From cef7387eab434516c7f4ac63843c475ce7af867c Mon Sep 17 00:00:00 2001
From: LH <me@lholota.com>
Date: Sun, 21 Apr 2024 11:26:26 +0200
Subject: [PATCH] feat: Homepage, Gatus and Pi-hole added (#23)

---
 environments/lab.tfvars                   |  4 +---
 environments/prod.tfvars                  |  6 ++----
 environments/shared.tfvars                | 21 ++++++++++++++++++---
 terraform/cloudflare-app-tunnel-health.tf | 11 +++++++++++
 terraform/variables.tf                    |  1 +
 5 files changed, 33 insertions(+), 10 deletions(-)
 create mode 100644 terraform/cloudflare-app-tunnel-health.tf

diff --git a/environments/lab.tfvars b/environments/lab.tfvars
index f3f6ad9..045550c 100644
--- a/environments/lab.tfvars
+++ b/environments/lab.tfvars
@@ -22,11 +22,9 @@ cloudflare_ssh_hosts = [
     { hostname = "pve1-lab" },
     { hostname = "pve2-lab" },
     { hostname = "pve3-lab" },
-    { hostname = "kube1-lab" },
-    { hostname = "kube2-lab" },
-    { hostname = "kube3-lab" },
     { hostname = "lab" }
 ]
 
 cloudflare_apps_subdomain_suffix = "-lab"
 cloudflare_apps_root_domain      = "homecentr.one"
+cloudflare_health_service_token_name = "503b3806-7f16-43a6-8c1f-4e62bc795395"
\ No newline at end of file
diff --git a/environments/prod.tfvars b/environments/prod.tfvars
index 86e3eeb..5759897 100644
--- a/environments/prod.tfvars
+++ b/environments/prod.tfvars
@@ -15,11 +15,9 @@ proxmox_redirect_urls = [
 cloudflare_ssh_hosts = [
   { hostname = "pve1" },
   { hostname = "pve2" },
-  { hostname = "pve3" },
-  { hostname = "kube1" },
-  { hostname = "kube2" },
-  { hostname = "kube3" }
+  { hostname = "pve3" }
 ]
 
 cloudflare_apps_subdomain_suffix = ""
 cloudflare_apps_root_domain      = "homecentr.one"
+cloudflare_health_service_token_name = "2d4c6503-61d7-4f16-92eb-3eeaf3e6daae"
\ No newline at end of file
diff --git a/environments/shared.tfvars b/environments/shared.tfvars
index ba0629a..d336e17 100644
--- a/environments/shared.tfvars
+++ b/environments/shared.tfvars
@@ -15,8 +15,23 @@ cloudflare_apps = [
     allow_non_admins = false
   },
   {
-    subdomain        = "cyberchef"
-    display_name     = "CyberChef"
+    subdomain        = "status"
+    display_name     = "Gatus"
     allow_non_admins = true
-  }
+  },
+  {
+    subdomain        = "pihole1"
+    display_name     = "Pi-hole 1"
+    allow_non_admins = false
+  },
+  {
+    subdomain        = "pihole2"
+    display_name     = "Pi-hole 2"
+    allow_non_admins = false
+  },
+  {
+    subdomain        = "tunnel-health"
+    display_name     = "Cloudflare Tunnel Healthcheck"
+    allow_non_admins = true
+  },
 ]
diff --git a/terraform/cloudflare-app-tunnel-health.tf b/terraform/cloudflare-app-tunnel-health.tf
new file mode 100644
index 0000000..3425a4e
--- /dev/null
+++ b/terraform/cloudflare-app-tunnel-health.tf
@@ -0,0 +1,11 @@
+resource "cloudflare_access_policy" "service_token" {
+  application_id = cloudflare_access_application.apps["Cloudflare Tunnel Healthcheck"].id
+  account_id     = sensitive(data.sops_file.secrets.data["cloudflare_account_id"])
+  name           = "Service Token${var.display_name_environment_suffix}"
+  precedence     = "3"
+  decision       = "non_identity"
+
+  include {
+    service_token = [var.cloudflare_health_service_token_name]
+  }
+}
\ No newline at end of file
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 928519b..8f5b86f 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -24,6 +24,7 @@ variable "cloudflare_ssh_hosts" {
 
 variable "cloudflare_apps_subdomain_suffix" { type = string }
 variable "cloudflare_apps_root_domain" { type = string }
+variable "cloudflare_health_service_token_name" { type = string }
 
 variable "environment_name" { type = string }
 variable "display_name_environment_suffix" { type = string }