diff --git a/.github/workflows/tags.yaml b/.github/workflows/tags.yaml index a192d76..e3bedb4 100644 --- a/.github/workflows/tags.yaml +++ b/.github/workflows/tags.yaml @@ -3,7 +3,7 @@ name: Create New Tag on: push: branches: - - 'main' + - '*' jobs: create-tag: @@ -15,7 +15,14 @@ jobs: - name: Set tag version id: set_version - run: echo "::set-output name=tag::v$(date +'%Y%m%d%H%M%S')" + run: | + if [ "${GITHUB_REF##*/}" == "main" ]; then + #echo "::set-output name=tag::$(date +'%Y%m%d%H%M%S')" + echo "::set-output name=tag::$(cat VERSION.txt')" + else + # echo "::set-output name=tag::rc$(date +'%Y%m%d%H%M%S')" + echo "::set-output name=tag::rc$(cat VERSION.txt${SHORT_SHA})'" + fi - name: Create Git Tag run: git tag ${{ steps.set_version.outputs.tag }} diff --git a/VERSION.txt b/VERSION.txt new file mode 100644 index 0000000..3eefcb9 --- /dev/null +++ b/VERSION.txt @@ -0,0 +1 @@ +1.0.0 diff --git a/cloudflare/firewall/main.tf b/cloudflare/firewall/main.tf new file mode 100644 index 0000000..2fabf21 --- /dev/null +++ b/cloudflare/firewall/main.tf @@ -0,0 +1,68 @@ +# +## Email +# +resource "cloudflare_email_routing_catch_all" "forward" { + zone_id = var.zone_id + name = "email catch all" + enabled = true + + matcher { + type = "all" + } + + action { + type = "forward" + value = ["bwp.pearson@gmail.com"] + } +} + +# +## Block non US CA AU countries +# + +resource "cloudflare_filter" "countries" { + zone_id = var.zone_id + description = "Expression to block all countries except US, CA and AU" + expression = "(ip.geoip.country ne \"US\" and ip.geoip.country ne \"CA\" and ip.geoip.country ne \"AU\")" +} + +resource "cloudflare_firewall_rule" "countries" { + zone_id = var.zone_id + description = "Firewall rule to block all countries except US, CA and AU" + filter_id = cloudflare_filter.countries.id + action = "block" +} + +# +## Bots +# + +resource "cloudflare_filter" "bots" { + zone_id = var.zone_id + description = "Expression to block bots determined by CF" + expression = "(cf.client.bot)" +} + +resource "cloudflare_firewall_rule" "bots" { + zone_id = var.zone_id + description = "Firewall rule to block bots determined by CF" + filter_id = cloudflare_filter.bots.id + action = "block" +} + +# +## Block threats greater than Medium +# + +resource "cloudflare_filter" "threats" { + zone_id = var.zone_id + description = "Expression to block medium threats" + expression = "(cf.threat_score gt 14)" +} + +resource "cloudflare_firewall_rule" "threats" { + zone_id = var.zone_id + description = "Firewall rule to block medium threats" + filter_id = cloudflare_filter.threats.id + action = "block" +} diff --git a/cloudflare/firewall/provider.tf b/cloudflare/firewall/provider.tf new file mode 100644 index 0000000..bf769f2 --- /dev/null +++ b/cloudflare/firewall/provider.tf @@ -0,0 +1,14 @@ +# Configure the Cloudflare provider. +# You may optionally use version directive to prevent breaking changes occurring unannounced. +terraform { + required_providers { + cloudflare = { + source = "cloudflare/cloudflare" + version = "4.11.0" + } + namecheap = { + source = "namecheap/namecheap" + version = ">= 2.0.0" + } + } +} diff --git a/cloudflare/firewall/variables.tf b/cloudflare/firewall/variables.tf new file mode 100644 index 0000000..db41434 --- /dev/null +++ b/cloudflare/firewall/variables.tf @@ -0,0 +1,20 @@ +variable "zone_id" { + type = string + default = null +} + +variable "account_id" { + type = string + default = null +} + +variable "name" { + type = string + default = null + +} + +variable "tld" { + type = string + default = ".com" +} diff --git a/cloudflare/mail_server/main.tf b/cloudflare/mail_server/main.tf index 95913b0..575d0ec 100644 --- a/cloudflare/mail_server/main.tf +++ b/cloudflare/mail_server/main.tf @@ -1,21 +1,6 @@ # ## Email # -resource "cloudflare_email_routing_catch_all" "example" { - zone_id = var.zone_id - name = "email catch all" - enabled = true - - matcher { - type = "all" - } - - action { - type = "forward" - value = ["bwp.pearson@gmail.com"] - } -} - resource "cloudflare_record" "mx0" { allow_overwrite = true zone_id = var.zone_id @@ -51,53 +36,7 @@ resource "cloudflare_record" "txt" { value = "v=spf1 include:_spf.mx.cloudflare.net ~all" } -# -## Block non US CA AU countries -# - -resource "cloudflare_filter" "countries" { - zone_id = var.zone_id - description = "Expression to block all countries except US, CA and AU" - expression = "(ip.geoip.country ne \"US\" and ip.geoip.country ne \"CA\" and ip.geoip.country ne \"AU\")" -} - -resource "cloudflare_firewall_rule" "countries" { - zone_id = var.zone_id - description = "Firewall rule to block all countries except US, CA and AU" - filter_id = cloudflare_filter.countries.id - action = "block" -} - -# -## Bots -# - -resource "cloudflare_filter" "bots" { - zone_id = var.zone_id - description = "Expression to block bots determined by CF" - expression = "(cf.client.bot)" -} - -resource "cloudflare_firewall_rule" "bots" { - zone_id = var.zone_id - description = "Firewall rule to block bots determined by CF" - filter_id = cloudflare_filter.bots.id - action = "block" -} - -# -## Block threats greater than Medium -# - -resource "cloudflare_filter" "threats" { - zone_id = var.zone_id - description = "Expression to block medium threats" - expression = "(cf.threat_score gt 14)" -} - -resource "cloudflare_firewall_rule" "threats" { - zone_id = var.zone_id - description = "Firewall rule to block medium threats" - filter_id = cloudflare_filter.threats.id - action = "block" +module "firewall" { + source = "../firewall" + zone_id = var.zone_id } diff --git a/cloudflare/mail_server_secondary/main.tf b/cloudflare/mail_server_secondary/main.tf index afba1f3..0b60a42 100644 --- a/cloudflare/mail_server_secondary/main.tf +++ b/cloudflare/mail_server_secondary/main.tf @@ -1,21 +1,6 @@ # ## Email # -resource "cloudflare_email_routing_catch_all" "catch_all" { - zone_id = var.zone_id - name = "email catch all" - enabled = true - - matcher { - type = "all" - } - - action { - type = "forward" - value = ["bwp.pearson@gmail.com"] - } -} - resource "cloudflare_record" "mx77" { allow_overwrite = true zone_id = var.zone_id @@ -42,62 +27,7 @@ resource "cloudflare_record" "mx85" { value = "route3.mx.cloudflare.net" priority = "85" } - -resource "cloudflare_record" "txt" { - allow_overwrite = true - zone_id = var.zone_id - name = "@" - type = "TXT" - value = "v=spf1 include:_spf.mx.cloudflare.net ~all" -} - -# -## Block non US CA AU countries -# - -resource "cloudflare_filter" "countries" { - zone_id = var.zone_id - description = "Expression to block all countries except US, CA and AU" - expression = "(ip.geoip.country ne \"US\" and ip.geoip.country ne \"CA\" and ip.geoip.country ne \"AU\")" -} - -resource "cloudflare_firewall_rule" "countries" { - zone_id = var.zone_id - description = "Firewall rule to block all countries except US, CA and AU" - filter_id = cloudflare_filter.countries.id - action = "block" -} - -# -## Bots -# - -resource "cloudflare_filter" "bots" { - zone_id = var.zone_id - description = "Expression to block bots determined by CF" - expression = "(cf.client.bot)" -} - -resource "cloudflare_firewall_rule" "bots" { - zone_id = var.zone_id - description = "Firewall rule to block bots determined by CF" - filter_id = cloudflare_filter.bots.id - action = "block" -} - -# -## Block threats greater than Medium -# - -resource "cloudflare_filter" "threats" { - zone_id = var.zone_id - description = "Expression to block medium threats" - expression = "(cf.threat_score gt 14)" -} - -resource "cloudflare_firewall_rule" "threats" { - zone_id = var.zone_id - description = "Firewall rule to block medium threats" - filter_id = cloudflare_filter.threats.id - action = "block" +module "firewall" { + source = "../firewall" + zone_id = var.zone_id } diff --git a/renovate.json b/renovate.json index f45d8f1..8c0f687 100644 --- a/renovate.json +++ b/renovate.json @@ -1,5 +1,9 @@ { - "extends": [ - "config:base" + "packageRules": [ + { + "matchUpdateTypes": ["minor", "patch"], + "matchCurrentVersion": "!/^0/", + "automerge": true + } ] }