Initial commit

.gitignore

@@ -0,0 +1 @@
+.terraform/*

.terraform.lock.hcl

@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/cloudflare/cloudflare" {
+  version     = "4.28.0"
+  constraints = "4.28.0"
+  hashes = [
+    "h1:RP176WYI5vc3I12b3sbMJnuKgHFsry0j2kP7za3ttzo=",
+    "zh:31d5ec400a9ce2168ecac577af8b9d81a684d7496a7b5b6e187923cc8cf17139",
+    "zh:3f14d1fe124b5476e1a61f142be113ee5521eec1f5fd66b43092d486c3f8465b",
+    "zh:4a320ba93bf29be99b25fbc55771cf6dd8eeb330dd05a45394da8b3cd7f54b75",
+    "zh:56cc2be82b22c9b9bbe682c2abcc7e28f439187afff4b2ff39825a9a6eb02b4e",
+    "zh:59d5008d1e1d694c3dc03fbcde7f34b18f106290fa848b1d4c5e09bf0c041150",
+    "zh:6048cabd9793e1e0b4529dfc57414f8eff852135014eccb26b0b8ae591f67c8e",
+    "zh:677a0242fc44bdb9fd63617801dfd7ced05b660f1f6234f16c396fb4a4c4c0e8",
+    "zh:711c7d7e86420a76e7dda39f1a9543210c4aec5bf08bbf2ce46df1f4d24530ed",
+    "zh:86a21510e9d6ce57580cb4dbb679cff060d8adcec9e98c97404d90fa9077fdd9",
+    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
+    "zh:a5bcf40c58df98ec555144b6790bb908b9b6535889c4dada87b1f9da2cf89196",
+    "zh:c33eee1c6bf277718ff2cbdc8a93fd46dfb655eb7381ca2d88a6aaef8e24f619",
+    "zh:dc64498427b9f78f49a233cc6cb280aa950fde46ef022b64fddb0b74c8505178",
+    "zh:ead016fc81994ece080e17b2e8d9efed09ac995c164a7faf576475e2fb7abdc5",
+    "zh:ec8b9acef18196c13ab9244dc45cf3ed869eb921925194e56370f1567675bd53",
+  ]
+}

main.tf

@@ -0,0 +1,71 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.27.0"
+    }
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "4.28.0"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "4.0.5"
+    }
+  }
+}
+
+provider "cloudflare" {
+  api_token = var.cloudflare_api_token
+}
+
+provider "kubernetes" {
+  config_path = var.kube_config_path
+}
+
+data "cloudflare_zone" "module" {
+  zone_id = var.cloudflare_zone_id
+}
+
+resource "cloudflare_record" "module" {
+  zone_id = data.cloudflare_zone.module.id
+  name    = var.cloudflare_subdomain
+  value   = var.cloudflare_ingress_host
+  type    = "CNAME"
+  proxied = true
+}
+
+locals {
+  domain_name = "${cloudflare_record.module.name}.${data.cloudflare_zone.module.name}"
+}
+
+resource "tls_private_key" "origin" {
+  algorithm = "RSA"
+}
+
+resource "tls_cert_request" "origin" {
+  private_key_pem = tls_private_key.origin.private_key_pem
+  subject {
+    common_name  = ""
+    organization = "paltiverse"
+  }
+}
+
+resource "cloudflare_origin_ca_certificate" "origin" {
+  request_type       = "origin-rsa"
+  requested_validity = 5475
+  hostnames          = [local.domain_name]
+  csr                = tls_cert_request.origin.cert_request_pem
+}
+
+resource "kubernetes_secret_v1" "tls" {
+  metadata {
+    namespace = kubernetes_namespace_v1.gitea.metadata[0].name
+    name      = "tls"
+  }
+  data = {
+    "tls.crt" : cloudflare_origin_ca_certificate.origin.certificate
+    "tls.key" : tls_private_key.origin.private_key_pem
+  }
+  type = "kubernetes.io/tls"
+}

outputs.tf

@@ -0,0 +1,3 @@
+output "domain-name" {
+  value = local.domain_name
+}

vars.tf

@@ -0,0 +1,33 @@
+variable "kube_config_path" {
+  type = string
+}
+
+variable "kube_namespace" {
+  type = string
+}
+
+variable "kube_tls_secret_name" {
+  type = string
+  default = "origin-tls"
+}
+
+variable "cloudflare_api_token" {
+  type      = string
+  sensitive = true
+}
+
+variable "cloudflare_account_id" {
+  type = string
+}
+
+variable "cloudflare_zone_id" {
+  type = string
+}
+
+variable "cloudflare_subdomain" {
+  type = string
+}
+
+variable "cloudflare_ingress_host" {
+  type = string
+}