Skip to content
/ infra Public

Cloudflare Access secured with Auth0 and passkey only login

meerkat.patkub.vip/

License

MIT license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

patkub/infra

BranchesTags

Repository files navigation

Infrastructure

Cloudflare Access secured with Auth0 and passkey only login

Overview

Terraform configuration for my infrastructure

  • Cloudflare Access is secured with Auth0
  • Auth0 Action and Forms enforce login with passkey only
  • A DNS based Adblock policy
  • A Cloudflare Tunnel accessible via SSH at meerkat.patkub.vip

Description

Implemented Cloudflare Zero Trust Access integrated with Auth0 OpenID Connect (OIDC), including a custom Post-Login Action that enforces passkey only authentication. Secured remote access via short-lived SSH certificates and Cloudflare Tunnels, enabling passwordless SSH/VNC access without exposing ports or managing static SSH keys. Provisioned and managed all Cloudflare and Auth0 resources using Terraform to ensure repeatable, infrastructure-as-code deployments.

Cloud Configuration

Reference terraform.tfvars.example.

Create terraform.tfvars with:

# Cloudflare Account Email
cf_email                            = "..."
# Cloudflare Global API Key ( https://dash.cloudflare.com/profile/api-tokens )
cf_api_key                          = "..."
# Cloudflare Domain Overview Account ID
cf_account_id                       = "..."
# Cloudflare Domain Overview API Zone ID
cf_zone_id                          = "..."

# Auth0 M2M Application Details
AUTH0_DOMAIN                        = "..."
AUTH0_CLIENT_ID                     = "..."
AUTH0_CLIENT_SECRET                 = "..."

# Passkey Policy Settings
# Number of logins without a passkey (min: "1")
MAX_LOGINS_WITHOUT_PASSKEY          = "3"

Run:

terraform init
terraform apply

Server Configuration

Follow: SSH with Access for Infrastructure: Configure SSH Server

Follow: Short-lived certificates (legacy)

Configure server with:

chmod +x ./scripts/server/install.sh
./scripts/server/install.sh

Individual Scripts

  • ./scripts/server/sshd/sshd.sh - Setup sshd for Meerkat

Client Configuration

Reference: Short-lived certificates (legacy): Connect as a user

Configure client devices with:

chmod +x ./scripts/client/install.sh
./scripts/client/install.sh
  • Adds client-side cloudflared SSH host for meerkat
  • Adds Cloudflare Zero Trust certificate to npmrc
  • Patches SDKMAN! to automatically import Cloudflare Zero Trust certificate when installing a Java JDK

Individual Scripts

  • ./scripts/client/ssh/ssh.sh - Adds SSH host for meerkat
  • ./scripts/client/npm/npm.sh - Configures npmrc
  • ./scripts/client/sdkman/patch.sh - Patches SDKMAN!

Dev Setup

Node.js v22 LTS, pnpm

Install dependencies

pnpm install

Lint

  • pnpm lint - Lint with biome and apply changes
  • pnpm lint:check - Check linting with biome
  • pnpm format - Format with biome and apply changes
  • pnpm format:check - Check formatting with biome

Run tests

  • pnpm test - Run unit tests
  • pnpm test:watch - Automatically re-run tests when files change

About

Cloudflare Access secured with Auth0 and passkey only login

meerkat.patkub.vip/

Topics

terraform auth0 cloudflare passwordless passkeys cloudflare-zero-trust

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases 24

v2.3.0 Latest
Feb 27, 2026
+ 23 releases

Packages

 
 
 

Contributors 2

  •  
  •  

Languages