refactor: simplify project structure
This commit is contained in:
Yuris Cakranegara
@@ -4,12 +4,10 @@
|
||||
terraform {
|
||||
required_providers {
|
||||
cloudflare = {
|
||||
source = "cloudflare/cloudflare"
|
||||
version = "~> 4.0"
|
||||
source = "cloudflare/cloudflare"
|
||||
}
|
||||
random = {
|
||||
source = "hashicorp/random"
|
||||
version = "~> 3.5.1"
|
||||
source = "hashicorp/random"
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -27,15 +25,31 @@ resource "cloudflare_zero_trust_tunnel_cloudflared" "this" {
|
||||
secret = var.tunnel_secret != "" ? var.tunnel_secret : random_id.tunnel_secret[0].b64_std
|
||||
}
|
||||
|
||||
locals {
|
||||
all_ingress_rules = [for rule in var.ingress_rules : rule if rule != null]
|
||||
locals {
|
||||
// Transform service definitions into ingress rules format, only for services with ingress_enabled
|
||||
service_ingress_rules = flatten([
|
||||
for service in var.service_definitions :
|
||||
// Only process services with hostnames AND where ingress is enabled (or default to true for backward compatibility)
|
||||
(length(service.hostnames) > 0) ? [
|
||||
for hostname in service.hostnames : {
|
||||
hostname = "${hostname}.${var.domain}"
|
||||
service = service.endpoint
|
||||
}
|
||||
] : []
|
||||
])
|
||||
|
||||
// Combine manual ingress rules and service-generated ones
|
||||
all_ingress_rules = concat(
|
||||
[for rule in var.ingress_rules : rule if rule != null],
|
||||
local.service_ingress_rules
|
||||
)
|
||||
}
|
||||
|
||||
// Configure tunnel routing
|
||||
resource "cloudflare_zero_trust_tunnel_cloudflared_config" "this" {
|
||||
account_id = var.cloudflare_account_id
|
||||
tunnel_id = cloudflare_zero_trust_tunnel_cloudflared.this.id
|
||||
|
||||
|
||||
config {
|
||||
// Add all service ingress rules
|
||||
dynamic "ingress_rule" {
|
||||
@@ -45,7 +59,7 @@ resource "cloudflare_zero_trust_tunnel_cloudflared_config" "this" {
|
||||
service = ingress_rule.value.service
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// Default catch-all rule (required)
|
||||
ingress_rule {
|
||||
service = "http_status:404"
|
||||
@@ -55,8 +69,11 @@ resource "cloudflare_zero_trust_tunnel_cloudflared_config" "this" {
|
||||
|
||||
// Create DNS record for each service
|
||||
resource "cloudflare_record" "service" {
|
||||
for_each = { for rule in var.ingress_rules : rule.hostname => rule }
|
||||
|
||||
for_each = {
|
||||
for rule in local.all_ingress_rules : rule.hostname => rule
|
||||
if rule.hostname != null && rule.hostname != ""
|
||||
}
|
||||
|
||||
zone_id = var.cloudflare_zone_id
|
||||
name = split(".", each.value.hostname)[0] // Extract subdomain
|
||||
content = "${cloudflare_zero_trust_tunnel_cloudflared.this.id}.cfargotunnel.com"
|
||||
@@ -76,20 +93,20 @@ module "cloudflared" {
|
||||
container_name = var.container_name
|
||||
image = "cloudflare/cloudflared"
|
||||
tag = local.image_tag
|
||||
|
||||
|
||||
// Environment variables with tunnel token
|
||||
env_vars = {
|
||||
env_vars = {
|
||||
TUNNEL_TOKEN = cloudflare_zero_trust_tunnel_cloudflared.this.tunnel_token
|
||||
}
|
||||
|
||||
|
||||
// Command to run tunnel
|
||||
command = ["tunnel", "--no-autoupdate", "run"]
|
||||
|
||||
command = ["tunnel", "--no-autoupdate", "run"]
|
||||
|
||||
// Restart policy
|
||||
restart_policy = "unless-stopped"
|
||||
|
||||
// Enable monitoring for the container via Watchtower if specified
|
||||
monitoring = var.monitoring
|
||||
|
||||
networks = var.networks
|
||||
// Enable monitoring for the container via Watchtower if specified
|
||||
monitoring = var.monitoring
|
||||
|
||||
networks = var.networks
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user