Add cloudflared tunnel config files and service

2025-01-05 21:11:52 +07:00 · 2021-05-03 21:52:59 +07:00 · 2021-05-03 21:52:59 +07:00 · 9e7f7909fd
commit 9e7f7909fd
parent 27c048931f
3 changed files with 35 additions and 0 deletions
--- a/infra/modules/vpn/ansible/roles/cloudflared/tasks/main.yml
+++ b/infra/modules/vpn/ansible/roles/cloudflared/tasks/main.yml
@ -1,3 +1,25 @@
 - name: Install cloudflared
  apt:
    deb: "{{ cloudflared_package_url }}"
+
+- name: Create tunnel configuration file
+  template:
+    src: config.yml.j2
+    dest: /etc/cloudflared/config.yml
+
+# TODO (feature) Get cloudflare tunnel credentials automatically
+# - name: Create tunnel credentials file
+#   template:
+#     src: credentials.json.j2
+#     dest: /etc/cloudflared/credentials.json
+
+- name: Install cloudfared system service
+  command: cloudflared service install
+  args:
+    creates: /etc/systemd/system/cloudflared.service
+
+- name: Enable cloudflared service
+  service:
+    name: cloudflared
+    state: started
+    enabled: yes
--- a/infra/modules/vpn/ansible/roles/cloudflared/templates/config.yml.j2
+++ b/infra/modules/vpn/ansible/roles/cloudflared/templates/config.yml.j2
@ -0,0 +1,7 @@
+tunnel: homelab-vpn
+credentials-file: /etc/cloudflared/cert.pem
+
+ingress:
+  - hostname: "*.khuedoan.com"
+    service: http://192.168.1.150 # TODO (optimize) Use variable for ingress address
+  - service: http_status:404
--- a/infra/modules/vpn/ansible/roles/cloudflared/templates/credentials.json.j2
+++ b/infra/modules/vpn/ansible/roles/cloudflared/templates/credentials.json.j2
@ -0,0 +1,6 @@
+{
+  "TunnelName": "{{ tunnel_name }}",
+  "AccountTag": "{{ account_id }}",
+  "TunnelID": "{{ tunnel_id }}",
+  "TunnelSecret": "{{ tunnel_secret }}"
+}