From e2912c46105ab54c1e3e32efeda6c87a2f96ce80 Mon Sep 17 00:00:00 2001
From: Bubbles <bubbles@bubblesthebunny.com>
Date: Tue, 19 Mar 2024 10:16:01 -0500
Subject: [PATCH] Terraform creates tunnel and cname record

---
 .gitignore             |  6 ++++++
 README.md              |  1 +
 terraform/hose.sh      |  5 +++++
 terraform/main.tf      | 26 ++++++++++++++++++++++++++
 terraform/run.sh       | 14 ++++++++++++++
 terraform/variables.tf | 19 +++++++++++++++++++
 6 files changed, 71 insertions(+)
 create mode 100755 terraform/hose.sh
 create mode 100644 terraform/main.tf
 create mode 100755 terraform/run.sh
 create mode 100644 terraform/variables.tf

diff --git a/.gitignore b/.gitignore
index 3d4c307..f5ff732 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,9 @@
 .idea/
 *.iml
 terraform/.secrets
+/terraform/.terraform/
+/terraform/.terraform.lock.hcl
+/terraform/destroy.tfplan
+/terraform/exercise.tfplan
+/terraform/terraform.tfstate
+/terraform/terraform.tfstate.backup
diff --git a/README.md b/README.md
index 600e795..d0ad21c 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,7 @@ Secrets required for Terraform can be stored in a file:
 ex. terraform/.secrets which is already ignored by Git
 
 Required variables:
+
 ```shell
 export TF_VAR_cloudflare_token=<cloudflare_token>
 export TF_VAR_zone_id=<cloudflare_zone_id>
diff --git a/terraform/hose.sh b/terraform/hose.sh
new file mode 100755
index 0000000..20c4dd7
--- /dev/null
+++ b/terraform/hose.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env sh
+
+terraform plan -destroy -out destroy.tfplan
+
+terraform apply destroy.tfplan
diff --git a/terraform/main.tf b/terraform/main.tf
new file mode 100644
index 0000000..c08be5c
--- /dev/null
+++ b/terraform/main.tf
@@ -0,0 +1,26 @@
+terraform {
+  required_providers {
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~>4.0"
+    }
+  }
+}
+
+provider "cloudflare" {
+  api_token = var.cloudflare_token
+}
+
+resource "cloudflare_tunnel" "tunnel" {
+  account_id = var.account_id
+  name       = "exercise"
+  secret     = var.tunnel_secret
+}
+
+resource "cloudflare_record" "notfound" {
+  name    = "notfound"
+  type    = "CNAME"
+  zone_id = var.zone_id
+  value   = cloudflare_tunnel.tunnel.cname
+  proxied = true
+}
diff --git a/terraform/run.sh b/terraform/run.sh
new file mode 100755
index 0000000..15c6982
--- /dev/null
+++ b/terraform/run.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env sh
+
+export TF_IN_AUTOMATION=true
+
+terraform init -upgrade
+
+terraform fmt -recursive
+
+terraform validate || exit
+
+terraform plan -out exercise.tfplan
+
+terraform apply exercise.tfplan
+
diff --git a/terraform/variables.tf b/terraform/variables.tf
new file mode 100644
index 0000000..eb93110
--- /dev/null
+++ b/terraform/variables.tf
@@ -0,0 +1,19 @@
+variable "cloudflare_token" {
+  type        = string
+  description = "The token used to authenticate with Cloudflare (must have DNS:edit Account/Cloudflare Tunnel: edit privs)"
+}
+
+variable "account_id" {
+  type        = string
+  description = "The ID for the Cloudflare account to make the tunnel under"
+}
+
+variable "zone_id" {
+  type        = string
+  description = "The ID for the Cloudflare zone (the domain the tunnel will be running on)"
+}
+
+variable "tunnel_secret" {
+  type    = string
+  default = "The secret for the tunnel"
+}