diff options
Diffstat (limited to 'ext/terranix/cloudflare')
| -rw-r--r-- | ext/terranix/cloudflare/dns.nix | 78 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/pages_domains.nix | 26 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/pages_projects.nix | 39 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/ruleset.nix | 3 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/tls.nix | 6 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/tunnels.nix | 16 |
6 files changed, 90 insertions, 78 deletions
diff --git a/ext/terranix/cloudflare/dns.nix b/ext/terranix/cloudflare/dns.nix index 4da90ab..4be834c 100644 --- a/ext/terranix/cloudflare/dns.nix +++ b/ext/terranix/cloudflare/dns.nix @@ -1,52 +1,60 @@ -{lib, ...}: let - mkRecord = { - name, - value, - type, - zone_id, - }: +{ lib, ... }: +let + mkRecord = { - inherit name value type zone_id; + name, + value, + type, + zone_id, + }: + { + inherit + name + value + type + zone_id + ; ttl = 1; } - // lib.optionalAttrs (type != "TXT") {proxied = true;}; + // lib.optionalAttrs (type != "TXT") { proxied = true; }; zones = { getchoo_com = lib.tfRef "var.getchoo_com_zone_id"; }; - inherit - (zones) - getchoo_com - ; + inherit (zones) getchoo_com; atlas_tunnel = lib.tfRef "data.cloudflare_tunnel.atlas-nginx.id" + ".cfargotunnel.com"; pagesSubdomainFor = project: lib.tfRef "resource.cloudflare_pages_project.${project}.subdomain"; - blockEmailSpoofingFor = domain: let - zone_id = zones.${domain}; - in { - "${domain}_dmarc" = { - name = "_dmarc"; - value = "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;"; - type = "TXT"; - inherit zone_id; - }; + blockEmailSpoofingFor = + domain: + let + zone_id = zones.${domain}; + in + { + "${domain}_dmarc" = { + name = "_dmarc"; + value = "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;"; + type = "TXT"; + inherit zone_id; + }; - "${domain}_domainkey" = { - name = "*._domainkey"; - value = "v=DKIM1; p="; - type = "TXT"; - inherit zone_id; - }; + "${domain}_domainkey" = { + name = "*._domainkey"; + value = "v=DKIM1; p="; + type = "TXT"; + inherit zone_id; + }; - "${domain}_email" = { - name = "@"; - value = "v=spf1 -all"; - type = "TXT"; - inherit zone_id; + "${domain}_email" = { + name = "@"; + value = "v=spf1 -all"; + type = "TXT"; + inherit zone_id; + }; }; - }; -in { +in +{ resource.cloudflare_zone_dnssec = { getchoo_com_dnssec = { zone_id = getchoo_com; diff --git a/ext/terranix/cloudflare/pages_domains.nix b/ext/terranix/cloudflare/pages_domains.nix index c3c45bb..531b2de 100644 --- a/ext/terranix/cloudflare/pages_domains.nix +++ b/ext/terranix/cloudflare/pages_domains.nix @@ -1,30 +1,32 @@ -{lib, ...}: let - setDomainsFor = { - account_id, - project, - domains, - }: +{ lib, ... }: +let + setDomainsFor = + { + account_id, + project, + domains, + }: lib.listToAttrs ( map (domain: { - name = "${project}_${builtins.replaceStrings ["."] ["_"] domain}"; + name = "${project}_${builtins.replaceStrings [ "." ] [ "_" ] domain}"; value = { inherit account_id; project_name = lib.tfRef "resource.cloudflare_pages_project.${project}.name"; inherit domain; }; - }) - domains + }) domains ); -in { +in +{ resource.cloudflare_pages_domain = setDomainsFor { account_id = lib.tfRef "var.account_id"; project = "personal_website"; - domains = ["getchoo.com"]; + domains = [ "getchoo.com" ]; } // setDomainsFor { account_id = lib.tfRef "var.account_id"; project = "teawie_api"; - domains = ["api.getchoo.com"]; + domains = [ "api.getchoo.com" ]; }; } diff --git a/ext/terranix/cloudflare/pages_projects.nix b/ext/terranix/cloudflare/pages_projects.nix index 5b6e64e..37ca785 100644 --- a/ext/terranix/cloudflare/pages_projects.nix +++ b/ext/terranix/cloudflare/pages_projects.nix @@ -1,15 +1,16 @@ -{lib, ...}: let - getGitHubRepo = { - owner, - repo_name, - }: { - type = "github"; - config = { - inherit owner repo_name; - production_branch = "main"; +{ lib, ... }: +let + getGitHubRepo = + { owner, repo_name }: + { + type = "github"; + config = { + inherit owner repo_name; + production_branch = "main"; + }; }; - }; -in { +in +{ resource.cloudflare_pages_project = { personal_website = { account_id = lib.tfRef "var.account_id"; @@ -27,14 +28,16 @@ in { destination_dir = "/dist"; }; - deployment_configs = let - environment_variables = { - MINIFLUX_URL = "https://miniflux.getchoo.com"; + deployment_configs = + let + environment_variables = { + MINIFLUX_URL = "https://miniflux.getchoo.com"; + }; + in + { + production = [ { inherit environment_variables; } ]; + preview = [ { inherit environment_variables; } ]; }; - in { - production = [{inherit environment_variables;}]; - preview = [{inherit environment_variables;}]; - }; }; teawie_api = { diff --git a/ext/terranix/cloudflare/ruleset.nix b/ext/terranix/cloudflare/ruleset.nix index 9f611c4..98364d9 100644 --- a/ext/terranix/cloudflare/ruleset.nix +++ b/ext/terranix/cloudflare/ruleset.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ resource.cloudflare_ruleset = { getchoo_com_redirects = { kind = "zone"; diff --git a/ext/terranix/cloudflare/tls.nix b/ext/terranix/cloudflare/tls.nix index 1fcc7ac..77450ad 100644 --- a/ext/terranix/cloudflare/tls.nix +++ b/ext/terranix/cloudflare/tls.nix @@ -1,9 +1,11 @@ -{lib, ...}: let +{ lib, ... }: +let baseSettings = { always_use_https = "on"; ssl = "strict"; }; -in { +in +{ resource.cloudflare_zone_settings_override = { getchoo_com_settings = { zone_id = lib.tfRef "var.getchoo_com_zone_id"; diff --git a/ext/terranix/cloudflare/tunnels.nix b/ext/terranix/cloudflare/tunnels.nix index f745deb..0bbf6f6 100644 --- a/ext/terranix/cloudflare/tunnels.nix +++ b/ext/terranix/cloudflare/tunnels.nix @@ -1,13 +1,9 @@ -{lib, ...}: { - data.cloudflare_tunnel = - lib.genAttrs - [ - "atlas-nginx" - ] - (name: { - inherit name; - account_id = lib.tfRef "var.account_id"; - }); +{ lib, ... }: +{ + data.cloudflare_tunnel = lib.genAttrs [ "atlas-nginx" ] (name: { + inherit name; + account_id = lib.tfRef "var.account_id"; + }); resource.cloudflare_authenticated_origin_pulls = { getchoo_com_origin = { |