare"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "dns" {
|
||||
name = "${var.name}.rebmit"
|
||||
proxied = true
|
||||
ttl = 1
|
||||
type = "CNAME"
|
||||
content = "fallback.workers.moe"
|
||||
zone_id = var.zone_id
|
||||
}
|
||||
|
||||
resource "cloudflare_workers_route" "workers" {
|
||||
script_name = cloudflare_workers_script.workers.name
|
||||
pattern = "${cloudflare_record.dns.hostname}/*"
|
||||
zone_id = var.zone_id
|
||||
}
|
||||
|
||||
resource "cloudflare_workers_script" "workers" {
|
||||
name = var.name
|
||||
content = var.script
|
||||
account_id = var.account_id
|
||||
module = true
|
||||
}
|
||||
|
||||
resource "cloudflare_custom_hostname" "workers" {
|
||||
zone_id = var.zone_id
|
||||
hostname = "${var.name}.rebmit.workers.moe"
|
||||
ssl {
|
||||
method = "http"
|
||||
}
|
||||
}
|
||||
|
|
@ -6,5 +6,8 @@ terraform {
|
|||
tls = {
|
||||
source = "registry.terraform.io/hashicorp/tls"
|
||||
}
|
||||
cloudflare = {
|
||||
source = "registry.terraform.io/cloudflare/cloudflare"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
7
infra/resources/cloudflare-workers/mirror.js
Normal file
7
infra/resources/cloudflare-workers/mirror.js
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
export default {
|
||||
async fetch(request) {
|
||||
const url = new URL(request.url);
|
||||
url.hostname = "cache.nixos.org";
|
||||
return await fetch(new Request(url, request));
|
||||
},
|
||||
};
|
||||
|
|
@ -1,4 +1,8 @@
|
|||
tofu: ENC[AES256_GCM,data:wv2zsYRcwM8boVYSaH4EtI4poL/modLixJ8gDoP1T7+JLDyCRyZQsu6WkMR9JPJrRsbMvQ2tFFrk8LPZU2hhh6BqqPX/ZlYUAmAQACuZa1JnUYeskc2TLVNkaL9Glz+cpfylyHQr0ARwEw5Q/cWdC1Xg55pnRFmVOQSY9Sf9asE6fxZ0JIAMPQeVTCe+CQ==,iv:O3smIEUNBPh4pAGUgbnKqLrqjCCK+ZRzVa9mnx9P4s0=,tag:Iv8UFwnUKTUgU+YFQ3gaqg==,type:str]
|
||||
cloudflare:
|
||||
api_token: ENC[AES256_GCM,data:7M6Lr5YADfgzSVsDNRNFWnB5mOwkMuMJmJ/+a7Dc0voZuqJs4tN9dQ==,iv:Kw3Q0D+dZqOowFNhIaFC4DtpD6fIDNuI1AqgzDOW1SA=,tag:Zk4Rjvn7BJAc/bpUZfERxA==,type:str]
|
||||
account_id: ENC[AES256_GCM,data:sLf/0k/YigCNmuMmJs1oAC0RH33kk/LEYyQ0mTCmGx8=,iv:/aLFeJ6CMUEF13jq/uH/qF+uh/Iw0exXaIiN2KLyiTM=,tag:JODPvMIOKwS1Hiv2u6HQ+A==,type:str]
|
||||
zone_id: ENC[AES256_GCM,data:iq4Gq3/+DsEVefEmo0wIHkokhi/1EbkVHWiXOdJdCFA=,iv:8CyDCjvVGyg0ekzr9LW3vIWKxjkx8uBP8Rv6i1dxUbE=,tag:+L9tbPbZ4YS4wy8fwmPKLg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -14,8 +18,8 @@ sops:
|
|||
Rk1mSHZicDNuVVFpL1NMcS9NS0NmRXcKT2GiNJ8L2ADuoJPm5XF1SrkNZtEzh/i5
|
||||
8gGmswWnE+d7VM0BSnM64la/E4prcIhM4e4Ybyd8El6pwQN919gofQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-23T07:54:24Z"
|
||||
mac: ENC[AES256_GCM,data:03Bina9HvdovMlUBceqa321L628AR89knW+6wB1Do6fPv3JgDjnSByqq7uewzLms+npVJY6Vj1VtWfwplgnd/UZvvoE0m9yu0Kmv+hOKy5eF5gI+G43j9YKoGzFnqIV+pCXZBF0gqBU+7qpGz3w3C82CG5uHbd6hEQyS0rqDnHA=,iv:lYvY105TcODa3wwmQTJbPxoN3eam6RDNR2ZTI3I3zXw=,tag:h6FNgpN1Kj7sM1gSKZKE0g==,type:str]
|
||||
lastmodified: "2024-12-01T07:16:24Z"
|
||||
mac: ENC[AES256_GCM,data:ZS7G5yjWCyi98wMnyxfTbSpgRPc85/AEEjrhEflNcRWlvWW5GuUCBVeTBungU8++JlVC5YOAzFdNMyu+Hyzbhel5+AEHaAf35fnTMyhMSpuRWfse9Mv8dmH1Zsmaj3Ej5sKr+Kxz/UiR140dRYKIn7myNixYKoQaT4lx/q3J5JQ=,iv:T7akw8j4bjdJWR33XCiZMj8NjcLHKkZBMhI85TPldH0=,tag:l+KeG9HOBR9sWPibjLTOHw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue