manage cloudflare pages with terranix

7 files changed, 97 insertions, 7 deletions

diff --git a/.gitignore b/.gitignore
index c546a18..1f320e3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,5 +11,6 @@ repl-result-out*
 
 # terranix
 config.tf.json
+plan.tf
 .terraform/
 .terraform.*
diff --git a/ext/terranix/cloudflare/default.nix b/ext/terranix/cloudflare/default.nix
index d3914df..a8f6d43 100644
--- a/ext/terranix/cloudflare/default.nix
+++ b/ext/terranix/cloudflare/default.nix
@@ -1,6 +1,8 @@
 {
   imports = [
     ./dns.nix
+    ./pages_domains.nix
+    ./pages_projects.nix
     ./ruleset.nix
     ./tls.nix
     ./tunnels.nix
diff --git a/ext/terranix/cloudflare/dns.nix b/ext/terranix/cloudflare/dns.nix
index c3372cf..81e6d0d 100644
--- a/ext/terranix/cloudflare/dns.nix
+++ b/ext/terranix/cloudflare/dns.nix
@@ -23,6 +23,7 @@
 
   atlas_tunnel = lib.tfRef "data.cloudflare_tunnel.atlas-nginx.id" + ".cfargotunnel.com";
 
+  pagesSubdomainFor = project: lib.tfRef "resource.cloudflare_pages_project.${project}.subdomain";
   blockEmailSpoofingFor = domain: let
     zone_id = zones.${domain};
   in {
@@ -62,7 +63,7 @@ in {
     lib.mapAttrs (_: mkRecord) {
       getchoo_com_website = {
         name = "@";
-        value = "website-86j.pages.dev";
+        value = pagesSubdomainFor "personal_website";
         type = "CNAME";
         zone_id = getchoo_com;
       };
@@ -76,7 +77,7 @@ in {
 
       getchoo_com_api = {
         name = "api";
-        value = "teawieapi.pages.dev";
+        value = pagesSubdomainFor "teawie_api";
         type = "CNAME";
         zone_id = getchoo_com;
       };
@@ -97,7 +98,7 @@ in {
 
       mydadleft_me_website = {
         name = "@";
-        value = "website-86j.pages.dev";
+        value = pagesSubdomainFor "personal_website";
         type = "CNAME";
         zone_id = mydadleft_me;
       };
@@ -118,7 +119,7 @@ in {
 
       mydadleft_me_api = {
         name = "api";
-        value = "teawieapi.pages.dev";
+        value = pagesSubdomainFor "teawie_api";
         type = "CNAME";
         zone_id = mydadleft_me;
       };
diff --git a/ext/terranix/cloudflare/pages_domains.nix b/ext/terranix/cloudflare/pages_domains.nix
new file mode 100644
index 0000000..c1273bd
--- /dev/null
+++ b/ext/terranix/cloudflare/pages_domains.nix
@@ -0,0 +1,30 @@
+{lib, ...}: let
+  setDomainsFor = {
+    account_id,
+    project,
+    domains,
+  }:
+    lib.listToAttrs (
+      map (domain: {
+        name = "${project}_${builtins.replaceStrings ["."] ["_"] domain}";
+        value = {
+          inherit account_id;
+          project_name = lib.tfRef "resource.cloudflare_pages_project.${project}.name";
+          inherit domain;
+        };
+      })
+      domains
+    );
+in {
+  resource.cloudflare_pages_domain =
+    setDomainsFor {
+      account_id = lib.tfRef "var.account_id";
+      project = "personal_website";
+      domains = ["mydadleft.me" "getchoo.com"];
+    }
+    // setDomainsFor {
+      account_id = lib.tfRef "var.account_id";
+      project = "teawie_api";
+      domains = ["api.mydadleft.me" "api.getchoo.com"];
+    };
+}
diff --git a/ext/terranix/cloudflare/pages_projects.nix b/ext/terranix/cloudflare/pages_projects.nix
new file mode 100644
index 0000000..5b6e64e
--- /dev/null
+++ b/ext/terranix/cloudflare/pages_projects.nix
@@ -0,0 +1,57 @@
+{lib, ...}: let
+  getGitHubRepo = {
+    owner,
+    repo_name,
+  }: {
+    type = "github";
+    config = {
+      inherit owner repo_name;
+      production_branch = "main";
+    };
+  };
+in {
+  resource.cloudflare_pages_project = {
+    personal_website = {
+      account_id = lib.tfRef "var.account_id";
+      name = "getchoo-website";
+      production_branch = "main";
+
+      source = getGitHubRepo {
+        owner = "getchoo";
+        repo_name = "website";
+      };
+
+      build_config = {
+        build_caching = true;
+        build_command = "./.github/build_site.sh";
+        destination_dir = "/dist";
+      };
+
+      deployment_configs = let
+        environment_variables = {
+          MINIFLUX_URL = "https://miniflux.getchoo.com";
+        };
+      in {
+        production = [{inherit environment_variables;}];
+        preview = [{inherit environment_variables;}];
+      };
+    };
+
+    teawie_api = {
+      account_id = lib.tfRef "var.account_id";
+      name = "teawie-api";
+      production_branch = "main";
+
+      source = getGitHubRepo {
+        owner = "getchoo";
+        repo_name = "teawieAPI";
+      };
+
+      build_config = {
+        build_caching = true;
+        build_command = "pnpm run lint && pnpm run build";
+        destination_dir = "/dist";
+      };
+    };
+  };
+}
diff --git a/justfile b/justfile
index 2f1346e..9a0342a 100644
--- a/justfile
+++ b/justfile
@@ -66,4 +66,5 @@ clean:
       result* \
       repl-result-out* \
       config.tf.json \
+      plan.tf \
       .terraform*
diff --git a/modules/nixos/server/mixins/cloudflared.nix b/modules/nixos/server/mixins/cloudflared.nix
index 26c0714..a5afb62 100644
--- a/modules/nixos/server/mixins/cloudflared.nix
+++ b/modules/nixos/server/mixins/cloudflared.nix
@@ -33,9 +33,7 @@ in {
           tunnels.${cfg.tunnelName} = {
             default = "http_status:404";
 
-            ingress = lib.genAttrs (builtins.attrNames nginx.virtualHosts) (
-              _: {service = "http://localhost:${toString nginx.defaultHTTPListenPort}";}
-            );
+            ingress = lib.mapAttrs (_: _: {service = "http://localhost:${toString nginx.defaultHTTPListenPort}";}) nginx.virtualHosts;
           };
         };
       }