diff options
Diffstat (limited to 'terranix/cloudflare')
| -rw-r--r-- | terranix/cloudflare/default.nix | 21 | ||||
| -rw-r--r-- | terranix/cloudflare/dns.nix | 64 | ||||
| -rw-r--r-- | terranix/cloudflare/ruleset.nix | 64 | ||||
| -rw-r--r-- | terranix/cloudflare/tunnels.nix | 11 |
4 files changed, 0 insertions, 160 deletions
diff --git a/terranix/cloudflare/default.nix b/terranix/cloudflare/default.nix deleted file mode 100644 index 80e8e39..0000000 --- a/terranix/cloudflare/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{lib, ...}: { - imports = [ - ./dns.nix - ./ruleset.nix - ./tunnels.nix - ]; - - resource = { - cloudflare_url_normalization_settings.incoming = { - scope = "incoming"; - type = "cloudflare"; - zone_id = lib.tfRef "var.zone_id"; - }; - - cloudflare_bot_management.bots = { - enable_js = false; - fight_mode = false; - zone_id = lib.tfRef "var.zone_id"; - }; - }; -} diff --git a/terranix/cloudflare/dns.nix b/terranix/cloudflare/dns.nix deleted file mode 100644 index 9618019..0000000 --- a/terranix/cloudflare/dns.nix +++ /dev/null @@ -1,64 +0,0 @@ -{lib, ...}: let - mkRecord = name: { - value, - type, - ... - } @ args: - { - name = args.name or name; - zone_id = lib.tfRef "var.zone_id"; - ttl = 1; - inherit value type; - } - // lib.optionalAttrs (type != "TXT") {proxied = true;}; - - atlas_tunnel = lib.tfRef "data.cloudflare_tunnel.atlas-nginx.id" + ".cfargotunnel.com"; -in { - resource.cloudflare_record = builtins.mapAttrs mkRecord { - website = { - name = "@"; - value = "website-86j.pages.dev"; - type = "CNAME"; - }; - - www = { - value = "mydadleft.me"; - type = "CNAME"; - }; - - api = { - value = "teawieapi.pages.dev"; - type = "CNAME"; - }; - - miniflux = { - value = atlas_tunnel; - type = "CNAME"; - }; - - msix = { - value = atlas_tunnel; - type = "CNAME"; - }; - - # prevent email spoofing - - dmarc = { - name = "_dmarc"; - value = "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;"; - type = "TXT"; - }; - - domainkey = { - name = "*._domainkey"; - value = "v=DKIM1; p="; - type = "TXT"; - }; - - email = { - name = "mydadleft.me"; - value = "v=spf1 -all"; - type = "TXT"; - }; - }; -} diff --git a/terranix/cloudflare/ruleset.nix b/terranix/cloudflare/ruleset.nix deleted file mode 100644 index 1be98aa..0000000 --- a/terranix/cloudflare/ruleset.nix +++ /dev/null @@ -1,64 +0,0 @@ -{lib, ...}: { - resource.cloudflare_ruleset = { - default = { - kind = "zone"; - name = "default"; - phase = "http_config_settings"; - zone_id = lib.tfRef "var.zone_id"; - - rules = [ - { - action = "set_config"; - action_parameters = { - automatic_https_rewrites = true; - email_obfuscation = true; - opportunistic_encryption = false; - }; - description = "base redirects"; - enabled = true; - expression = "true"; - } - ]; - }; - - redirect = { - kind = "zone"; - name = "default"; - phase = "http_request_dynamic_redirect"; - zone_id = lib.tfRef "var.zone_id"; - - rules = [ - { - action = "redirect"; - action_parameters = { - from_value = { - preserve_query_string = false; - status_code = 301; - target_url = { - value = "https://www.youtube.com/watch?v=RvVdFXOFcjw"; - }; - }; - }; - description = "funny"; - enabled = true; - expression = "(http.request.uri.path eq \"/hacks\" and http.host eq \"mydadleft.me\")"; - } - { - action = "redirect"; - action_parameters = { - from_value = { - preserve_query_string = false; - status_code = 301; - target_url = { - value = "https://www.youtube.com/watch?v=RvVdFXOFcjw"; - }; - }; - }; - description = "onlyfriends"; - enabled = true; - expression = "(http.request.uri.path eq \"/onlyfriends\" and http.host eq \"mydadleft.me\")"; - } - ]; - }; - }; -} diff --git a/terranix/cloudflare/tunnels.nix b/terranix/cloudflare/tunnels.nix deleted file mode 100644 index bea9811..0000000 --- a/terranix/cloudflare/tunnels.nix +++ /dev/null @@ -1,11 +0,0 @@ -{lib, ...}: { - data.cloudflare_tunnel = - lib.genAttrs - [ - "atlas-nginx" - ] - (name: { - inherit name; - account_id = lib.tfRef "var.account_id"; - }); -} |