Compare commits
3 Commits
1126049762
...
5c71597211
Author | SHA1 | Date | |
---|---|---|---|
5c71597211 | |||
7e112beaad | |||
545fc464b6 |
3
.gitignore
vendored
3
.gitignore
vendored
@ -7,3 +7,6 @@ terraform/.secrets
|
|||||||
/terraform/exercise.tfplan
|
/terraform/exercise.tfplan
|
||||||
/terraform/terraform.tfstate
|
/terraform/terraform.tfstate
|
||||||
/terraform/terraform.tfstate.backup
|
/terraform/terraform.tfstate.backup
|
||||||
|
/host_vars/server2.yml
|
||||||
|
/roles/cloudflared_tunnel/files/config.yml
|
||||||
|
/roles/cloudflared_tunnel/templates/*.json
|
||||||
|
1
host_vars/.keep
Normal file
1
host_vars/.keep
Normal file
@ -0,0 +1 @@
|
|||||||
|
Holds generated host var files
|
7
hosts.yml
Normal file
7
hosts.yml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
all:
|
||||||
|
hosts:
|
||||||
|
server2:
|
||||||
|
ansible_become_pass: "{{ become_pass }}"
|
||||||
|
vars:
|
||||||
|
ansible_user: zoe
|
1
roles/cloudflared_tunnel/files/.keep
Normal file
1
roles/cloudflared_tunnel/files/.keep
Normal file
@ -0,0 +1 @@
|
|||||||
|
holds generated cloudflare tunnel configuration
|
57
roles/cloudflared_tunnel/tasks/main.yml
Normal file
57
roles/cloudflared_tunnel/tasks/main.yml
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
---
|
||||||
|
- name: Create Cloudlfared group
|
||||||
|
become: yes
|
||||||
|
group:
|
||||||
|
name: cloudflared
|
||||||
|
state: present
|
||||||
|
- name: Create Cloudflared user
|
||||||
|
become: yes
|
||||||
|
user:
|
||||||
|
name: cloudflared
|
||||||
|
system: yes
|
||||||
|
password: '!'
|
||||||
|
shell: /bin/false
|
||||||
|
create_home: yes
|
||||||
|
home: /etc/cloudflared
|
||||||
|
- name: Upload config file
|
||||||
|
become: yes
|
||||||
|
copy:
|
||||||
|
src: config.yml
|
||||||
|
dest: /etc/cloudflared/config.yml
|
||||||
|
owner: cloudflared
|
||||||
|
group: cloudflared
|
||||||
|
mode: 0640
|
||||||
|
- name: Upload the credentials file
|
||||||
|
become: yes
|
||||||
|
template:
|
||||||
|
src: "{{ tunnel_id }}.json"
|
||||||
|
dest: /etc/cloudflared/{{ tunnel_id }}.json
|
||||||
|
owner: cloudflared
|
||||||
|
group: cloudflared
|
||||||
|
mode: 0640
|
||||||
|
- name: Download Cloudflared binary
|
||||||
|
become: yes
|
||||||
|
get_url:
|
||||||
|
url: https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64
|
||||||
|
dest: /etc/cloudflared/bin/cloudflared
|
||||||
|
owner: cloudflared
|
||||||
|
group: cloudflared
|
||||||
|
mode: '0760'
|
||||||
|
- name: Check if the Cloudflared service is already installed
|
||||||
|
become: yes
|
||||||
|
stat:
|
||||||
|
path: /etc/systemd/system/cloudflared.service
|
||||||
|
register: cloudflared_exists
|
||||||
|
- name: Install the Cloudflared service
|
||||||
|
become: yes
|
||||||
|
when: not cloudflared_exists.stat.exists
|
||||||
|
environment:
|
||||||
|
PATH: /etc/cloudflared/bin:{{ ansible_env.PATH }}
|
||||||
|
command:
|
||||||
|
cmd: cloudflared service install
|
||||||
|
- name: Start cloudflared
|
||||||
|
become: yes
|
||||||
|
systemd:
|
||||||
|
name: cloudflared
|
||||||
|
state: restarted
|
||||||
|
|
0
roles/cloudflared_tunnel/templates/.keep
Normal file
0
roles/cloudflared_tunnel/templates/.keep
Normal file
3
run.sh
Executable file
3
run.sh
Executable file
@ -0,0 +1,3 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
ansible-playbook -i hosts.yml site.yml --vault-password-file $HOME/.vault_pass.txt
|
5
site.yml
Normal file
5
site.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
- name: Install and run cloudflared tunnel
|
||||||
|
hosts: server2
|
||||||
|
roles:
|
||||||
|
- role: cloudflared_tunnel
|
@ -1 +0,0 @@
|
|||||||
Dir to hold Terraform config
|
|
@ -24,3 +24,38 @@ resource "cloudflare_record" "notfound" {
|
|||||||
value = cloudflare_tunnel.tunnel.cname
|
value = cloudflare_tunnel.tunnel.cname
|
||||||
proxied = true
|
proxied = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "local_sensitive_file" "tunnel_config" {
|
||||||
|
filename = "../roles/cloudflared_tunnel/files/config.yml"
|
||||||
|
content = <<-EOT
|
||||||
|
tunnel: ${cloudflare_tunnel.tunnel.id}
|
||||||
|
credentials-file: /etc/cloudflared/${cloudflare_tunnel.tunnel.id}.json
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
- service: http_status:404
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "local_sensitive_file" "tunnel_creds" {
|
||||||
|
filename = "../roles/cloudflared_tunnel/templates/${cloudflare_tunnel.tunnel.id}.json"
|
||||||
|
content = <<-EOT
|
||||||
|
{
|
||||||
|
"AccountTag": "${var.account_id}",
|
||||||
|
"TunnelID": "{{ tunnel_id }}",
|
||||||
|
"TunnelName": "mastodon",
|
||||||
|
"TunnelSecret": "{{ tunnel_secret }}"
|
||||||
|
}
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "local_sensitive_file" "credentials_variables" {
|
||||||
|
filename = "../host_vars/server2.yml"
|
||||||
|
content = <<-EOT
|
||||||
|
---
|
||||||
|
tunnel_id: ${cloudflare_tunnel.tunnel.id}
|
||||||
|
tunnel_secret: ${var.tunnel_secret}
|
||||||
|
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user