homelab_cloudflared

Go to file

bubbles 5c71597211 Merge pull request 'develop' (#3 ) from develop into main Reviewed-on: #3		2024-03-19 10:48:39 -05:00
group_vars/all	Added info about generating tunnel secrets	2024-03-18 10:54:57 -05:00
host_vars	Ansible config should work	2024-03-19 10:44:03 -05:00
roles/cloudflared_tunnel	Ansible config should work	2024-03-19 10:44:03 -05:00
terraform	Ansible config should work	2024-03-19 10:44:03 -05:00
.gitignore	Ansible config should work	2024-03-19 10:44:03 -05:00
hosts.yml	Ansible config should work	2024-03-19 10:44:03 -05:00
README.md	Terraform creates tunnel and cname record	2024-03-19 10:16:01 -05:00
run.sh	Prepared ansible playbook	2024-03-19 10:48:10 -05:00
site.yml	Prepared ansible playbook	2024-03-19 10:48:10 -05:00

README.md

Secrets

ansible vault secrets are stored in group_vars/all/vault.yml

Note that the directory path and filename are important.

The format of the file is

---
become_pass: <ansible_user_become_pass>

Secrets required for Terraform can be stored in a file:

ex. terraform/.secrets which is already ignored by Git

Required variables:

export TF_VAR_cloudflare_token=<cloudflare_token>
export TF_VAR_zone_id=<cloudflare_zone_id>
export TF_VAR_account_id=<cloudflare_account_id>
export TF_VAR_tunnel_secret=<tunnel_secret>

Note the cloudflare token requires Zone/DNS:edit and Account/Cloudflare Tunnel:edit privs

I generate tunnel secrets with this command:

hexdump -vn32 -e'4/4 "%08X"' /dev/urandom | base64 -w0 -