Infrastructure
Infrastructure
Infrastructure Modules
The bitcain.net control plane manages identity, access, DNS, and security through Terraform. All module docs below are auto-generated from .tf files using terraform-docs.
Modules
| Module | Purpose |
|---|---|
| Cloudflare | DNS, SSL/TLS, WAF, rate limiting, health checks, Zero Trust Access, KV, email DNS |
| GCP Identity | Workload Identity Federation, Workforce Federation, Secret Manager, Service Accounts |
| GitHub Identity | Org security settings, OIDC subject claim customization |
| Entra ID | Microsoft Entra ID apps, SAML/OIDC federation, Conditional Access, FIDO2 |
| Supabase | Project settings and API configuration |
Architecture
Identity Rings (never mix across rings):
Ring 1 (Workforce) → Microsoft Entra ID (source of truth)
Ring 2 (Admin/Infra) → Cloudflare Access (bound to Ring 1 via OIDC)
Ring 3 (Customers) → Supabase Auth (completely isolated)Key References
| Key | Value |
|---|---|
| Cloudflare Zone | dc968d89b579c99319eb46bc60f7519e |
| GCP Project | bitcain-net-458309 |
| Entra Tenant | 22aef4ee-2e5c-4dd2-a465-eb15a4f3ce4d |
| TF State | gs://bitcain-terraform-state-controlplane/terraform/production |