Compare commits
No commits in common. "5c7159721194cfc36aba5d2708fe7854c33932f6" and "1126049762e90e7e2ebf9c23cc6b530ef761ca46" have entirely different histories.
5c71597211
...
1126049762
3
.gitignore
vendored
3
.gitignore
vendored
@ -7,6 +7,3 @@ terraform/.secrets
|
||||
/terraform/exercise.tfplan
|
||||
/terraform/terraform.tfstate
|
||||
/terraform/terraform.tfstate.backup
|
||||
/host_vars/server2.yml
|
||||
/roles/cloudflared_tunnel/files/config.yml
|
||||
/roles/cloudflared_tunnel/templates/*.json
|
||||
|
@ -1 +0,0 @@
|
||||
Holds generated host var files
|
@ -1,7 +0,0 @@
|
||||
---
|
||||
all:
|
||||
hosts:
|
||||
server2:
|
||||
ansible_become_pass: "{{ become_pass }}"
|
||||
vars:
|
||||
ansible_user: zoe
|
@ -1 +0,0 @@
|
||||
holds generated cloudflare tunnel configuration
|
@ -1,57 +0,0 @@
|
||||
---
|
||||
- name: Create Cloudlfared group
|
||||
become: yes
|
||||
group:
|
||||
name: cloudflared
|
||||
state: present
|
||||
- name: Create Cloudflared user
|
||||
become: yes
|
||||
user:
|
||||
name: cloudflared
|
||||
system: yes
|
||||
password: '!'
|
||||
shell: /bin/false
|
||||
create_home: yes
|
||||
home: /etc/cloudflared
|
||||
- name: Upload config file
|
||||
become: yes
|
||||
copy:
|
||||
src: config.yml
|
||||
dest: /etc/cloudflared/config.yml
|
||||
owner: cloudflared
|
||||
group: cloudflared
|
||||
mode: 0640
|
||||
- name: Upload the credentials file
|
||||
become: yes
|
||||
template:
|
||||
src: "{{ tunnel_id }}.json"
|
||||
dest: /etc/cloudflared/{{ tunnel_id }}.json
|
||||
owner: cloudflared
|
||||
group: cloudflared
|
||||
mode: 0640
|
||||
- name: Download Cloudflared binary
|
||||
become: yes
|
||||
get_url:
|
||||
url: https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64
|
||||
dest: /etc/cloudflared/bin/cloudflared
|
||||
owner: cloudflared
|
||||
group: cloudflared
|
||||
mode: '0760'
|
||||
- name: Check if the Cloudflared service is already installed
|
||||
become: yes
|
||||
stat:
|
||||
path: /etc/systemd/system/cloudflared.service
|
||||
register: cloudflared_exists
|
||||
- name: Install the Cloudflared service
|
||||
become: yes
|
||||
when: not cloudflared_exists.stat.exists
|
||||
environment:
|
||||
PATH: /etc/cloudflared/bin:{{ ansible_env.PATH }}
|
||||
command:
|
||||
cmd: cloudflared service install
|
||||
- name: Start cloudflared
|
||||
become: yes
|
||||
systemd:
|
||||
name: cloudflared
|
||||
state: restarted
|
||||
|
3
run.sh
3
run.sh
@ -1,3 +0,0 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
ansible-playbook -i hosts.yml site.yml --vault-password-file $HOME/.vault_pass.txt
|
5
site.yml
5
site.yml
@ -1,5 +0,0 @@
|
||||
---
|
||||
- name: Install and run cloudflared tunnel
|
||||
hosts: server2
|
||||
roles:
|
||||
- role: cloudflared_tunnel
|
1
terraform/.keep
Normal file
1
terraform/.keep
Normal file
@ -0,0 +1 @@
|
||||
Dir to hold Terraform config
|
@ -24,38 +24,3 @@ resource "cloudflare_record" "notfound" {
|
||||
value = cloudflare_tunnel.tunnel.cname
|
||||
proxied = true
|
||||
}
|
||||
|
||||
resource "local_sensitive_file" "tunnel_config" {
|
||||
filename = "../roles/cloudflared_tunnel/files/config.yml"
|
||||
content = <<-EOT
|
||||
tunnel: ${cloudflare_tunnel.tunnel.id}
|
||||
credentials-file: /etc/cloudflared/${cloudflare_tunnel.tunnel.id}.json
|
||||
|
||||
ingress:
|
||||
- service: http_status:404
|
||||
EOT
|
||||
}
|
||||
|
||||
resource "local_sensitive_file" "tunnel_creds" {
|
||||
filename = "../roles/cloudflared_tunnel/templates/${cloudflare_tunnel.tunnel.id}.json"
|
||||
content = <<-EOT
|
||||
{
|
||||
"AccountTag": "${var.account_id}",
|
||||
"TunnelID": "{{ tunnel_id }}",
|
||||
"TunnelName": "mastodon",
|
||||
"TunnelSecret": "{{ tunnel_secret }}"
|
||||
}
|
||||
EOT
|
||||
}
|
||||
|
||||
resource "local_sensitive_file" "credentials_variables" {
|
||||
filename = "../host_vars/server2.yml"
|
||||
content = <<-EOT
|
||||
---
|
||||
tunnel_id: ${cloudflare_tunnel.tunnel.id}
|
||||
tunnel_secret: ${var.tunnel_secret}
|
||||
|
||||
EOT
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user