.gitignore

@@ -1,3 +1,9 @@
 .idea/
 *.iml
 terraform/.secrets
+/terraform/.terraform/
+/terraform/.terraform.lock.hcl
+/terraform/destroy.tfplan
+/terraform/exercise.tfplan
+/terraform/terraform.tfstate
+/terraform/terraform.tfstate.backup

README.md

@@ -16,6 +16,7 @@ Secrets required for Terraform can be stored in a file:
 ex. terraform/.secrets which is already ignored by Git
 
 Required variables:
+
 ```shell
 export TF_VAR_cloudflare_token=<cloudflare_token>
 export TF_VAR_zone_id=<cloudflare_zone_id>

terraform/hose.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env sh
+
+terraform plan -destroy -out destroy.tfplan
+
+terraform apply destroy.tfplan

terraform/main.tf

@@ -0,0 +1,26 @@
+terraform {
+  required_providers {
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~>4.0"
+    }
+  }
+}
+
+provider "cloudflare" {
+  api_token = var.cloudflare_token
+}
+
+resource "cloudflare_tunnel" "tunnel" {
+  account_id = var.account_id
+  name       = "exercise"
+  secret     = var.tunnel_secret
+}
+
+resource "cloudflare_record" "notfound" {
+  name    = "notfound"
+  type    = "CNAME"
+  zone_id = var.zone_id
+  value   = cloudflare_tunnel.tunnel.cname
+  proxied = true
+}

terraform/run.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env sh
+
+export TF_IN_AUTOMATION=true
+
+terraform init -upgrade
+
+terraform fmt -recursive
+
+terraform validate || exit
+
+terraform plan -out exercise.tfplan
+
+terraform apply exercise.tfplan
+

terraform/variables.tf

@@ -0,0 +1,19 @@
+variable "cloudflare_token" {
+  type        = string
+  description = "The token used to authenticate with Cloudflare (must have DNS:edit Account/Cloudflare Tunnel: edit privs)"
+}
+
+variable "account_id" {
+  type        = string
+  description = "The ID for the Cloudflare account to make the tunnel under"
+}
+
+variable "zone_id" {
+  type        = string
+  description = "The ID for the Cloudflare zone (the domain the tunnel will be running on)"
+}
+
+variable "tunnel_secret" {
+  type    = string
+  default = "The secret for the tunnel"
+}