refactor: simplify project structure

modules/01-networking/cloudflared-tunnel/main.tf

@@ -4,12 +4,10 @@
 terraform {
   required_providers {
     cloudflare = {
-      source  = "cloudflare/cloudflare"
-      version = "~> 4.0"
+      source = "cloudflare/cloudflare"
     }
     random = {
-      source  = "hashicorp/random"
-      version = "~> 3.5.1"
+      source = "hashicorp/random"
     }
   }
 }
@@ -27,15 +25,31 @@ resource "cloudflare_zero_trust_tunnel_cloudflared" "this" {
   secret     = var.tunnel_secret != "" ? var.tunnel_secret : random_id.tunnel_secret[0].b64_std
 }
 
-locals {  
-  all_ingress_rules = [for rule in var.ingress_rules : rule if rule != null]
+locals {
+  // Transform service definitions into ingress rules format, only for services with ingress_enabled
+  service_ingress_rules = flatten([
+    for service in var.service_definitions :
+    // Only process services with hostnames AND where ingress is enabled (or default to true for backward compatibility)
+    (length(service.hostnames) > 0) ? [
+      for hostname in service.hostnames : {
+        hostname = "${hostname}.${var.domain}"
+        service  = service.endpoint
+      }
+    ] : []
+  ])
+
+  // Combine manual ingress rules and service-generated ones
+  all_ingress_rules = concat(
+    [for rule in var.ingress_rules : rule if rule != null],
+    local.service_ingress_rules
+  )
 }
 
 // Configure tunnel routing
 resource "cloudflare_zero_trust_tunnel_cloudflared_config" "this" {
   account_id = var.cloudflare_account_id
   tunnel_id  = cloudflare_zero_trust_tunnel_cloudflared.this.id
-  
+
   config {
     // Add all service ingress rules
     dynamic "ingress_rule" {
@@ -45,7 +59,7 @@ resource "cloudflare_zero_trust_tunnel_cloudflared_config" "this" {
         service  = ingress_rule.value.service
       }
     }
-    
+
     // Default catch-all rule (required)
     ingress_rule {
       service = "http_status:404"
@@ -55,8 +69,11 @@ resource "cloudflare_zero_trust_tunnel_cloudflared_config" "this" {
 
 // Create DNS record for each service
 resource "cloudflare_record" "service" {
-  for_each = { for rule in var.ingress_rules : rule.hostname => rule }
-  
+  for_each = {
+    for rule in local.all_ingress_rules : rule.hostname => rule
+    if rule.hostname != null && rule.hostname != ""
+  }
+
   zone_id = var.cloudflare_zone_id
   name    = split(".", each.value.hostname)[0] // Extract subdomain
   content = "${cloudflare_zero_trust_tunnel_cloudflared.this.id}.cfargotunnel.com"
@@ -76,20 +93,20 @@ module "cloudflared" {
   container_name = var.container_name
   image          = "cloudflare/cloudflared"
   tag            = local.image_tag
-  
+
   // Environment variables with tunnel token
-  env_vars      = {
+  env_vars = {
     TUNNEL_TOKEN = cloudflare_zero_trust_tunnel_cloudflared.this.tunnel_token
   }
-  
+
   // Command to run tunnel
-  command       = ["tunnel", "--no-autoupdate", "run"]
-  
+  command = ["tunnel", "--no-autoupdate", "run"]
+
   // Restart policy
   restart_policy = "unless-stopped"
-  
-  // Enable monitoring for the container via Watchtower if specified
-  monitoring    = var.monitoring
 
-  networks      = var.networks
+  // Enable monitoring for the container via Watchtower if specified
+  monitoring = var.monitoring
+
+  networks = var.networks
 }

modules/01-networking/cloudflared-tunnel/variables.tf

@@ -1,5 +1,4 @@
 // Variables for the Cloudflare tunnel module
-
 variable "cloudflare_account_id" {
   description = "Cloudflare account ID"
   type        = string
@@ -10,6 +9,11 @@ variable "cloudflare_zone_id" {
   type        = string
 }
 
+variable "domain" {
+  description = "The domain name to use for creating DNS records"
+  type        = string
+}
+
 variable "container_name" {
   description = "Name of the Cloudflare tunnel container"
   type        = string
@@ -35,7 +39,7 @@ variable "tunnel_secret" {
 }
 
 variable "ingress_rules" {
-  description = "List of ingress rules for services to be exposed through the tunnel"
+  description = "List of ingress rules to configure manually"
   type = list(object({
     hostname = string
     service  = string
@@ -43,6 +47,17 @@ variable "ingress_rules" {
   default = []
 }
 
+variable "service_definitions" {
+  description = "List of service definitions containing name, endpoints and hostname configuration"
+  type = list(object({
+    name         = string
+    primary_port = number
+    endpoint     = string
+    hostnames    = optional(list(string), [])
+  }))
+  default = []
+}
+
 variable "monitoring" {
   description = "Enable monitoring via Watchtower"
   type        = bool

modules/01-networking/docker-network/main.tf

@@ -1,31 +1,27 @@
-// Docker Network Module
-// This module creates a Docker network for container communication
-
 terraform {
   required_providers {
     docker = {
-      source  = "kreuzwerker/docker"
-      version = "~> 3.6.0"
+      source = "kreuzwerker/docker"
     }
   }
 }
 
 resource "docker_network" "this" {
-  name            = var.name
-  driver          = var.driver
-  internal        = var.internal
-  attachable      = var.attachable
-  ipam_driver     = var.ipam_driver
-  
+  name        = var.name
+  driver      = var.driver
+  internal    = var.internal
+  attachable  = var.attachable
+  ipam_driver = var.ipam_driver
+
   dynamic "ipam_config" {
     for_each = var.subnet != "" ? [1] : []
     content {
-      subnet        = var.subnet
-      gateway       = var.gateway
-      ip_range      = var.ip_range
-      aux_address   = var.aux_address
+      subnet      = var.subnet
+      gateway     = var.gateway
+      ip_range    = var.ip_range
+      aux_address = var.aux_address
     }
   }
-  
-  options         = var.options
+
+  options = var.options
 }

modules/01-networking/docker-network/outputs.tf

@@ -1,5 +1,4 @@
 // Outputs for Docker Network module
-
 output "network_id" {
   description = "The ID of the Docker network"
   value       = docker_network.this.id