terraform

.github/workflows/main.yml

@@ -0,0 +1,50 @@
+name: 'Deployment terraform plan and apply'
+
+on:
+  push:
+    branches:
+      - main
+      - after-hours
+
+permissions:
+  contents: read
+
+jobs:
+  terraform:
+    name: Terraform fmt, init, plan and apply
+    runs-on: ubuntu-latest
+    environment: production
+
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v2
+      with:
+        cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+    - name: Terraform Format
+      id: fmt
+      run: terraform fmt
+      continue-on-error: false
+
+    - name: Terraform Init
+      id: init
+      run: terraform init
+
+    - name: Terraform Validate
+      id: validate
+      run: terraform validate -no-color
+
+    - name: Terraform Plan
+      id: plan
+      run: terraform plan -no-color
+      continue-on-error: false
+
+    - name: Terraform Apply
+      run: terraform apply -auto-approve -input=false

terraform/main.tf

@@ -1,29 +1,31 @@
-resource "cloudflare_access_application" "trilim-notes" {
-  zone_id                   = var.cloudflare_access_zone_id
-  name                      = "Trilum notes"
-  domain                    = "trilium.ninebasetwo.net"
-  type                      = "self_hosted"
-  session_duration          = "24h"
-  auto_redirect_to_identity = false
+resource "cloudflare_record" "example" {
+  zone_id = var.cloudflare_zone_id
+  name    = "argocd"
+  value   = var.dns
+  type    = "CNAME"
+  ttl     = 3600
 }
 
+resource "cloudflare_record" "example" {
+  zone_id = var.cloudflare_zone_id
+  name    = "trilium"
+  value   = var.dns
+  type    = "CNAME"
+  ttl     = 3600
+}
 
-resource "cloudflare_access_policy" "test_policy" {
-  application_id = "cb029e245cfdd66dc8d2e570d5dd3322"
-  zone_id        = "0da42c8d2132a9ddaf714f9e7c920711"
-  name           = "staging policy"
-  precedence     = "1"
-  decision       = "allow"
-
-  include {
-    github {
-      identity_provider_id = "your_identity_provider_id"
-      name                = "your_github_name"
-      teams               = ["team1", "team2"]
-    }
-  }
+resource "cloudflare_record" "example" {
+  zone_id = var.cloudflare_zone_id
+  name    = "ollama"
+  value   = var.dns
+  type    = "CNAME"
+  ttl     = 3600
+}
 
-  require {
-    ip = [var.office_ip]
-  }
+resource "cloudflare_record" "example" {
+  zone_id = var.cloudflare_zone_id
+  name    = "ceph"
+  value   = var.dns
+  type    = "CNAME"
+  ttl     = 3600
 }

terraform/variables.tf

@@ -1,24 +1,19 @@
 variable "email" {
-    description = "The email address for Cloudflare"
-    type = string
+  description = "The email address for Cloudflare"
+  type = string
 }
 
 variable "cloudflare_api_key" {
-    description = "The API key for Cloudflare"
-    type = string
-}
-
-variable "cloudflare_access_account_id" {
-  description = "value of the account_id field in the Cloudflare Access configuration"
+  description = "The API key for Cloudflare"
   type = string
 }
 
-variable "cloudflare_access_zone_id" {
-  description = "value of the zone_id field in the Cloudflare Access configuration"
+variable "cloudflare_zone_id" {
+  description = "The zone ID for Cloudflare"
   type = string
 }
 
-variable "cloudflare_access_policy_name" {
-  description = "value of the name field in the Cloudflare Access configuration"
+variable "dns" {
+  description = "value for DNS record"
   type = string
 }