79 lines
1.8 KiB
HCL
79 lines
1.8 KiB
HCL
variable "cloudflare_api_token" {
|
|
description = "Cloudflare API token with Zone:Edit, DNS:Edit, Access:Edit permissions"
|
|
type = string
|
|
sensitive = true
|
|
}
|
|
|
|
variable "cloudflare_account_name" {
|
|
description = "Cloudflare account name"
|
|
type = string
|
|
default = ""
|
|
}
|
|
|
|
variable "cloudflare_account_id" {
|
|
description = "Cloudflare account ID (used if account name lookup fails)"
|
|
type = string
|
|
sensitive = true
|
|
default = ""
|
|
}
|
|
|
|
variable "domains" {
|
|
description = "Map of domains to manage"
|
|
type = map(object({
|
|
plan = string
|
|
jump_start = bool
|
|
}))
|
|
default = {
|
|
"offsec.global" = {
|
|
plan = "free"
|
|
jump_start = false
|
|
}
|
|
"offsecglobal.com" = {
|
|
plan = "free"
|
|
jump_start = false
|
|
}
|
|
"offsecagent.com" = {
|
|
plan = "free"
|
|
jump_start = false
|
|
}
|
|
"offsecshield.com" = {
|
|
plan = "free"
|
|
jump_start = false
|
|
}
|
|
"vaultmesh.org" = {
|
|
plan = "free"
|
|
jump_start = false
|
|
}
|
|
}
|
|
}
|
|
|
|
variable "origin_ip" {
|
|
description = "Origin server IP (should be tunnel, but fallback)"
|
|
type = string
|
|
default = "192.0.2.1" # Placeholder - use tunnel instead
|
|
}
|
|
|
|
variable "trusted_admin_ips" {
|
|
description = "List of trusted admin IP addresses"
|
|
type = list(string)
|
|
default = []
|
|
}
|
|
|
|
variable "blocked_countries" {
|
|
description = "Countries to challenge/block"
|
|
type = list(string)
|
|
default = ["CN", "RU", "KP", "IR"]
|
|
}
|
|
|
|
variable "enable_managed_waf" {
|
|
description = "Enable Cloudflare managed WAF rulesets (requires WAF entitlement; typically not available on Free plan)."
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "enable_bot_management" {
|
|
description = "Enable Cloudflare Bot Management settings (requires Bot Management entitlement)."
|
|
type = bool
|
|
default = false
|
|
}
|