98 lines
2.8 KiB
HCL
98 lines
2.8 KiB
HCL
data "cloudflare_account" "arcodange" {
|
|
filter = {
|
|
name = "arcodange@gmail.com"
|
|
}
|
|
}
|
|
|
|
locals {
|
|
cloudflare_account_id = data.cloudflare_account.arcodange.account_id
|
|
}
|
|
|
|
resource "cloudflare_r2_bucket" "arcodange_tf" {
|
|
account_id = local.cloudflare_account_id
|
|
name = "arcodange-tf"
|
|
jurisdiction = "eu"
|
|
}
|
|
|
|
module "cf_r2_arcodange_tf_token" {
|
|
source = "./modules/cloudflare_token"
|
|
account_id = local.cloudflare_account_id
|
|
bucket = cloudflare_r2_bucket.arcodange_tf
|
|
token_name = "r2_arcodange_tf_token"
|
|
permissions = {
|
|
bucket = [
|
|
"account:Workers R2 Storage Read",
|
|
"bucket:Workers R2 Storage Bucket Item Write",
|
|
]
|
|
account = [
|
|
"account:Account Settings Read",
|
|
]
|
|
}
|
|
}
|
|
resource "vault_kv_secret" "cf_r2_arcodange_tf" {
|
|
path = "kvv1/cloudflare/r2/arcodange-tf"
|
|
data_json = jsonencode({
|
|
S3_SECRET_ACCESS_KEY = module.cf_r2_arcodange_tf_token.r2_credentials.secret_access_key
|
|
S3_ACCESS_KEY = module.cf_r2_arcodange_tf_token.r2_credentials.access_key_id
|
|
S3_ENDPOINT = "https://${local.cloudflare_account_id}.eu.r2.cloudflarestorage.com"
|
|
})
|
|
}
|
|
|
|
data "vault_policy_document" "cf_r2_arcodange_tf" {
|
|
rule {
|
|
path = "kvv1/cloudflare/r2/arcodange-tf"
|
|
capabilities = ["read"]
|
|
}
|
|
rule {
|
|
path = "kvv1/zoho/self_client" # zoho mail client is created manually
|
|
capabilities = ["read"]
|
|
}
|
|
}
|
|
resource "vault_policy" "cf_r2_arcodange_tf" {
|
|
name = "factory__cf_r2_arcodange_tf"
|
|
policy = data.vault_policy_document.cf_r2_arcodange_tf.hcl
|
|
}
|
|
|
|
data "gitea_repo" "cms" {
|
|
name = "cms"
|
|
username = "arcodange-org"
|
|
}
|
|
module "cf_arcodange_cms_token" {
|
|
source = "./modules/cloudflare_token"
|
|
account_id = local.cloudflare_account_id
|
|
bucket = cloudflare_r2_bucket.arcodange_tf
|
|
token_name = "cf_arcodange_cms_token"
|
|
permissions = {
|
|
account = [
|
|
"account:Pages Write",
|
|
"account:Account DNS Settings Write",
|
|
"account:Account Settings Read",
|
|
"zone:Zone Write",
|
|
"zone:DNS Write",
|
|
]
|
|
}
|
|
}
|
|
resource "gitea_repository_actions_secret" "cf_arcodange_cms_token" {
|
|
repository = data.gitea_repo.cms.name
|
|
repository_owner = data.gitea_repo.cms.username
|
|
secret_name = "CLOUDFLARE_API_TOKEN"
|
|
secret_value = module.cf_arcodange_cms_token.token
|
|
}
|
|
resource "gitea_repository_actions_secret" "cf_account_id_cms" {
|
|
repository = data.gitea_repo.cms.name
|
|
repository_owner = data.gitea_repo.cms.username
|
|
secret_name = "CLOUDFLARE_ACCOUNT_ID"
|
|
secret_value = local.cloudflare_account_id
|
|
}
|
|
|
|
output "token" {
|
|
value = module.cf_arcodange_cms_token.token
|
|
sensitive = true
|
|
}
|
|
|
|
resource "vault_kv_secret" "cf_arcodange_cms_token" {
|
|
path = "kvv1/cloudflare/cms/cf_arcodange_cms_token"
|
|
data_json = jsonencode({
|
|
token = module.cf_arcodange_cms_token.token
|
|
})
|
|
} |