tofu/cloudflare/ruleset.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

{lib, ...}: {
  resource.cloudflare_ruleset = {
    default = {
      kind = "zone";
      name = "default";
      phase = "http_config_settings";
      zone_id = lib.tfRef "var.zone_id";

      rules = [
        {
          action = "set_config";
          action_parameters = {
            automatic_https_rewrites = true;
            email_obfuscation = true;
            opportunistic_encryption = false;
          };
          description = "base redirects";
          enabled = true;
          expression = "true";
        }
      ];
    };

    redirect = {
      kind = "zone";
      name = "default";
      phase = "http_request_dynamic_redirect";
      zone_id = lib.tfRef "var.zone_id";

      rules = [
        {
          action = "redirect";
          action_parameters = {
            from_value = {
              preserve_query_string = false;
              status_code = 301;
              target_url = {
                value = "https://www.youtube.com/watch?v=RvVdFXOFcjw";
              };
            };
          };
          description = "funny";
          enabled = true;
          expression = "(http.request.uri.path eq \"/hacks\" and http.host eq \"mydadleft.me\")";
        }
        {
          action = "redirect";
          action_parameters = {
            from_value = {
              preserve_query_string = false;
              status_code = 301;
              target_url = {
                value = "https://www.youtube.com/watch?v=RvVdFXOFcjw";
              };
            };
          };
          description = "onlyfriends";
          enabled = true;
          expression = "(http.request.uri.path eq \"/onlyfriends\" and http.host eq \"mydadleft.me\")";
        }
      ];
    };
  };
}