From 865ee4004350d85237b77c7be8f102aa230a9c6b Mon Sep 17 00:00:00 2001 From: Ales Verbic Date: Mon, 10 Nov 2025 18:25:59 -0500 Subject: [PATCH] feat: update cloudflare-provider Signed-off-by: Ales Verbic --- .terraform.lock.hcl | 75 +++++----- cloudflare.tf | 336 +++++++++++++++++++------------------------- config.yaml | 30 ++-- versions.tf | 2 +- 4 files changed, 195 insertions(+), 248 deletions(-) diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index a151f77..1e2d9ea 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,52 +2,47 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/cloudflare/cloudflare" { - version = "4.52.5" - constraints = "~> 4.0" + version = "5.12.0" + constraints = "~> 5.12.0" hashes = [ - "h1:+rfzF+16ZcWZWnTyW/p1HHTzYbPKX8Zt2nIFtR/+f+E=", - "zh:1a3400cb38863b2585968d1876706bcfc67a148e1318a1d325c6c7704adc999b", - "zh:4c5062cb9e9da1676f06ae92b8370186d98976cc4c7030d3cd76df12af54282a", - "zh:52110f493b5f0587ef77a1cfd1a67001fd4c617b14c6502d732ab47352bdc2f7", - "zh:5aa536f9eaeb43823aaf2aa80e7d39b25ef2b383405ed034aa16a28b446a9238", - "zh:5cc39459a1c6be8a918f17054e4fbba573825ed5597dcada588fe99614d98a5b", - "zh:629ae6a7ba298815131da826474d199312d21cec53a4d5ded4fa56a692e6f072", - "zh:719cc7c75dc1d3eb30c22ff5102a017996d9788b948078c7e1c5b3446aeca661", - "zh:8698635a3ca04383c1e93b21d6963346bdae54d27177a48e4b1435b7f731731c", - "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", - "zh:8a9993f1dcadf1dd6ca43b23348abe374605d29945a2fafc07fb3457644e6a54", - "zh:b1b9a1e6bcc24d5863a664a411d2dc906373ae7a2399d2d65548ce7377057852", - "zh:b270184cdeec277218e84b94cb136fead753da717f9b9dc378e51907f3f00bb0", - "zh:dff2bc10071210181726ce270f954995fe42c696e61e2e8f874021fed02521e5", - "zh:e8e87b40b6a87dc097b0fdc20d3f725cec0d82abc9cc3755c1f89f8f6e8b0036", - "zh:ee964a6573d399a5dd22ce328fb38ca1207797a02248f14b2e4913ee390e7803", + "h1:vrbI9qWFMZPA47W+OLnqcBT7+3gk24vfqj5kzoOAyMU=", + "zh:06166a72e69eb712ad2c8b49c1ed060223b0d57bb95ce5f6c8440ce19253913e", + "zh:484c32dc4fbe1f7baaf00f8d0d1774d259e1a602aebf60b8dea8c6dd122c1d27", + "zh:914b4796a5f2c5914cb94864a7541ce132c0e287bf49a5328706d50152117bc4", + "zh:bbcf3effe11ad44988c2aa4482c3fd0089ca86527463a9a873cecda1a4a022bc", + "zh:c2a59f29b4b4c0344dbb9ab3d78ebcc1d32153f1fd7e919eba7edf7d825119c2", + "zh:d6900b39b9c58743e6b1f05b2db7c39276c94f74d501f23bebb88d413266c57c", + "zh:f000d33075c30e616df8e58e341614e958eed4a51f3427d2e1a18ea1b7e0c6c6", + "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32", + "zh:ff4fd5b3b0327f8f41fc65d909839288fb98ecfe32a9aff11d2e2638f2109302", ] } provider "registry.terraform.io/grafana/grafana" { - version = "4.10.0" + version = "4.14.0" + constraints = ">= 2.9.0" hashes = [ - "h1:t5bBspabGZ2MBnbuDhuoDFJS8vGKFJslQ2bYSF7E3dI=", - "zh:00bed6db164e8900cb7e73e74f9531a23ac5d3dcdc98cdc14d6c2cf5c3a1913e", - "zh:2906448c8b5ea36fa9df8fa46ea80d10766a5805dd20fac2846b724fc475f256", - "zh:2df5ff558cf7bad5ebe7a39b530c4b3d477730c8fe123be15b7beda770609b9e", - "zh:33ccfc7a1b7d5a42e452df97dddd751dcd4dfaafda812be741bca2bd3586f286", - "zh:566c6bbf942abb866e8610e05d85e58435d1af3530d5325d22587f9ec5836b29", - "zh:5c3d87ef2c42add877157040651cf8461314200454fd3c14a14a182e564d9ed0", - "zh:665644a2ba5d1935077f2637d49df6201912ce1954d22c1af40ca9242729e9e8", - "zh:7241340e54ea2f7252b2f298c1757ea02e31df934dc09a6c667b4cebcab414c1", - "zh:90d921161493acca41574442325ba94a073c8176a1b31f8bb239f69b52a93911", - "zh:94a21fda94f6ba14cd43a45ece3985e8fcbc404a220a304ac383efd764826b45", - "zh:95df01d0382767d7d018518d798b29b3e8e6a5970bb076f90ed22eaf3a95cb61", - "zh:978394f3e47599739b0e7ebf0b7101dd1c77685d93805c9f64e5085e21af6974", - "zh:ab0cfee32324ea4258acb8b78d4bae1b42bc07502db488d67c4a4a295ab48bba", - "zh:aec08f4924d67b777670f823e646281084af7443b8c52f6db0657375e7d6c7f4", - "zh:b009bf8fe275dbe71ff790dffcbcf2a4d074e033e9565fc3173d1f3a8f81ffcc", - "zh:c4a50f125a2c9012b61b50efefbff0efce20eb775ad3fe205858ffe337a7c7e9", - "zh:c696cc2274256a838069655530acddbb6e980133c2210a6fd321f45a03c269c4", - "zh:d31d55edc3fe1a9f4bf360fc3bba687e58b82f24bd0e03d61a61873d65c07ec4", - "zh:e99b4a7eb15fcc26a0f4499b267016cfb73415a224e85dc1fdfdac44257ad2ae", - "zh:fe8513587fcc3187dc90b917bce3a0618e95bad78befecfbc9d436bafc833971", + "h1:7V8gQRpJpYEYl/2pbrC67k6WK91upY2FRO11ybKOTT0=", + "zh:05337c6841474ea8e2dc3b196ca3c655f697f549b877cec76a258f5b61364614", + "zh:0e4ca21c85d66774bf0ceb8ccb558dac32c779d5f1bb941476c28dc7c912e551", + "zh:13d71a63daa03ad448f903bc5db893446fce866077f582e89e23b766a23ada71", + "zh:17f14dc80c3f8d398aece2a2fcb3686331ffed7a51c0fee4f4d77473b8d14fb7", + "zh:2623ae19ab18f9a54d8aaf8832298c60ee16e16895d55592d1eeaf055d8d8634", + "zh:46ea5dd42a86ab0a57f1888230859714d86f9e7101743ee44bb183b62b30c8a5", + "zh:5e7ccb42b95434eb45d1e6e1b5e51f13bd3516b4a3acba0cc891d07c7a76dd06", + "zh:79b087b47312bfe1cb62244232995838492a3a613daf396f711e9e576607b00c", + "zh:a0cc40a1b1b5016f675d5c0b0e2228c304b7be2b4d47bfca5d354439d99ac224", + "zh:a648b21d70fb8a3fb126f32f0ff8e17d7cc4efbb7cac25d7a0a351ad06cbc758", + "zh:a6fc1334c397479c28423a9bd8fe31f36350f569a84ed025e9896192153e7b1f", + "zh:aa079c538c1b9fb1cba706322510a5109be414ccb2b1226e58f0720fc295a32c", + "zh:c83d698d4ae30b9d85e0cc885d8c666cbe28c6fb3544386fca5cf0601f09519e", + "zh:d093e891621332d06f54f54cf13771dc9a7c03c8eccb208763697acb354bed15", + "zh:db3f64e52c9e25ddf710d84cb6e83acfbd64cfd23e26ec58f42e48e2027f5368", + "zh:db41b2b6584423ef2958f29386ee9be4cb9152246fe11a3b44b39ad3357e538e", + "zh:e4e7ddc8ae070cdb4f103f733af63e2a9907ec502ec31c6207dbd9ee3c24e8f0", + "zh:e9d4663bdab71bcdc6c05767e014acb0d029c7221b75d57403ff20e20d8eb7a3", + "zh:ecddc9ec97b707dbebeb592d84dca0ffa7f5b78408eac8187be665e1db877ce5", + "zh:f7bf77fde6cad0a6d45df2987e91ce4cecb7b5e774afb7a56bcaf67805d27c65", ] } diff --git a/cloudflare.tf b/cloudflare.tf index 23557a6..e5e2a31 100644 --- a/cloudflare.tf +++ b/cloudflare.tf @@ -78,46 +78,11 @@ locals { # We use for_each on this to expose the domain names in the resource names resource "cloudflare_zone" "this" { - for_each = toset(local.cloudflare_zone_names) - account_id = var.cloudflare_account_id - zone = each.key - plan = "pro" - jump_start = false -} - -# Zone settings -# The commented items don't seem to be supported on free plans -resource "cloudflare_zone_settings_override" "this" { for_each = toset(local.cloudflare_zone_names) - - zone_id = cloudflare_zone.this[each.key].id - - settings { - always_use_https = "on" - automatic_https_rewrites = "on" - brotli = "on" - browser_cache_ttl = 300 - cache_level = "basic" - early_hints = "on" - h2_prioritization = "on" - http2 = "on" - http3 = "on" - min_tls_version = "1.2" - #mirage = "on" - opportunistic_encryption = "on" - #polish = "lossless" - rocket_loader = "on" - ssl = "full" - tls_1_3 = "on" - webp = "on" - websockets = "on" - security_header { - enabled = true - preload = true - max_age = 31536000 - include_subdomains = true - } + account = { + id = var.cloudflare_account_id } + name = each.key } resource "cloudflare_certificate_pack" "this" { @@ -170,7 +135,7 @@ resource "cloudflare_certificate_pack" "this" { // Balius // TRP - "*.trp-m1.dmtr.host", + "*.trp-m1.dmtr.host", // Mumak "*.mumak-m0.dmtr.host", @@ -188,22 +153,21 @@ resource "cloudflare_load_balancer_pool" "cardano_node_m1" { account_id = var.cloudflare_account_id monitor = cloudflare_load_balancer_monitor.cardano_node_m1_monitor.id - dynamic "origins" { - for_each = { for p in local.demeter_providers : p.name => p if p.cardano_node.enabled } - content { - name = origins.value.name - address = origins.value.cardano_node.address != "" ? origins.value.cardano_node.address : "${origins.value.name}.${var.cloudflare_zone_name}" - } - } + origins = [ + for p in local.demeter_providers : { + name = p.name + address = p.cardano_node.address != "" ? p.cardano_node.address : "${p.name}.${var.cloudflare_zone_name}" + } if p.cardano_node.enabled + ] } resource "cloudflare_load_balancer" "cardano_node_m1" { - zone_id = var.cloudflare_zone_id - name = "*.cnode-m1.${var.cloudflare_zone_name}" - default_pool_ids = [cloudflare_load_balancer_pool.cardano_node_m1.id] - fallback_pool_id = cloudflare_load_balancer_pool.cardano_node_m1.id - proxied = false - steering_policy = "off" + zone_id = var.cloudflare_zone_id + name = "*.cnode-m1.${var.cloudflare_zone_name}" + default_pools = [cloudflare_load_balancer_pool.cardano_node_m1.id] + fallback_pool = cloudflare_load_balancer_pool.cardano_node_m1.id + proxied = false + steering_policy = "off" } resource "cloudflare_load_balancer_monitor" "cardano_node_m1_monitor" { @@ -218,9 +182,8 @@ resource "cloudflare_load_balancer_monitor" "cardano_node_m1_monitor" { expected_codes = "200" allow_insecure = true - header { - header = "Host" - values = ["cnode-m1.dmtr.host"] + header = { + "Host" = ["cnode-m1.dmtr.host"] } } @@ -231,31 +194,30 @@ resource "cloudflare_load_balancer_pool" "kupo_preview" { account_id = var.cloudflare_account_id monitor = cloudflare_load_balancer_monitor.kupo_preview_monitor.id - dynamic "origins" { - for_each = { for p in local.demeter_providers : p.name => p if p.kupo.enabled } - content { - name = origins.value.name - address = origins.value.kupo.networks.cardano_preview != "" ? origins.value.kupo.networks.cardano_preview : "${origins.value.name}.${var.cloudflare_zone_name}" - } - } + origins = [ + for p in local.demeter_providers : { + name = p.name + address = p.kupo.networks.cardano_preview != "" ? p.kupo.networks.cardano_preview : "${p.name}.${var.cloudflare_zone_name}" + } if p.kupo.enabled + ] } resource "cloudflare_load_balancer" "kupo_preview" { - zone_id = var.cloudflare_zone_id - name = "cardano-preview-v2.kupo-m1.${var.cloudflare_zone_name}" - default_pool_ids = [cloudflare_load_balancer_pool.kupo_preview.id] - fallback_pool_id = cloudflare_load_balancer_pool.kupo_preview.id - proxied = true - steering_policy = "off" + zone_id = var.cloudflare_zone_id + name = "cardano-preview-v2.kupo-m1.${var.cloudflare_zone_name}" + default_pools = [cloudflare_load_balancer_pool.kupo_preview.id] + fallback_pool = cloudflare_load_balancer_pool.kupo_preview.id + proxied = true + steering_policy = "off" } resource "cloudflare_load_balancer" "kupo_preview_splat" { - zone_id = var.cloudflare_zone_id - name = "*.cardano-preview-v2.kupo-m1.${var.cloudflare_zone_name}" - default_pool_ids = [cloudflare_load_balancer_pool.kupo_preview.id] - fallback_pool_id = cloudflare_load_balancer_pool.kupo_preview.id - proxied = true - steering_policy = "off" + zone_id = var.cloudflare_zone_id + name = "*.cardano-preview-v2.kupo-m1.${var.cloudflare_zone_name}" + default_pools = [cloudflare_load_balancer_pool.kupo_preview.id] + fallback_pool = cloudflare_load_balancer_pool.kupo_preview.id + proxied = true + steering_policy = "off" } resource "cloudflare_load_balancer_monitor" "kupo_preview_monitor" { @@ -277,31 +239,30 @@ resource "cloudflare_load_balancer_pool" "kupo_preprod" { account_id = var.cloudflare_account_id monitor = cloudflare_load_balancer_monitor.kupo_preprod_monitor.id - dynamic "origins" { - for_each = { for p in local.demeter_providers : p.name => p if p.kupo.enabled } - content { - name = origins.value.name - address = origins.value.kupo.networks.cardano_preprod != "" ? origins.value.kupo.networks.cardano_preprod : "${origins.value.name}.${var.cloudflare_zone_name}" - } - } + origins = [ + for p in local.demeter_providers : { + name = p.name + address = p.kupo.networks.cardano_preprod != "" ? p.kupo.networks.cardano_preprod : "${p.name}.${var.cloudflare_zone_name}" + } if p.kupo.enabled + ] } resource "cloudflare_load_balancer" "kupo_preprod" { - zone_id = var.cloudflare_zone_id - name = "cardano-preprod-v2.kupo-m1.${var.cloudflare_zone_name}" - default_pool_ids = [cloudflare_load_balancer_pool.kupo_preprod.id] - fallback_pool_id = cloudflare_load_balancer_pool.kupo_preprod.id - proxied = true - steering_policy = "off" + zone_id = var.cloudflare_zone_id + name = "cardano-preprod-v2.kupo-m1.${var.cloudflare_zone_name}" + default_pools = [cloudflare_load_balancer_pool.kupo_preprod.id] + fallback_pool = cloudflare_load_balancer_pool.kupo_preprod.id + proxied = true + steering_policy = "off" } resource "cloudflare_load_balancer" "kupo_preprod_splat" { - zone_id = var.cloudflare_zone_id - name = "*.cardano-preprod-v2.kupo-m1.${var.cloudflare_zone_name}" - default_pool_ids = [cloudflare_load_balancer_pool.kupo_preprod.id] - fallback_pool_id = cloudflare_load_balancer_pool.kupo_preprod.id - proxied = true - steering_policy = "off" + zone_id = var.cloudflare_zone_id + name = "*.cardano-preprod-v2.kupo-m1.${var.cloudflare_zone_name}" + default_pools = [cloudflare_load_balancer_pool.kupo_preprod.id] + fallback_pool = cloudflare_load_balancer_pool.kupo_preprod.id + proxied = true + steering_policy = "off" } resource "cloudflare_load_balancer_monitor" "kupo_preprod_monitor" { @@ -323,31 +284,30 @@ resource "cloudflare_load_balancer_pool" "kupo_mainnet" { account_id = var.cloudflare_account_id monitor = cloudflare_load_balancer_monitor.kupo_mainnet_monitor.id - dynamic "origins" { - for_each = { for p in local.demeter_providers : p.name => p if p.kupo.enabled } - content { - name = origins.value.name - address = origins.value.kupo.networks.cardano_mainnet != "" ? origins.value.kupo.networks.cardano_mainnet : "${origins.value.name}.${var.cloudflare_zone_name}" - } - } + origins = [ + for p in local.demeter_providers : { + name = p.name + address = p.kupo.networks.cardano_mainnet != "" ? p.kupo.networks.cardano_mainnet : "${p.name}.${var.cloudflare_zone_name}" + } if p.kupo.enabled + ] } resource "cloudflare_load_balancer" "kupo_mainnet" { - zone_id = var.cloudflare_zone_id - name = "cardano-mainnet-v2.kupo-m1.${var.cloudflare_zone_name}" - default_pool_ids = [cloudflare_load_balancer_pool.kupo_mainnet.id] - fallback_pool_id = cloudflare_load_balancer_pool.kupo_mainnet.id - proxied = true - steering_policy = "off" + zone_id = var.cloudflare_zone_id + name = "cardano-mainnet-v2.kupo-m1.${var.cloudflare_zone_name}" + default_pools = [cloudflare_load_balancer_pool.kupo_mainnet.id] + fallback_pool = cloudflare_load_balancer_pool.kupo_mainnet.id + proxied = true + steering_policy = "off" } resource "cloudflare_load_balancer" "kupo_mainnet_splat" { - zone_id = var.cloudflare_zone_id - name = "*.cardano-mainnet-v2.kupo-m1.${var.cloudflare_zone_name}" - default_pool_ids = [cloudflare_load_balancer_pool.kupo_mainnet.id] - fallback_pool_id = cloudflare_load_balancer_pool.kupo_mainnet.id - proxied = true - steering_policy = "off" + zone_id = var.cloudflare_zone_id + name = "*.cardano-mainnet-v2.kupo-m1.${var.cloudflare_zone_name}" + default_pools = [cloudflare_load_balancer_pool.kupo_mainnet.id] + fallback_pool = cloudflare_load_balancer_pool.kupo_mainnet.id + proxied = true + steering_policy = "off" } resource "cloudflare_load_balancer_monitor" "kupo_mainnet_monitor" { @@ -364,37 +324,35 @@ resource "cloudflare_load_balancer_monitor" "kupo_mainnet_monitor" { } # Ogmios - resource "cloudflare_load_balancer_pool" "ogmios_preview" { name = "OgmiosPreview" account_id = var.cloudflare_account_id monitor = cloudflare_load_balancer_monitor.ogmios_preview_monitor.id - dynamic "origins" { - for_each = { for p in local.demeter_providers : p.name => p if p.ogmios.enabled } - content { - name = origins.value.name - address = origins.value.ogmios.networks.cardano_preview - } - } + origins = [ + for p in local.demeter_providers : { + name = p.name + address = p.ogmios.networks.cardano_preview + } if p.ogmios.enabled + ] } resource "cloudflare_load_balancer" "ogmios_preview" { - zone_id = var.cloudflare_zone_id - name = "cardano-preview-v6.ogmios-m1.${var.cloudflare_zone_name}" - default_pool_ids = [cloudflare_load_balancer_pool.ogmios_preview.id] - fallback_pool_id = cloudflare_load_balancer_pool.ogmios_preview.id - proxied = true - steering_policy = "off" + zone_id = var.cloudflare_zone_id + name = "cardano-preview-v6.ogmios-m1.${var.cloudflare_zone_name}" + default_pools = [cloudflare_load_balancer_pool.ogmios_preview.id] + fallback_pool = cloudflare_load_balancer_pool.ogmios_preview.id + proxied = true + steering_policy = "off" } resource "cloudflare_load_balancer" "ogmios_preview_splat" { - zone_id = var.cloudflare_zone_id - name = "*.cardano-preview-v6.ogmios-m1.${var.cloudflare_zone_name}" - default_pool_ids = [cloudflare_load_balancer_pool.ogmios_preview.id] - fallback_pool_id = cloudflare_load_balancer_pool.ogmios_preview.id - proxied = true - steering_policy = "off" + zone_id = var.cloudflare_zone_id + name = "*.cardano-preview-v6.ogmios-m1.${var.cloudflare_zone_name}" + default_pools = [cloudflare_load_balancer_pool.ogmios_preview.id] + fallback_pool = cloudflare_load_balancer_pool.ogmios_preview.id + proxied = true + steering_policy = "off" } resource "cloudflare_load_balancer_monitor" "ogmios_preview_monitor" { @@ -409,9 +367,8 @@ resource "cloudflare_load_balancer_monitor" "ogmios_preview_monitor" { expected_codes = "200" allow_insecure = true - header { - header = "Host" - values = ["health.preview-v6.ogmios-m1.dmtr.host"] + header = { + "Host" = ["health.preview-v6.ogmios-m1.dmtr.host"] } } @@ -420,31 +377,30 @@ resource "cloudflare_load_balancer_pool" "ogmios_preprod" { account_id = var.cloudflare_account_id monitor = cloudflare_load_balancer_monitor.ogmios_preprod_monitor.id - dynamic "origins" { - for_each = { for p in local.demeter_providers : p.name => p if p.ogmios.enabled } - content { - name = origins.value.name - address = origins.value.ogmios.networks.cardano_preprod - } - } + origins = [ + for p in local.demeter_providers : { + name = p.name + address = p.ogmios.networks.cardano_preprod + } if p.ogmios.enabled + ] } resource "cloudflare_load_balancer" "ogmios_preprod" { - zone_id = var.cloudflare_zone_id - name = "cardano-preprod-v6.ogmios-m1.${var.cloudflare_zone_name}" - default_pool_ids = [cloudflare_load_balancer_pool.ogmios_preprod.id] - fallback_pool_id = cloudflare_load_balancer_pool.ogmios_preprod.id - proxied = true - steering_policy = "off" + zone_id = var.cloudflare_zone_id + name = "cardano-preprod-v6.ogmios-m1.${var.cloudflare_zone_name}" + default_pools = [cloudflare_load_balancer_pool.ogmios_preprod.id] + fallback_pool = cloudflare_load_balancer_pool.ogmios_preprod.id + proxied = true + steering_policy = "off" } resource "cloudflare_load_balancer" "ogmios_preprod_splat" { - zone_id = var.cloudflare_zone_id - name = "*.cardano-preprod-v6.ogmios-m1.${var.cloudflare_zone_name}" - default_pool_ids = [cloudflare_load_balancer_pool.ogmios_preprod.id] - fallback_pool_id = cloudflare_load_balancer_pool.ogmios_preprod.id - proxied = true - steering_policy = "off" + zone_id = var.cloudflare_zone_id + name = "*.cardano-preprod-v6.ogmios-m1.${var.cloudflare_zone_name}" + default_pools = [cloudflare_load_balancer_pool.ogmios_preprod.id] + fallback_pool = cloudflare_load_balancer_pool.ogmios_preprod.id + proxied = true + steering_policy = "off" } resource "cloudflare_load_balancer_monitor" "ogmios_preprod_monitor" { @@ -459,9 +415,8 @@ resource "cloudflare_load_balancer_monitor" "ogmios_preprod_monitor" { expected_codes = "200" allow_insecure = true - header { - header = "Host" - values = ["health.preprod-v6.ogmios-m1.dmtr.host"] + header = { + "Host" = ["health.preprod-v6.ogmios-m1.dmtr.host"] } } @@ -470,31 +425,30 @@ resource "cloudflare_load_balancer_pool" "ogmios_mainnet" { account_id = var.cloudflare_account_id monitor = cloudflare_load_balancer_monitor.ogmios_mainnet_monitor.id - dynamic "origins" { - for_each = { for p in local.demeter_providers : p.name => p if p.ogmios.enabled } - content { - name = origins.value.name - address = origins.value.ogmios.networks.cardano_mainnet - } - } + origins = [ + for p in local.demeter_providers : { + name = p.name + address = p.ogmios.networks.cardano_mainnet + } if p.ogmios.enabled + ] } resource "cloudflare_load_balancer" "ogmios_mainnet" { - zone_id = var.cloudflare_zone_id - name = "cardano-mainnet-v6.ogmios-m1.${var.cloudflare_zone_name}" - default_pool_ids = [cloudflare_load_balancer_pool.ogmios_mainnet.id] - fallback_pool_id = cloudflare_load_balancer_pool.ogmios_mainnet.id - proxied = true - steering_policy = "off" + zone_id = var.cloudflare_zone_id + name = "cardano-mainnet-v6.ogmios-m1.${var.cloudflare_zone_name}" + default_pools = [cloudflare_load_balancer_pool.ogmios_mainnet.id] + fallback_pool = cloudflare_load_balancer_pool.ogmios_mainnet.id + proxied = true + steering_policy = "off" } resource "cloudflare_load_balancer" "ogmios_mainnet_splat" { - zone_id = var.cloudflare_zone_id - name = "*.cardano-mainnet-v6.ogmios-m1.${var.cloudflare_zone_name}" - default_pool_ids = [cloudflare_load_balancer_pool.ogmios_mainnet.id] - fallback_pool_id = cloudflare_load_balancer_pool.ogmios_mainnet.id - proxied = true - steering_policy = "off" + zone_id = var.cloudflare_zone_id + name = "*.cardano-mainnet-v6.ogmios-m1.${var.cloudflare_zone_name}" + default_pools = [cloudflare_load_balancer_pool.ogmios_mainnet.id] + fallback_pool = cloudflare_load_balancer_pool.ogmios_mainnet.id + proxied = true + steering_policy = "off" } resource "cloudflare_load_balancer_monitor" "ogmios_mainnet_monitor" { @@ -509,9 +463,8 @@ resource "cloudflare_load_balancer_monitor" "ogmios_mainnet_monitor" { expected_codes = "200" allow_insecure = true - header { - header = "Host" - values = ["health.mainnet-v6.ogmios-m1.dmtr.host"] + header = { + "Host" = ["health.mainnet-v6.ogmios-m1.dmtr.host"] } } @@ -523,20 +476,19 @@ resource "cloudflare_load_balancer_pool" "tx_submit_api_m1" { # TODO: add monitor when tx-submit-api supports reliable health checks # monitor = cloudflare_load_balancer_monitor.tx_submit_api_m1_monitor.id - dynamic "origins" { - for_each = { for p in local.demeter_providers : p.name => p if p.tx_submit_api.enabled } - content { - name = origins.value.name - address = origins.value.tx_submit_api.address != "" ? origins.value.tx_submit_api.address : "${origins.value.name}.${var.cloudflare_zone_name}" - } - } + origins = [ + for p in local.demeter_providers : { + name = p.name + address = p.tx_submit_api.address != "" ? p.tx_submit_api.address : "${p.name}.${var.cloudflare_zone_name}" + } if p.tx_submit_api.enabled + ] } resource "cloudflare_load_balancer" "tx_submit_api_m1" { - zone_id = var.cloudflare_zone_id - name = "*.submitapi-m1.${var.cloudflare_zone_name}" - default_pool_ids = [cloudflare_load_balancer_pool.tx_submit_api_m1.id] - fallback_pool_id = cloudflare_load_balancer_pool.tx_submit_api_m1.id - proxied = true - steering_policy = "off" + zone_id = var.cloudflare_zone_id + name = "*.submitapi-m1.${var.cloudflare_zone_name}" + default_pools = [cloudflare_load_balancer_pool.tx_submit_api_m1.id] + fallback_pool = cloudflare_load_balancer_pool.tx_submit_api_m1.id + proxied = true + steering_policy = "off" } diff --git a/config.yaml b/config.yaml index 9ed40f1..fb529b4 100644 --- a/config.yaml +++ b/config.yaml @@ -1,9 +1,9 @@ grafana: cloud: url: https://dmtrglobal.grafana.net - auth: ENC[AES256_GCM,data:WiaDXoAvGJqDHU2FF1rFjAhAB1V9p7EqYdmZn4VcCk0WXs1YD7ba1LiaSlgIHA==,iv:Yd8LknkpFEOilkaMbZZ6SRO9YyU8w3oLrnOWvkJh1Vk=,tag:s97efgv37A3TTylfHqi68w==,type:str] + auth: ENC[AES256_GCM,data:FCKFkPXxLl+h7oRNiZ4rbZksC9XciuLsTOLrgCiBWKvoL7MPs6j/5GZlkHwfdg==,iv:PmWLbOrOuC1mFvZDt5fvZ+lx4BQYONc3V2y0JPKMuD8=,tag:Ggn5t7uQsoLq3GC806zu2g==,type:str] sm_url: https://synthetic-monitoring-api-sa-east-1.grafana.net - sm_access_token: ENC[AES256_GCM,data:My3nmcwgd/j560EoxU+/6ugFeI4JAlE5f/PN+b23wfXGq9EL1zP7vYRi90ahTm5GtkVhWAsTQvYHIjIO4DUfKtD9Fi7Uq1ZobeTKhLUWqpQ66J3BBFe4j5ZBSZt25gbGBeUGJ5KYDdYd2sQmukUx0UEBpXQ=,iv:v8QW0N+gSevAUbIcHAj5d4CQcvVQZVJyWXfbOZ0LA1U=,tag:DMVZPhGdI/NAmDWhbaN4Ug==,type:str] + sm_access_token: ENC[AES256_GCM,data:M2lf4kypuYVB1e50KorAadGr9udSJ7SvDad4/D7qCFcoJlQ/15QFSI9wXdlJTH7TNhXvBpIBFzj/8yYESqCbD9Aog9o8xXhfviUO1xOh6DEzaDcaPUPzVa1Nco5P/klHr1AkdFLJWG/uWTIXYWVkJMBCPII=,iv:kpMFZq5S+CoOzHurfDRmeczBxFkKdEX/mZAgU+oI3zc=,tag:xLM8oJiUcm3xHJqvWTv99w==,type:str] folders: - local_directory: grafana/dashboards/blinklabs grafana_title: Demeter Blink Labs @@ -39,55 +39,55 @@ grafana: frequency: 600000 timeout: 15000 url: wss://preview.ogmios.blinklabs.cloud - api_key: ENC[AES256_GCM,data:GblmmgBMVTJor7EtefD8yPTeMTa5noBka+8=,iv:oC2B+8AJWjhD5QmQGIaVtFGhFRo7inPJICzSAB57HmM=,tag:9EnJ0UMohqTQMw1hxHjeXQ==,type:str] + api_key: ENC[AES256_GCM,data:tedUWN6OcL2e2FCRZa2K8RcOT7HC+raraA0=,iv:r35+qZbxa83q84sB6FPXahhDFBjclK2EdLvK+d4Y3bk=,tag:HsTS03+vpjhzub7PpgwEwg==,type:str] script_path: grafana/synthetics/shared/ogmiosQueryNetworkTip.js - job_name: queryNetworkTip target: blinklabs-ogmios-cardano-preprod frequency: 600000 timeout: 15000 url: wss://preprod.ogmios.blinklabs.cloud - api_key: ENC[AES256_GCM,data:yqcaOAitNcpZQi4YuxlR7OI6NHHLLGk2EgM=,iv:J6JUaSq8gbRmyXXg+Dcn51PdOsY8dR4fcX9Rtkysl6A=,tag:mxII7XmAxweQn+AHhiMaZg==,type:str] + api_key: ENC[AES256_GCM,data:A95mNLZEvGERcuUyOpm4yaiLJktAz2lrv+8=,iv:9iTPzpkW57ruggVZzk9amU+4rgmxpLWYsTvV5siExD4=,tag:UnR+J2fNQeyMwAP1bMiI7A==,type:str] script_path: grafana/synthetics/shared/ogmiosQueryNetworkTip.js - job_name: queryNetworkTip target: blinklabs-ogmios-cardano-mainnet frequency: 600000 timeout: 15000 url: wss://ogmios.blinklabs.cloud - api_key: ENC[AES256_GCM,data:qIYMsjaAK+HaqmEl+F4lYQdli1rhYvQjYeo=,iv:zvxWA1GKueOGnAxDcer6DSY5C8emqCrdm0rK7ZVtV8U=,tag:bfA8H5TRAmdxnmpcVW+9rg==,type:str] + api_key: ENC[AES256_GCM,data:9qVefn0peiGSFCbNSivwPFpsPFWe+5N3KaM=,iv:l12VTwJkepFLSXYWGKSQ24nrCv6PhwC/HlXdBQPuz4M=,tag:VpvLp7khT4m2fQgci7Fsqw==,type:str] script_path: grafana/synthetics/shared/ogmiosQueryNetworkTip.js - job_name: dmtr_healthcheck target: blinklabs-kupo-cardano-mainnet frequency: 600000 timeout: 15000 url: https://kupo.blinklabs.cloud - api_key: ENC[AES256_GCM,data:rreo02BkR9gA+7PJLtyVgch0Herj8CV7,iv:FzGoRRhomHbPsmRGEF98BR2G5yYQpUkUMLpqNQw2W5w=,tag:vpg0a/lRy0PETWS9PFHsuQ==,type:str] + api_key: ENC[AES256_GCM,data:65Hi+NoSaeqVjS+0bQfSaOMWDzCTyrnw,iv:mQWmKVAOdWjMEluyznVxvqkn7/sejMkD/CtcxBd981E=,tag:xCaD033fsdbo23JCt8sLJw==,type:str] script_path: grafana/synthetics/shared/dmtrHealth.js - job_name: dmtr_healthcheck target: blinklabs-kupo-cardano-preprod frequency: 600000 timeout: 15000 url: https://preprod.kupo.blinklabs.cloud - api_key: ENC[AES256_GCM,data:KSHihtAGMBXeNVhthDYHOlvvTD92M1Zi,iv:/FmhD2Y7agR3xA5Q7vm6m9kV35oLmfjEJWa+FvMuuAo=,tag:iEtaapaFrBCLcOuQXTztZg==,type:str] + api_key: ENC[AES256_GCM,data:cex7Kd8zxpq0FSD1E9a5+QsSH193Ab2q,iv:5+gqtPW5jqMhZg1r+Jrmg7/E842K8pd0Km3sBiwwtoQ=,tag:1feG8scabz8xOHjHX7Nalw==,type:str] script_path: grafana/synthetics/shared/dmtrHealth.js - job_name: dmtr_healthcheck target: blinklabs-kupo-cardano-preview frequency: 600000 timeout: 15000 url: https://preview.kupo.blinklabs.cloud - api_key: ENC[AES256_GCM,data:cl62glHs+z4MXHkeekkNBTgA3o4Phgdt,iv:lTxRgO+BtiQB2pSY3s4zmu0jWFE88SK+ycdvwNMUuEc=,tag:1YZgjLtFkv+To14CYfZrTg==,type:str] + api_key: ENC[AES256_GCM,data:IrbpzR/IzvSYYxlFRl8T6WhJsYtlSniP,iv:aRIO376AWii3pjiwF0weWINEbf0ZgcGPRg+8+E+xC8g=,tag:JDguEGp9sfq5dHgpC9E8dQ==,type:str] script_path: grafana/synthetics/shared/dmtrHealth.js sops: age: - recipient: age1klj2c5sj490j2g6ptlf3uh5cwehr4jfdt6c2e638a939sf7pfcdqjm54hq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAySW5KTUtjb1dCcklwdFFq - ZUtiSkpqNHJGQnYvdTd1TE1rM0tOc3pzM2tnClMwaUtqTmN5QkhRcDhRQ1Blc0Zp - ZExYLzlQNGNTNXZ0L3ZoT0xTSjZqUUUKLS0tIDhSQkZndCtxU0xDRGVBcjRtc3RJ - UkFLdFMzL1ZPejBWZ1FTR0p0ZlAxVzAKFrgiiE31lMtPT4JSpzD0USBaCT/O4VcZ - 1XZD2KAEDwhq/43Sf9qBCKKjFG0KwKkcrvGqfdtp1M6OPkvPCcOoDg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZYk13TFJJa09CbGtjUkdC + L0JGZkg0SUI2bFgyaE1tTnpuS2J4UURQUmdZCmIwNXM5bFh5QnVRcmNYUkdvNTYv + ajY4NUpyRGlVZDY2VXpHWGNNM1RqNHMKLS0tIHpKbEJpTjBxOW1DT0xzZUxkVE9J + UXRHaS9aaDZmT0dCbXE4OGJVWmZrdTQKRF+KB857hWanvdDelvTu4S8iw9/FEVvs + rwaTGEB/XG5wmIsf69m+HrEs0SiN7k1DxaGb2sKq4YWbIBwv7Ig8hA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-02T02:06:48Z" - mac: ENC[AES256_GCM,data:doRtY9wllYDRBI0qqD0bP1spVjoQ9alqAAsHSJR2yz8Fg7O8EGYKKVudBeY3AE2jt0ifR4dGv1m6d54yyzzADq9KI4xr5aboK05i6Jlz8B7dq+RSBY4xe/5fWamuX1DHn0uyDPls6lnGI+2VfSd+zXTfCxMflOTe/fW8JdEGsPo=,iv:c4s4NhsymVwRwldWN6XHJPh2YUOW61Ty5P8f3oOMGWI=,tag:611RnDKOjfYJnvhO8wbdkA==,type:str] + lastmodified: "2025-11-11T00:23:14Z" + mac: ENC[AES256_GCM,data:y+oKL6UqaXnA5W/In6uY32XoLad7BQb3OmDu/v/hQ28Nads0756IW1xqQKphEG+6tJ5RRs8mAG1OjhG7sp22ZVa6AqYEark5fe5/iwIql+hZSKbhuwYoQqq7Kjh2oX6hFGKZ7WULVwt8YP2Q+ttZ1v9jLUZ6Wqf786ZZh1cdOlQ=,iv:9eZQ3ptjMGu+E40lrmiLzAwZDjkQ6DCi6QRxlX8A7Uo=,tag:ovrn9S5NS3Y3oO9RfXvjSQ==,type:str] encrypted_regex: ^(auth|sm_access_token|api_key)$ version: 3.10.2 diff --git a/versions.tf b/versions.tf index a771cec..642747a 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { cloudflare = { source = "cloudflare/cloudflare" - version = "~> 4.0" + version = "~> 5.12.0" } grafana = { source = "grafana/grafana"