Initial commit: Cloudflare infrastructure with WAF Intelligence

- Complete Cloudflare Terraform configuration (DNS, WAF, tunnels, access) - WAF Intelligence MCP server with threat analysis and ML classification - GitOps automation with PR workflows and drift detection - Observatory monitoring stack with Prometheus/Grafana - IDE operator rules for governed development - Security playbooks and compliance frameworks - Autonomous remediation and state reconciliation
2025-12-16 18:31:53 +00:00
commit 37a867c485
123 changed files with 25407 additions and 0 deletions
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -0,0 +1,66 @@
+variable "cloudflare_api_token" {
+  description = "Cloudflare API token with Zone:Edit, DNS:Edit, Access:Edit permissions"
+  type        = string
+  sensitive   = true
+}
+
+variable "cloudflare_account_name" {
+  description = "Cloudflare account name"
+  type        = string
+  default     = ""
+}
+
+variable "cloudflare_account_id" {
+  description = "Cloudflare account ID (used if account name lookup fails)"
+  type        = string
+  sensitive   = true
+  default     = ""
+}
+
+variable "domains" {
+  description = "Map of domains to manage"
+  type = map(object({
+    plan       = string
+    jump_start = bool
+  }))
+  default = {
+    "offsec.global" = {
+      plan       = "free"
+      jump_start = false
+    }
+    "offsecglobal.com" = {
+      plan       = "free"
+      jump_start = false
+    }
+    "offsecagent.com" = {
+      plan       = "free"
+      jump_start = false
+    }
+    "offsecshield.com" = {
+      plan       = "free"
+      jump_start = false
+    }
+    "vaultmesh.org" = {
+      plan       = "free"
+      jump_start = false
+    }
+  }
+}
+
+variable "origin_ip" {
+  description = "Origin server IP (should be tunnel, but fallback)"
+  type        = string
+  default     = "192.0.2.1" # Placeholder - use tunnel instead
+}
+
+variable "trusted_admin_ips" {
+  description = "List of trusted admin IP addresses"
+  type        = list(string)
+  default     = []
+}
+
+variable "blocked_countries" {
+  description = "Countries to challenge/block"
+  type        = list(string)
+  default     = ["CN", "RU", "KP", "IR"]
+}