feat: Homepage, Gatus and Pi-hole added (#23)

homecentr · Apr 21, 2024 · cef7387 · cef7387
1 parent e8500f0
commit cef7387
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 10 deletions.
diff --git a/environments/lab.tfvars b/environments/lab.tfvars
@@ -22,11 +22,9 @@ cloudflare_ssh_hosts = [
     { hostname = "pve1-lab" },
     { hostname = "pve2-lab" },
     { hostname = "pve3-lab" },
-    { hostname = "kube1-lab" },
-    { hostname = "kube2-lab" },
-    { hostname = "kube3-lab" },
     { hostname = "lab" }
 ]
 
 cloudflare_apps_subdomain_suffix = "-lab"
 cloudflare_apps_root_domain      = "homecentr.one"
+cloudflare_health_service_token_name = "503b3806-7f16-43a6-8c1f-4e62bc795395"
diff --git a/environments/prod.tfvars b/environments/prod.tfvars
@@ -15,11 +15,9 @@ proxmox_redirect_urls = [
 cloudflare_ssh_hosts = [
   { hostname = "pve1" },
   { hostname = "pve2" },
-  { hostname = "pve3" },
-  { hostname = "kube1" },
-  { hostname = "kube2" },
-  { hostname = "kube3" }
+  { hostname = "pve3" }
 ]
 
 cloudflare_apps_subdomain_suffix = ""
 cloudflare_apps_root_domain      = "homecentr.one"
+cloudflare_health_service_token_name = "2d4c6503-61d7-4f16-92eb-3eeaf3e6daae"
diff --git a/environments/shared.tfvars b/environments/shared.tfvars
@@ -15,8 +15,23 @@ cloudflare_apps = [
     allow_non_admins = false
   },
   {
-    subdomain        = "cyberchef"
-    display_name     = "CyberChef"
+    subdomain        = "status"
+    display_name     = "Gatus"
     allow_non_admins = true
-  }
+  },
+  {
+    subdomain        = "pihole1"
+    display_name     = "Pi-hole 1"
+    allow_non_admins = false
+  },
+  {
+    subdomain        = "pihole2"
+    display_name     = "Pi-hole 2"
+    allow_non_admins = false
+  },
+  {
+    subdomain        = "tunnel-health"
+    display_name     = "Cloudflare Tunnel Healthcheck"
+    allow_non_admins = true
+  },
 ]
diff --git a/terraform/cloudflare-app-tunnel-health.tf b/terraform/cloudflare-app-tunnel-health.tf
@@ -0,0 +1,11 @@
+resource "cloudflare_access_policy" "service_token" {
+  application_id = cloudflare_access_application.apps["Cloudflare Tunnel Healthcheck"].id
+  account_id     = sensitive(data.sops_file.secrets.data["cloudflare_account_id"])
+  name           = "Service Token${var.display_name_environment_suffix}"
+  precedence     = "3"
+  decision       = "non_identity"
+
+  include {
+    service_token = [var.cloudflare_health_service_token_name]
+  }
+}
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -24,6 +24,7 @@ variable "cloudflare_ssh_hosts" {
 
 variable "cloudflare_apps_subdomain_suffix" { type = string }
 variable "cloudflare_apps_root_domain" { type = string }
+variable "cloudflare_health_service_token_name" { type = string }
 
 variable "environment_name" { type = string }
 variable "display_name_environment_suffix" { type = string }