vaultsovereign/vm-cloudflare
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Initial commit: Cloudflare infrastructure with WAF Intelligence

Browse Source 
- Complete Cloudflare Terraform configuration (DNS, WAF, tunnels, access)
- WAF Intelligence MCP server with threat analysis and ML classification
- GitOps automation with PR workflows and drift detection
- Observatory monitoring stack with Prometheus/Grafana
- IDE operator rules for governed development
- Security playbooks and compliance frameworks
- Autonomous remediation and state reconciliation
This commit is contained in:
Vault Sovereign
2025-12-16 18:31:53 +00:00
commit 37a867c485
123 changed files with 25407 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
terraform/README.md Normal file
View File

@@ -0,0 +1,80 @@
# Cloudflare Terraform Configuration
Infrastructure as Code for VaultMesh and OffSec Cloudflare resources.
## Prerequisites
1. Terraform >= 1.0
2. Cloudflare API token with permissions:
- Zone: Edit
- DNS: Edit
- Access: Edit
- Argo Tunnel: Edit
- WAF: Edit
## Files
| File | Description |
|------|-------------|
| `main.tf` | Provider configuration |
| `variables.tf` | Input variables |
| `zones.tf` | Zone creation and settings |
| `dns.tf` | DNS records |
| `waf.tf` | WAF and firewall rules |
| `tunnels.tf` | Cloudflare Tunnels |
| `access.tf` | Zero Trust Access apps |
| `outputs.tf` | Output values |
## Usage
```bash
# Initialize
terraform init
# Create terraform.tfvars
cat > terraform.tfvars <<EOF
cloudflare_api_token = "your-api-token"
cloudflare_account_name = "your-account-name"
tunnel_secret_vaultmesh = "base64-encoded-secret"
tunnel_secret_offsec = "base64-encoded-secret"
admin_emails = ["admin@vaultmesh.org"]
EOF
# Plan
terraform plan
# Apply
terraform apply
```
## Generate Tunnel Secrets
```bash
# Generate 32-byte random secret, base64 encoded
openssl rand -base64 32
```
## Domains Managed
- vaultmesh.org
- offsec.global
- offsecglobal.com
- offsecagent.com
- offsecshield.com
## Security Notes
- Never commit `terraform.tfvars` to git
- Use environment variables for CI/CD:
```bash
export TF_VAR_cloudflare_api_token="..."
```
- Rotate tunnel secrets every 90 days
- Review Access policies regularly
## VaultMesh Integration
After applying, emit a VaultMesh receipt:
```bash
terraform output -json > /var/lib/vaultmesh/snapshots/cloudflare-$(date +%Y%m%d).json
```