install.fairie/home/dot_local/bin/post-installx/executable_post-cloudflared.sh

110 lines
5.4 KiB
Bash
Raw Normal View History

2024-05-04 21:05:33 -07:00
#!/usr/bin/env bash
# @file Cloudflared Configuration
# @brief Applies cloudflared configuration, connects to Argo tunnel with managed configuration, and enables it on system start
2024-05-13 20:43:17 -07:00
# @description
# 1. Skips the deletion of a tunnel when it is currently in use
2024-05-04 21:05:33 -07:00
2024-05-09 19:53:38 -07:00
if command -v cloudflared > /dev/null; then
2024-05-04 21:05:33 -07:00
# Show warning message about ~/.cloudflared already existing
if [ -d "$HOME/.cloudflared" ]; then
logg warn '~/.cloudflared is already in the home directory - to ensure proper deployment, remove previous tunnel configuration folders'
fi
# Copy over configuration files
logg info 'Ensuring /usr/local/etc/cloudflared exists' && sudo mkdir -p /usr/local/etc/cloudflared
logg info 'Copying over configuration files from ~/.local/etc/cloudflared to /usr/local/etc/cloudflared'
sudo cp -f "$HOME/.local/etc/cloudflared/cert.pem" /usr/local/etc/cloudflared/cert.pem
sudo cp -f "$HOME/.local/etc/cloudflared/config.yml" /usr/local/etc/cloudflared/config.yml
2024-05-17 22:10:17 -07:00
HOSTNAME_LOWER="host-$(hostname -s | tr '[:upper:]' '[:lower:]')"
2024-05-09 19:53:38 -07:00
### Remove previous tunnels connected to host
while read TUNNEL_ID; do
logg info "Deleteing CloudFlared tunnel ID $TUNNEL_ID"
2024-05-13 20:43:17 -07:00
unset TUNNEL_EXIT_CODE
sudo cloudflared tunnel delete "$TUNNEL_ID" || TUNNEL_EXIT_CODE=$?
if [ -z "$TUNNEL_EXIT_CODE" ]; then
logg info "Removing credentials for $TUNNEL_ID which is not in use"
sudo rm -f "/usr/local/etc/cloudflared/${TUNNEL_ID}.json"
else
logg success "Skipping deletion of $TUNNEL_ID credentials since it is in use"
fi
2024-05-17 22:10:17 -07:00
done< <(sudo cloudflared tunnel list | grep "$HOSTNAME_LOWER" | sed 's/ .*//')
2024-05-09 19:53:38 -07:00
2024-05-04 21:05:33 -07:00
### Register tunnel (if not already registered)
2024-05-17 22:10:17 -07:00
logg info "Creating CloudFlared tunnel named "$HOSTNAME_LOWER""
sudo cloudflared tunnel create "$HOSTNAME_LOWER"
2024-05-04 21:05:33 -07:00
2024-05-13 20:43:17 -07:00
### Acquire TUNNEL_ID and symlink credentials.json
2024-05-17 22:10:17 -07:00
TUNNEL_ID="$(sudo cloudflared tunnel list | grep "$HOSTNAME_LOWER" | sed 's/ .*//')"
2024-05-04 21:05:33 -07:00
logg info "Tunnel ID: $TUNNEL_ID"
2024-05-09 19:53:38 -07:00
logg info "Symlinking /usr/local/etc/cloudflared/$TUNNEL_ID.json to /usr/local/etc/cloudflared/credentials.json"
sudo rm -f /usr/local/etc/cloudflared/credentials.json
sudo ln -s /usr/local/etc/cloudflared/$TUNNEL_ID.json /usr/local/etc/cloudflared/credentials.json
2024-05-04 21:05:33 -07:00
2024-05-17 20:53:05 -07:00
### Symlink /usr/local/etc/cloudflared to /etc/cloudflared
if [ ! -d /etc/cloudflared ]; then
logg info 'Symlinking /usr/local/etc/cloudflared to /etc/cloudflared'
sudo ln -s /usr/local/etc/cloudflared /etc/cloudflared
else
2024-05-17 21:49:01 -07:00
if [ ! -L /etc/cloudflared ]; then
2024-05-17 23:09:14 -07:00
logg warn '/etc/cloudflared is present as a regular directory (not symlinked) but files are being modified in /usr/local/etc/cloudflared'
2024-05-17 21:48:50 -07:00
fi
2024-05-17 20:53:05 -07:00
fi
2024-05-13 20:43:17 -07:00
### Configure DNS
# Must be deleted manually if no longer used
logg info 'Setting up DNS records for CloudFlare Argo tunnels'
while read DOMAIN; do
2024-05-17 22:13:13 -07:00
if [ "$DOMAIN" != 'null' ]; then
2024-05-17 23:51:11 -07:00
logg info "Setting up $DOMAIN for access through cloudflared (Tunnel ID: $TUNNEL_ID)"
logg info "Running sudo cloudflared tunnel route dns -f "$TUNNEL_ID" "$DOMAIN""
2024-05-17 22:13:13 -07:00
sudo cloudflared tunnel route dns -f "$TUNNEL_ID" "$DOMAIN" && logg success "Successfully routed $DOMAIN to this machine's cloudflared Argo tunnel"
fi
2024-05-17 23:09:14 -07:00
done< <(yq '.ingress[].hostname' /usr/local/etc/cloudflared/config.yml)
2024-05-17 22:10:17 -07:00
2024-05-17 23:09:14 -07:00
### Update /usr/local/etc/cloudflared/config.yml
logg info 'Updating /usr/local/etc/cloudflared/config.yml to reference tunnel ID'
sudo yq eval -i ".tunnel = \"$HOSTNAME_LOWER\"" /usr/local/etc/cloudflared/config.yml
2024-05-13 20:43:17 -07:00
2024-05-04 21:05:33 -07:00
### Set up service
if [ -d /Applications ] && [ -d /System ]; then
2024-05-09 19:53:38 -07:00
### macOS
2024-05-04 21:05:33 -07:00
if [ -f /Library/LaunchDaemons/com.cloudflare.cloudflared.plist ]; then
logg info 'cloudflared service is already installed'
else
logg info 'Running sudo cloudflared service install'
2024-05-09 19:53:38 -07:00
sudo cloudflared service install
2024-05-04 21:05:33 -07:00
fi
2024-05-17 21:46:41 -07:00
sudo cp -f "$HOME/Library/LaunchDaemons/com.cloudflare.cloudflared.plist" /Library/LaunchDaemons/com.cloudflare.cloudflared.plist
2024-05-09 19:53:38 -07:00
logg info 'Ensuring cloudflared service is started'
2024-05-17 21:46:41 -07:00
if sudo launchctl list | grep 'com.cloudflare.cloudflared' > /dev/null; then
logg info 'Unloading previous com.cloudflare.cloudflared configuration'
sudo launchctl unload /Library/LaunchDaemons/com.cloudflare.cloudflared.plist
fi
2024-05-17 22:13:13 -07:00
logg info 'Starting up com.cloudflare.cloudflared configuration'
2024-05-17 21:46:41 -07:00
sudo launchctl load -w /Library/LaunchDaemons/com.cloudflare.cloudflared.plist
2024-05-04 21:05:33 -07:00
elif [ -f /etc/os-release ]; then
2024-05-09 19:53:38 -07:00
### Linux
2024-05-04 21:05:33 -07:00
if systemctl --all --type service | grep -q "cloudflared" > /dev/null; then
logg info 'cloudflared service is already available as a service'
else
logg info 'Running sudo cloudflared service install'
2024-05-09 19:53:38 -07:00
sudo cloudflared service install
2024-05-04 21:05:33 -07:00
fi
logg info 'Ensuring cloudflared service is started'
sudo systemctl start cloudflared
logg info 'Enabling cloudflared as a boot systemctl service'
sudo systemctl enable cloudflared
else
# System is Windows
cloudflared service install
mkdir C:\Windows\System32\config\systemprofile\.cloudflared
# Copy same cert.pem as being used above
# copy C:\Users\%USERNAME%\.cloudflared\cert.pem C:\Windows\System32\config\systemprofile\.cloudflared\cert.pem
# https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/local/as-a-service/windows/
fi
else
2024-05-09 19:53:38 -07:00
logg info 'cloudflared was not installed so CloudFlare Tunnels cannot be enabled'
2024-05-04 21:05:33 -07:00
fi