From 545fc464b63dbd85d0d8728d65dd6bdacca6e844 Mon Sep 17 00:00:00 2001 From: Bubbles Date: Tue, 19 Mar 2024 10:44:03 -0500 Subject: [PATCH 1/2] Ansible config should work --- .gitignore | 3 ++ host_vars/.keep | 1 + hosts.yml | 7 +++ roles/cloudflared_tunnel/files/.keep | 1 + roles/cloudflared_tunnel/tasks/main.yml | 57 ++++++++++++++++++++++++ roles/cloudflared_tunnel/templates/.keep | 0 site.yml | 1 + terraform/.keep | 1 - terraform/main.tf | 35 +++++++++++++++ 9 files changed, 105 insertions(+), 1 deletion(-) create mode 100644 host_vars/.keep create mode 100644 hosts.yml create mode 100644 roles/cloudflared_tunnel/files/.keep create mode 100644 roles/cloudflared_tunnel/tasks/main.yml create mode 100644 roles/cloudflared_tunnel/templates/.keep create mode 100644 site.yml delete mode 100644 terraform/.keep diff --git a/.gitignore b/.gitignore index f5ff732..0da0f7d 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,6 @@ terraform/.secrets /terraform/exercise.tfplan /terraform/terraform.tfstate /terraform/terraform.tfstate.backup +/host_vars/server2.yml +/roles/cloudflared_tunnel/files/config.yml +/roles/cloudflared_tunnel/templates/*.json diff --git a/host_vars/.keep b/host_vars/.keep new file mode 100644 index 0000000..a2e6f7f --- /dev/null +++ b/host_vars/.keep @@ -0,0 +1 @@ +Holds generated host var files diff --git a/hosts.yml b/hosts.yml new file mode 100644 index 0000000..1a28023 --- /dev/null +++ b/hosts.yml @@ -0,0 +1,7 @@ +--- +all: + hosts: + server2: + ansible_become_pass: "{{ become_pass }}" + vars: + ansible_user: zoe diff --git a/roles/cloudflared_tunnel/files/.keep b/roles/cloudflared_tunnel/files/.keep new file mode 100644 index 0000000..7f7f5ee --- /dev/null +++ b/roles/cloudflared_tunnel/files/.keep @@ -0,0 +1 @@ +holds generated cloudflare tunnel configuration diff --git a/roles/cloudflared_tunnel/tasks/main.yml b/roles/cloudflared_tunnel/tasks/main.yml new file mode 100644 index 0000000..a9e0f3d --- /dev/null +++ b/roles/cloudflared_tunnel/tasks/main.yml @@ -0,0 +1,57 @@ +--- +- name: Create Cloudlfared group + become: yes + group: + name: cloudflared + state: present +- name: Create Cloudflared user + become: yes + user: + name: cloudflared + system: yes + password: '!' + shell: /bin/false + create_home: yes + home: /etc/cloudflared +- name: Upload config file + become: yes + copy: + src: config.yml + dest: /etc/cloudflared/config.yml + owner: cloudflared + group: cloudflared + mode: 0640 +- name: Upload the credentials file + become: yes + template: + src: "{{ tunnel_id }}.json" + dest: /etc/cloudflared/{{ tunnel_id }}.json + owner: cloudflared + group: cloudflared + mode: 0640 +- name: Download Cloudflared binary + become: yes + get_url: + url: https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 + dest: /etc/cloudflared/bin/cloudflared + owner: cloudflared + group: cloudflared + mode: '0760' +- name: Check if the Cloudflared service is already installed + become: yes + stat: + path: /etc/systemd/system/cloudflared.service + register: cloudflared_exists +- name: Install the Cloudflared service + become: yes + when: not cloudflared_exists.stat.exists + environment: + PATH: /etc/cloudflared/bin:{{ ansible_env.PATH }} + command: + cmd: cloudflared service install +- name: Start cloudflared + become: yes + systemd: + name: cloudflared + state: restarted + diff --git a/roles/cloudflared_tunnel/templates/.keep b/roles/cloudflared_tunnel/templates/.keep new file mode 100644 index 0000000..e69de29 diff --git a/site.yml b/site.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/site.yml @@ -0,0 +1 @@ +--- diff --git a/terraform/.keep b/terraform/.keep deleted file mode 100644 index adc1678..0000000 --- a/terraform/.keep +++ /dev/null @@ -1 +0,0 @@ -Dir to hold Terraform config diff --git a/terraform/main.tf b/terraform/main.tf index c08be5c..afee09f 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -24,3 +24,38 @@ resource "cloudflare_record" "notfound" { value = cloudflare_tunnel.tunnel.cname proxied = true } + +resource "local_sensitive_file" "tunnel_config" { + filename = "../roles/cloudflared_tunnel/files/config.yml" + content = <<-EOT +tunnel: ${cloudflare_tunnel.tunnel.id} +credentials-file: /etc/cloudflared/${cloudflare_tunnel.tunnel.id}.json + +ingress: +- service: http_status:404 +EOT +} + +resource "local_sensitive_file" "tunnel_creds" { + filename = "../roles/cloudflared_tunnel/templates/${cloudflare_tunnel.tunnel.id}.json" + content = <<-EOT +{ + "AccountTag": "${var.account_id}", + "TunnelID": "{{ tunnel_id }}", + "TunnelName": "mastodon", + "TunnelSecret": "{{ tunnel_secret }}" +} +EOT +} + +resource "local_sensitive_file" "credentials_variables" { + filename = "../host_vars/server2.yml" + content = <<-EOT +--- +tunnel_id: ${cloudflare_tunnel.tunnel.id} +tunnel_secret: ${var.tunnel_secret} + +EOT +} + + -- 2.35.3 From 7e112beaadfa8fc53e38fa87639331a9c44ad00e Mon Sep 17 00:00:00 2001 From: Bubbles Date: Tue, 19 Mar 2024 10:48:10 -0500 Subject: [PATCH 2/2] Prepared ansible playbook --- run.sh | 3 +++ site.yml | 4 ++++ 2 files changed, 7 insertions(+) create mode 100755 run.sh diff --git a/run.sh b/run.sh new file mode 100755 index 0000000..44fe8a8 --- /dev/null +++ b/run.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env sh + +ansible-playbook -i hosts.yml site.yml --vault-password-file $HOME/.vault_pass.txt diff --git a/site.yml b/site.yml index ed97d53..3e1514d 100644 --- a/site.yml +++ b/site.yml @@ -1 +1,5 @@ --- +- name: Install and run cloudflared tunnel + hosts: server2 + roles: + - role: cloudflared_tunnel -- 2.35.3