From 1949aaa4465e095453c40c778b0f582b6862ab85 Mon Sep 17 00:00:00 2001
From: Bubbles <bubbles@bubblesthebunny.com>
Date: Mon, 18 Mar 2024 10:54:57 -0500
Subject: [PATCH] Added info about generating tunnel secrets

---
 README.md                | 32 ++++++++++++++++++++++++++++++++
 group_vars/all/vault.yml | 12 ++++++------
 2 files changed, 38 insertions(+), 6 deletions(-)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..600e795
--- /dev/null
+++ b/README.md
@@ -0,0 +1,32 @@
+## Secrets
+
+ansible vault secrets are stored in [group_vars/all/vault.yml](group_vars/all/vault.yml)
+
+Note that the directory path and filename are important.
+
+The format of the file is
+
+```yaml
+---
+become_pass: <ansible_user_become_pass>
+```
+
+Secrets required for Terraform can be stored in a file:
+
+ex. terraform/.secrets which is already ignored by Git
+
+Required variables:
+```shell
+export TF_VAR_cloudflare_token=<cloudflare_token>
+export TF_VAR_zone_id=<cloudflare_zone_id>
+export TF_VAR_account_id=<cloudflare_account_id>
+export TF_VAR_tunnel_secret=<tunnel_secret>
+```
+
+Note the cloudflare token requires Zone/DNS:edit and Account/Cloudflare Tunnel:edit privs
+
+I generate tunnel secrets with this command:
+
+```shell
+hexdump -vn32 -e'4/4 "%08X"' /dev/urandom | base64 -w0 -
+```
diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
index ad27099..5a5e7a5 100644
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@@ -1,7 +1,7 @@
 $ANSIBLE_VAULT;1.1;AES256
-32643233343538366363373035373736393162363762643866323561656462356539613639386537
-6264303136303132326235336265346533323930643762330a323661326230333763383737336362
-34626439306334313539333065643366633438356330386465626539306439666630643531383630
-3134643463313236370a333566393539613963646131383830643538386561393539646366356338
-32343438323936323265643732333964363032303564623864393461376339306264663162306434
-6266623662306137346366306264353165656162326131343235
+32333266666163316137626335643664386135323562666232306334386265333034373531613261
+3339633836333330623533333430386131376539626137350a313832663639363133353262383835
+65326662316535333237666565346534363863303635613961643763656563646339663062306466
+3934353235393236630a326562636630316333353035616432363738666132303039643961653631
+33303266623262323837643438633564353132393037366331653833393936323065653831343862
+6538393632346563636361363364366235336162373934643730