From 9e7f7909fdea69a6efff789621ed0fc1f3b6bc26 Mon Sep 17 00:00:00 2001 From: Khue Doan Date: Mon, 3 May 2021 21:52:59 +0700 Subject: [PATCH] Add cloudflared tunnel config files and service --- .../ansible/roles/cloudflared/tasks/main.yml | 22 +++++++++++++++++++ .../roles/cloudflared/templates/config.yml.j2 | 7 ++++++ .../cloudflared/templates/credentials.json.j2 | 6 +++++ 3 files changed, 35 insertions(+) create mode 100644 infra/modules/vpn/ansible/roles/cloudflared/templates/config.yml.j2 create mode 100644 infra/modules/vpn/ansible/roles/cloudflared/templates/credentials.json.j2 diff --git a/infra/modules/vpn/ansible/roles/cloudflared/tasks/main.yml b/infra/modules/vpn/ansible/roles/cloudflared/tasks/main.yml index ed806dc7..a4d1006a 100644 --- a/infra/modules/vpn/ansible/roles/cloudflared/tasks/main.yml +++ b/infra/modules/vpn/ansible/roles/cloudflared/tasks/main.yml @@ -1,3 +1,25 @@ - name: Install cloudflared apt: deb: "{{ cloudflared_package_url }}" + +- name: Create tunnel configuration file + template: + src: config.yml.j2 + dest: /etc/cloudflared/config.yml + +# TODO (feature) Get cloudflare tunnel credentials automatically +# - name: Create tunnel credentials file +# template: +# src: credentials.json.j2 +# dest: /etc/cloudflared/credentials.json + +- name: Install cloudfared system service + command: cloudflared service install + args: + creates: /etc/systemd/system/cloudflared.service + +- name: Enable cloudflared service + service: + name: cloudflared + state: started + enabled: yes diff --git a/infra/modules/vpn/ansible/roles/cloudflared/templates/config.yml.j2 b/infra/modules/vpn/ansible/roles/cloudflared/templates/config.yml.j2 new file mode 100644 index 00000000..67d1a1b5 --- /dev/null +++ b/infra/modules/vpn/ansible/roles/cloudflared/templates/config.yml.j2 @@ -0,0 +1,7 @@ +tunnel: homelab-vpn +credentials-file: /etc/cloudflared/cert.pem + +ingress: + - hostname: "*.khuedoan.com" + service: http://192.168.1.150 # TODO (optimize) Use variable for ingress address + - service: http_status:404 diff --git a/infra/modules/vpn/ansible/roles/cloudflared/templates/credentials.json.j2 b/infra/modules/vpn/ansible/roles/cloudflared/templates/credentials.json.j2 new file mode 100644 index 00000000..0541fdcc --- /dev/null +++ b/infra/modules/vpn/ansible/roles/cloudflared/templates/credentials.json.j2 @@ -0,0 +1,6 @@ +{ + "TunnelName": "{{ tunnel_name }}", + "AccountTag": "{{ account_id }}", + "TunnelID": "{{ tunnel_id }}", + "TunnelSecret": "{{ tunnel_secret }}" +}