ben
/
tf
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
140 Commits
1 Branch
0 Tags
1.3 MiB
 
 
Tag: Branch: Tree: main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
tf/cloudflare.tf

86 lines
2.2 KiB
Raw Permalink Blame History

resource "cloudflare_zone" "deadopsde" {
zone = "deadops.de"
}
resource "cloudflare_zone" "sudois" {
zone = "sudo.is"
}
resource "cloudflare_zone_settings_override" "settings" {
zone_id = element([cloudflare_zone.sudois.id, cloudflare_zone.deadopsde.id], count.index)
count = 2
settings {
always_online = "on"
always_use_https = "on"
browser_cache_ttl = 0
ssl = "full"
opportunistic_onion = "on"
brotli = "off"
minify {
css = "off"
js = "off"
html = "off"
}
}
}
# resource "cloudflare_filter" "nextcloud_strict_countries" {
# zone_id = cloudflare_zone.sudois.id
# description = "filter countries"
# expression = "(not ip.geoip.country in {\"DE\" \"SE\" \"IS\" \"NO\"} and http.host eq \"nextcloud.sudo.is\")"
# }
# resource "cloudflare_firewall_rule" "nextcloud" {
# zone_id = cloudflare_zone.sudois.id
# description = "allowlist nextcloud"
# filter_id = cloudflare_filter.nextcloud_strict_countries.id
# action = "block"
# }
resource "cloudflare_filter" "bypass-well-known" {
zone_id = cloudflare_zone.sudois.id
description = "bypass stuff for service discovery urls"
expression = "(http.request.uri.path contains \"/.well-known\") or (http.request.uri.path contains \"/_matrix\")"
}
resource "cloudflare_firewall_rule" "bypass-well-known" {
zone_id = cloudflare_zone.sudois.id
description = "bypass stuff service discovery urls"
filter_id = cloudflare_filter.bypass-well-known.id
products = ["zoneLockdown", "uaBlock", "bic", "hot", "securityLevel", "rateLimit", "waf"]
action = "bypass"
}
resource "cloudflare_page_rule" "sudo-well-known" {
zone_id = cloudflare_zone.sudois.id
target = "sudo.is/.well-known/*"
priority = 1
actions {
browser_check = "off"
disable_security = true
cache_level = "cache_everything"
}
}
resource "cloudflare_page_rule" "www-sudo-well-known" {
zone_id = cloudflare_zone.sudois.id
target = "www.sudo.is/.well-known/*"
priority = 2
actions {
browser_check = "off"
disable_security = true
cache_level = "cache_everything"
}
}
resource "cloudflare_page_rule" "mirrors" {
zone_id = cloudflare_zone.deadopsde.id
target = "mirrors.deadops.de/*"
priority = 1
actions {
cache_level = "cache_everything"
}
}