Use tailscale to allow ssh access to gitea

2025-05-23 00:15:04 +10:00
parent 3f70bc62d3
commit c1aeb11354
5 changed files with 97 additions and 14 deletions
--- a/2-nomad-config/1-infra.tf
+++ b/2-nomad-config/1-infra.tf
@@ -10,6 +10,10 @@ terraform {
      source  = "carlpett/sops"
      version = "~> 0.5"
    }
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 5"
+    }
    postgresql = {
      source = "cyrilgdn/postgresql"
    }
@@ -24,8 +28,32 @@ data "sops_file" "secrets" {
  source_file = "secrets.enc.json"
 }

+provider "cloudflare" {
+  api_token = data.sops_file.secrets.data["cloudflare.api_token"]
+}
+
 // Networking

+resource "cloudflare_dns_record" "othrayte-one" {
+  comment = "othrayte.one proxy to internal IP for traefik"
+  zone_id = "2616ab2a44d0645b03fbc3106c79bd99"
+  type    = "AAAA"
+  name    = "othrayte.one"
+  content = data.sops_file.secrets.data["cloudflare.direct_ip6"]
+  proxied = true
+  ttl     = 1 # Auto
+}
+
+resource "cloudflare_dns_record" "star-othrayte-one" {
+  comment = "*.othrayte.one proxy to internal IP for traefik"
+  zone_id = "2616ab2a44d0645b03fbc3106c79bd99"
+  type    = "AAAA"
+  name    = "*"
+  content = data.sops_file.secrets.data["cloudflare.direct_ip6"]
+  proxied = true
+  ttl     = 1 # Auto
+}
+
 resource "nomad_job" "traefik" {
  jobspec = file("traefik.nomad.hcl")
 }