62 lines
1.4 KiB
HCL
62 lines
1.4 KiB
HCL
terraform {
|
|
required_providers {
|
|
acme = {
|
|
source = "vancluever/acme"
|
|
version = "~>2.0"
|
|
}
|
|
cloudflare = {
|
|
source = "cloudflare/cloudflare"
|
|
version = "~>4.0"
|
|
}
|
|
}
|
|
}
|
|
|
|
provider "acme" {
|
|
server_url = "https://acme-v02.api.letsencrypt.org/directory"
|
|
}
|
|
|
|
provider "cloudflare" {
|
|
api_token = var.cloudflare_token
|
|
}
|
|
|
|
resource "tls_private_key" "private_key" {
|
|
algorithm = "RSA"
|
|
rsa_bits = 4096
|
|
}
|
|
|
|
resource "acme_registration" "reg" {
|
|
account_key_pem = tls_private_key.private_key.private_key_pem
|
|
email_address = var.acme_reg_email
|
|
}
|
|
|
|
resource "acme_certificate" "certificate" {
|
|
account_key_pem = acme_registration.reg.account_key_pem
|
|
common_name = var.domain_name
|
|
subject_alternative_names = [var.fqdn]
|
|
|
|
dns_challenge {
|
|
provider = "cloudflare"
|
|
config = {
|
|
CF_DNS_API_TOKEN = var.cloudflare_token
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "cloudflare_record" "flarum" {
|
|
name = "flarum"
|
|
type = "CNAME"
|
|
zone_id = var.zone_id
|
|
value = var.cname_record
|
|
proxied = true
|
|
}
|
|
|
|
resource "local_file" "public_cert" {
|
|
filename = "../roles/flarum/files/fullchain.pem"
|
|
content = "${acme_certificate.certificate.certificate_pem}${acme_certificate.certificate.issuer_pem}"
|
|
}
|
|
|
|
resource "local_sensitive_file" "private_key" {
|
|
filename = "../roles/flarum/files/privkey.pem"
|
|
content = acme_certificate.certificate.private_key_pem
|
|
}
|