vaultsovereign/vm-cloudflare
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
main
vm-cloudflare/terraform/tunnels.tf
Vault Sovereign 37a867c485 Initial commit: Cloudflare infrastructure with WAF Intelligence 
- Complete Cloudflare Terraform configuration (DNS, WAF, tunnels, access)
- WAF Intelligence MCP server with threat analysis and ML classification
- GitOps automation with PR workflows and drift detection
- Observatory monitoring stack with Prometheus/Grafana
- IDE operator rules for governed development
- Security playbooks and compliance frameworks
- Autonomous remediation and state reconciliation
2025-12-16 18:31:53 +00:00

122 lines
2.8 KiB
HCL
Raw Permalink Blame History

# Cloudflare Tunnels
# Tunnel for VaultMesh services
resource "cloudflare_tunnel" "vaultmesh" {
account_id = local.account_id
name = "vaultmesh-tunnel"
secret = var.tunnel_secret_vaultmesh
}
# Tunnel for OffSec services
resource "cloudflare_tunnel" "offsec" {
account_id = local.account_id
name = "offsec-tunnel"
secret = var.tunnel_secret_offsec
}
# Tunnel configuration for VaultMesh
resource "cloudflare_tunnel_config" "vaultmesh" {
account_id = local.account_id
tunnel_id = cloudflare_tunnel.vaultmesh.id
config {
# VaultMesh Core API
ingress_rule {
hostname = "api.vaultmesh.org"
service = "http://localhost:8080"
origin_request {
connect_timeout = "10s"
no_tls_verify = false
}
}
# VaultMesh Dashboard
ingress_rule {
hostname = "dash.vaultmesh.org"
service = "http://localhost:3000"
}
# VaultMesh Guardian
ingress_rule {
hostname = "guardian.vaultmesh.org"
service = "http://localhost:8081"
}
# Catch-all
ingress_rule {
service = "http_status:404"
}
}
}
# Tunnel configuration for OffSec
resource "cloudflare_tunnel_config" "offsec" {
account_id = local.account_id
tunnel_id = cloudflare_tunnel.offsec.id
config {
# OffSec main site
ingress_rule {
hostname = "offsec.global"
service = "http://localhost:8090"
}
# OffSec Agent portal
ingress_rule {
hostname = "offsecagent.com"
service = "http://localhost:8091"
}
# OffSec Shield dashboard
ingress_rule {
hostname = "offsecshield.com"
service = "http://localhost:8092"
}
# Catch-all
ingress_rule {
service = "http_status:404"
}
}
}
# DNS records pointing to tunnels
resource "cloudflare_record" "tunnel_vaultmesh_api" {
zone_id = cloudflare_zone.domains["vaultmesh.org"].id
name = "api"
value = "${cloudflare_tunnel.vaultmesh.id}.cfargotunnel.com"
type = "CNAME"
proxied = true
}
resource "cloudflare_record" "tunnel_vaultmesh_dash" {
zone_id = cloudflare_zone.domains["vaultmesh.org"].id
name = "dash"
value = "${cloudflare_tunnel.vaultmesh.id}.cfargotunnel.com"
type = "CNAME"
proxied = true
}
resource "cloudflare_record" "tunnel_vaultmesh_guardian" {
zone_id = cloudflare_zone.domains["vaultmesh.org"].id
name = "guardian"
value = "${cloudflare_tunnel.vaultmesh.id}.cfargotunnel.com"
type = "CNAME"
proxied = true
}
# Variables for tunnel secrets
variable "tunnel_secret_vaultmesh" {
description = "Secret for VaultMesh tunnel (base64 encoded 32+ bytes)"
type = string
sensitive = true
default = ""
}
variable "tunnel_secret_offsec" {
description = "Secret for OffSec tunnel (base64 encoded 32+ bytes)"
type = string
sensitive = true
default = ""
}
Reference in New Issue View Git Blame Copy Permalink