Skip to content

Instantly share code, notes, and snippets.

@darkn3rd

darkn3rd/cloudflare.tf

Created June 17, 2024 22:37
Show Gist options
  • Save darkn3rd/c149714aa095df136f284d3f73dd4142 to your computer and use it in GitHub Desktop.
Save darkn3rd/c149714aa095df136f284d3f73dd4142 to your computer and use it in GitHub Desktop.
Download ZIP
Example Cloudflare
Raw
cloudflare.tf
variable "records" {
description = "Cloudflare DNS zone records"
type = set(object({
tf_obj_id = string # tf key used to organize records
name = string
proxied = bool
value = string
priority = number
ttl = number
type = string
zone_id = string
}))
}
variable "page_rules" {
description = "Cloudflare page rules"
type = map(object({
actions = set(object({
always_use_https = bool
automatic_https_rewrites = string
disable_apps = bool
disable_performance = bool
disable_railgun = bool
disable_security = bool
disable_zaraz = bool
edge_cache_ttl = number
ssl = string
forwarding_url = set(object({
status_code = number
url = string
}))
}))
priority = number
status = string
target = string
zone_id = string
}))
}
# DNS Zone Records
resource "cloudflare_record" "default" {
# generate unique object key to reference record
for_each = { for record in var.records : record.tf_obj_id => record }
name = each.value.name
value = each.value.value
priority = each.value.priority
type = each.value.type
proxied = each.value.proxied
zone_id = each.value.zone_id
}
resource "cloudflare_page_rule" "default" {
for_each = var.page_rules
dynamic "actions" {
for_each = each.value.actions
content {
always_use_https = actions.value.always_use_https
automatic_https_rewrites = actions.value.automatic_https_rewrites
disable_apps = actions.value.disable_apps
disable_performance = actions.value.disable_performance
disable_railgun = actions.value.disable_railgun
disable_security = actions.value.disable_security
disable_zaraz = actions.value.disable_zaraz
edge_cache_ttl = actions.value.edge_cache_ttl
ssl = actions.value.ssl
dynamic "forwarding_url" {
for_each = actions.value.forwarding_url
content {
status_code = forwarding_url.value.status_code
url = forwarding_url.value.url
}
}
}
}
priority = each.value.priority
status = each.value.status
target = each.value.target
zone_id = each.value.zone_id
}
# How to test complex structures
# https://www.middlewareinventory.com/blog/terraform-for-each-examples/
Raw
mycloudflare.tfvars
records = [
{
tf_obj_id = "MX/example.ai"
name = "example.ai"
proxied = "false"
value = "some.example.com"
priority = 10
ttl = 1
type = "MX"
zone_id = "REDACTED1"
},
{
tf_obj_id = "MX/example.ai"
name = "example.ai"
proxied = "false"
value = "mail.servers.com"
priority = 10
ttl = 1
type = "MX"
zone_id = "REDACTED2"
},
{
tf_obj_id = "A/stats.example.io"
name = "stats"
proxied = "true"
value = "111.111.111.111"
priority = null
ttl = 1
type = "A"
zone_id = "REDACTED3"
},
]
page_rules = {
########################################
# Zone: example.io
########################################
"example.io/ping.example.io/*" = {
actions = [{
always_use_https = false
automatic_https_rewrites = "on"
disable_apps = false
disable_performance = false
disable_railgun = false
disable_security = false
disable_zaraz = false
edge_cache_ttl = 0
ssl = "flexible"
forwarding_url = []
}]
priority = 3
status = "active"
target = "ping.example.io/*"
zone_id = "REDANCTED"
},
"example.com/example.com/*" = {
actions = [{
always_use_https = false
automatic_https_rewrites = null
disable_apps = false
disable_performance = false
disable_railgun = false
disable_security = false
disable_zaraz = false
edge_cache_ttl = 0
ssl = null
forwarding_url = [{
status_code = 301
url = "https://example.io"
}]
}]
priority = 1
status = "active"
target = "example.com/*"
zone_id = "REDACTED2"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment