variable "cloudflare_api_token" {
  description = "Cloudflare API token with Zone:Edit, DNS:Edit, Access:Edit permissions"
  type        = string
  sensitive   = true
}

variable "cloudflare_account_name" {
  description = "Cloudflare account name"
  type        = string
  default     = ""
}

variable "cloudflare_account_id" {
  description = "Cloudflare account ID (used if account name lookup fails)"
  type        = string
  sensitive   = true
  default     = ""
}

variable "domains" {
  description = "Map of domains to manage"
  type = map(object({
    plan       = string
    jump_start = bool
  }))
  default = {
    "offsec.global" = {
      plan       = "free"
      jump_start = false
    }
    "offsecglobal.com" = {
      plan       = "free"
      jump_start = false
    }
    "offsecagent.com" = {
      plan       = "free"
      jump_start = false
    }
    "offsecshield.com" = {
      plan       = "free"
      jump_start = false
    }
    "vaultmesh.org" = {
      plan       = "free"
      jump_start = false
    }
  }
}

variable "origin_ip" {
  description = "Origin server IP (should be tunnel, but fallback)"
  type        = string
  default     = "192.0.2.1" # Placeholder - use tunnel instead
}

variable "trusted_admin_ips" {
  description = "List of trusted admin IP addresses"
  type        = list(string)
  default     = []
}

variable "blocked_countries" {
  description = "Countries to challenge/block"
  type        = list(string)
  default     = ["CN", "RU", "KP", "IR"]
}