Files

defiQUG 9daf1fd378 Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements

- Add comprehensive database migrations (001-024) for schema evolution
- Enhance API schema with expanded type definitions and resolvers
- Add new middleware: audit logging, rate limiting, MFA enforcement, security, tenant auth
- Implement new services: AI optimization, billing, blockchain, compliance, marketplace
- Add adapter layer for cloud integrations (Cloudflare, Kubernetes, Proxmox, storage)
- Update Crossplane provider with enhanced VM management capabilities
- Add comprehensive test suite for API endpoints and services
- Update frontend components with improved GraphQL subscriptions and real-time updates
- Enhance security configurations and headers (CSP, CORS, etc.)
- Update documentation and configuration files
- Add new CI/CD workflows and validation scripts
- Implement design system improvements and UI enhancements

2025-12-12 18:01:35 -08:00

dns

Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements

2025-12-12 18:01:35 -08:00

terraform

Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements

2025-12-12 18:01:35 -08:00

tunnel-configs

Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements

2025-12-12 18:01:35 -08:00

access-policies.yaml

Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements

2025-12-12 18:01:35 -08:00

gateway-policies.yaml

Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements

2025-12-12 18:01:35 -08:00

README.md

Initial Phoenix Sankofa Cloud setup

2025-11-28 12:54:33 -08:00

warp-config.json

Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements

2025-12-12 18:01:35 -08:00

README.md

Cloudflare Zero Trust Configuration

This directory contains all Cloudflare Zero Trust configurations for secure global access to the hybrid cloud control plane.

Structure

cloudflare/
├── access-policies.yaml      # Access policies for applications
├── tunnel-configs/           # Per-site tunnel configurations
├── gateway-policies.yaml     # DNS and filtering policies
├── warp-config.json          # WARP device enrollment
└── terraform/                # Terraform modules for Cloudflare

Components

Access Policies

Define who can access which applications based on:

User identity (from Keycloak)
Device posture
IP address
MFA requirements
Time-based rules

Tunnels

Outbound-only connections from Proxmox sites and control plane to Cloudflare:

No public IPs required
Automatic reconnection
Load balancing across multiple tunnels
Health checks

Gateway Policies

DNS filtering and network security:

Block malicious domains
Log DNS queries
Apply policies based on user/device
Split DNS for internal services

WARP

Device-level VPN for employees:

Zero Trust network access
Device posture checks
Automatic enrollment

Usage

Apply Access Policies

# Using Cloudflare API
cloudflared access policy create --config access-policies.yaml

# Or via Terraform
cd terraform
terraform apply

Deploy Tunnels

Create tunnel in Cloudflare dashboard
Copy tunnel token
Update tunnel config with token
Deploy cloudflared agent with config

cloudflared tunnel run --config tunnel-configs/site-1.yaml

Configure WARP

Create WARP enrollment in Cloudflare dashboard
Update warp-config.json with enrollment details
Distribute config to devices

Security Best Practices

Use service tokens for API access
Rotate tunnel tokens regularly
Enable MFA for all access policies
Use device posture checks
Log all access attempts
Review policies quarterly