2023-04-16 20:24:54 -07:00
{{- if (ne .host.distro.family "windows") -}}
2023-04-12 18:27:13 -07:00
#!/usr/bin/env bash
2023-07-09 22:46:56 -07:00
# @file CloudFlare WARP and CloudFlare Argo Tunnels
# @brief Installs CloudFlare WARP, ensures proper security certificates are in place, and connects the device to CloudFlare WARP. Also sets up Argo Tunnels.
2023-04-12 18:27:13 -07:00
# @description
2023-04-16 20:24:54 -07:00
# This script is intended to connect the device to CloudFlare's Zero Trust network with nearly all of its features unlocked.
# Homebrew is used to install the `warp-cli` on macOS. On Linux, it can install `warp-cli` on most Debian systems and some RedHat
# systems. CloudFlare WARP's [download page](https://pkg.cloudflareclient.com/packages/cloudflare-warp) is somewhat barren.
#
# ## MDM Configuration
#
# If CloudFlare WARP successfully installs, it first applies MDM configurations (managed configurations). If you would like CloudFlare
2023-07-07 11:21:59 -07:00
# WARP to connect completely headlessly (while losing some "user-posture" settings), then you can populate the following three secrets:
2023-04-16 20:24:54 -07:00
#
# 1. `CLOUDFLARE_TEAMS_CLIENT_ID` - The ID from a CloudFlare Teams service token. See [this article](https://developers.cloudflare.com/cloudflare-one/identity/service-tokens/).
# 2. `CLOUDFLARE_TEAMS_CLIENT_SECRET` - The secret from a CloudFlare Teams service token.
2023-07-09 22:46:56 -07:00
# 3. `CLOUDFLARE_TEAMS_ORG` - The ID of your Zero Trust organization. This variable must be passed in as an environment variable and is housed in the `home/.chezmoi.yaml.tmpl` file. If you do not want to pass an environment variable, you can change the default value in `home/.chezmoi.yaml.tmpl` on your own fork.
2023-04-16 20:24:54 -07:00
#
# The two variables above can be passed in using either of the methods described in the [Secrets documentation](https://install.doctor/docs/customization/secrets).
#
# ## Headless CloudFlare WARP Connection
#
# Even if you do not provide the two variables mentioned above, the script will still headlessly connect your device to the public CloudFlare WARP
# network, where you will get some of the benefits of a VPN for free. Otherwise, if they were passed in, then the script
# finishes by connecting to CloudFlare Teams.
#
2023-07-07 11:21:59 -07:00
# ## Application Certificates
#
# This script applies the techniques described on the [CloudFlare Zero Trust Install certificate manually page](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cloudflare-cert/)
# to configure the following utilities that leverage seperate certificate authorities:
#
# * Python
# * NPM
# * Git
# * Google Cloud SDK
# * AWS CLI
# * Google Drive for desktop
#
# Settings used to configure Firefox are housed inside of the Firefox configuration files stored as seperate configuration files
2023-07-09 01:45:35 -07:00
# outside of this script. **Note: The scripts that enable CloudFlare certificates for all these programs are currently commented out
# in this script.**
2023-07-07 11:21:59 -07:00
#
2023-04-16 20:24:54 -07:00
# ## Notes
#
# According to CloudFlare Teams [documentation on MDM deployment](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/),
# on macOS the `com.cloudflare.warp.plist` file gets erased on reboot. Also, according to the documentation, the only way around this is to leverage
# an MDM SaaS provider like JumpCloud.
#
# ## Links
#
# * [Linux managed configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/warp/private_mdm.xml.tmpl)
# * [macOS managed configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/Library/Managed%20Preferences/private_com.cloudflare.warp.plist.tmpl)
2023-04-12 18:27:13 -07:00
2023-04-17 23:03:59 -07:00
{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}
2023-04-12 18:27:13 -07:00
2023-04-16 20:24:54 -07:00
### Install CloudFlare WARP (on non-WSL *nix systems)
if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]]; then
if [ -d /System ] && [ -d /Applications ]; then
### Install on macOS
2023-06-13 23:52:15 -07:00
if [ ! -d "/Applications/Cloudflare WARP.app" ]; then
brew install --cask cloudflare-warp
else
logg info 'Cloudflare WARP already installed'
fi
2023-04-16 20:24:54 -07:00
elif [ '{{ .host.distro.id }}' = 'debian' ]; then
### Add CloudFlare WARP desktop app apt-get source
if [ ! -f /etc/apt/sources.list.d/cloudflare-client.list ]; then
logg info 'Adding CloudFlare WARP keyring'
curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg
logg info 'Adding apt source reference'
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list
fi
2023-04-12 18:27:13 -07:00
2023-04-16 20:24:54 -07:00
### Update apt-get and install the CloudFlare WARP CLI
sudo apt-get update && sudo apt-get install -y cloudflare-warp
elif [ '{{ .host.distro.id }}' = 'ubuntu' ]; then
### Add CloudFlare WARP desktop app apt-get source
if [ ! -f /etc/apt/sources.list.d/cloudflare-client.list ]; then
logg info 'Adding CloudFlare WARP keyring'
curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg
logg info 'Adding apt source reference'
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list
fi
2023-04-12 18:27:13 -07:00
2023-04-16 20:24:54 -07:00
### Update apt-get and install the CloudFlare WARP CLI
sudo apt-get update && sudo apt-get install -y cloudflare-warp
elif command -v dnf > /dev/null && command -v rpm > /dev/null; then
### This is made for CentOS 8 and works on Fedora 36 (hopefully 36+ as well) with `nss-tools` as a dependency
2023-04-17 21:02:50 -07:00
sudo dnf instal -y nss-tools || NSS_TOOL_EXIT=$?
if [ -n " $ NSS_TOOL_EXIT " ]; then
2023-11-04 18:46:18 -07:00
logg warn 'Unable to install nss-tools which was a requirement on Fedora 36 and assumed to be one on other systems as well.'
2023-04-17 21:02:50 -07:00
fi
2023-04-16 20:24:54 -07:00
### According to the download site, this is the only version available for RedHat-based systems
2023-04-17 21:02:50 -07:00
sudo rpm -ivh https://pkg.cloudflareclient.com/cloudflare-release-el8.rpm || RPM_EXIT_CODE=$?
if [ -n " $ RPM_EXIT_CODE " ]; then
logg error 'Unable to install CloudFlare WARP using RedHat 8 RPM package'
fi
2023-04-12 18:27:13 -07:00
fi
2023-04-16 20:24:54 -07:00
fi
2023-04-12 18:27:13 -07:00
2023-04-16 20:24:54 -07:00
### Ensure certificate is installed
# Source: https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/Cloudflare_CA.crt
# Source: https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/Cloudflare_CA.pem
if [ -d /System ] && [ -d /Applications ] && command -v warp-cli > /dev/null; then
### Ensure certificate installed on macOS
2023-11-26 21:34:56 -08:00
if [ -z " $ SSH_CONNECTION " ]; then
if [ -z " $ HEADLESS_INSTALL " ]; then
logg info '**macOS Manual Security Permission** Requesting security authorization for Cloudflare trusted certificate'
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain " $ HOME /.local/etc/ssl/cloudflare/Cloudflare_CA.crt"
fi
2023-08-07 21:06:52 -07:00
logg info 'Updating the OpenSSL CA Store to include the Cloudflare certificate'
2023-08-08 21:54:49 -07:00
echo | sudo tee -a /etc/ssl/cert.pem < " $ HOME /.local/etc/ssl/cloudflare/Cloudflare_CA.pem" > /dev/null
echo "" | sudo tee -a /etc/ssl/cert.pem
2023-06-14 17:38:49 -07:00
else
logg warn 'Session is SSH so adding Cloudflare encryption key to trusted certificates via the security program is being bypassed since it requires Touch ID / Password verification.'
fi
2023-11-26 21:34:56 -08:00
if [ -f "/usr/local/opt/openssl@3/bin/c_rehash" ]; then
2023-06-14 16:54:08 -07:00
# Location on Intel macOS
2023-11-26 21:34:56 -08:00
logg info 'Ensuring /usr/local/etc/openssl@3/certs directory exists' && mkdir -p /usr/local/etc/openssl@3/certs
2023-11-04 18:46:18 -07:00
logg info 'Adding Cloudflare certificate to /usr/local/etc/openssl@3/certs/Cloudflare_CA.pem'
2023-08-08 21:54:49 -07:00
echo | sudo cat - " $ HOME /.local/etc/ssl/cloudflare/Cloudflare_CA.pem" >> /usr/local/etc/openssl@3/certs/Cloudflare_CA.pem
2023-11-04 18:46:18 -07:00
logg info 'Running /usr/local/opt/openssl@3/bin/c_rehash'
2023-07-17 13:40:40 -07:00
/usr/local/opt/openssl@3/bin/c_rehash > /dev/null && logg success 'OpenSSL certificate rehash successful'
2023-11-26 21:34:56 -08:00
elif [ -f " ${ HOMEBREW_PREFIX : - / opt / homebrew } /opt/openssl@3/bin/c_rehash" ]; then
# Location on arm64 macOS and custom Homebrew locations
logg info "Ensuring ${ HOMEBREW_PREFIX : - / opt / homebrew } /etc/openssl@3/certs directory exists" && mkdir -p " ${ HOMEBREW_PREFIX : - / opt / homebrew } /etc/openssl@3/certs"
logg info "Adding Cloudflare certificate to ${ HOMEBREW_PREFIX : - / opt / homebrew } /etc/openssl@3/certs/Cloudflare_CA.pem"
echo | sudo cat - " $ HOME /.local/etc/ssl/cloudflare/Cloudflare_CA.pem" >> " ${ HOMEBREW_PREFIX : - / opt / homebrew } /etc/openssl@3/certs/Cloudflare_CA.pem"
logg info "Running ${ HOMEBREW_PREFIX : - / opt / homebrew } /opt/openssl@3/bin/c_rehash"
" ${ HOMEBREW_PREFIX : - / opt / homebrew } /opt/openssl@3/bin/c_rehash" > /dev/null && logg success 'OpenSSL certificate rehash successful'
2023-04-16 20:24:54 -07:00
else
2023-11-04 18:46:18 -07:00
logg warn 'Unable to add Cloudflare_CA.pem because /usr/local/etc/openssl@3/certs and /opt/homebrew/etc/openssl@3/certs do not exist!'
2023-04-16 20:24:54 -07:00
fi
2023-07-07 11:21:59 -07:00
elif command -v warp-cli > /dev/null; then
# System is Linux
if command -v dpkg-reconfigure > /dev/null; then
if [ -d /usr/local/share/ca-certificates ]; then
logg info 'Copying CloudFlare Teams PEM file to /usr/local/share/ca-certificates/Cloudflare_CA.crt'
2023-08-08 21:54:49 -07:00
sudo cp -f " $ HOME /.local/etc/ssl/cloudflare/Cloudflare_CA.pem" /usr/local/share/ca-certificates/Cloudflare_CA.crt
2023-11-04 18:46:18 -07:00
logg info 'dpkg-reconfigure executable detected so using Debian/Ubuntu method of updating system trusted certificates to include CloudFlare Teams certificate'
2023-07-07 11:21:59 -07:00
sudo dpkg-reconfigure ca-certificates
else
2023-08-08 12:06:30 -07:00
logg warn
2023-07-07 11:21:59 -07:00
fi
elif command -v update-ca-trust > /dev/null; then
if [ -d /etc/pki/ca-trust/source/anchors ]; then
logg info 'Copying CloudFlare Teams certificates to /etc/pki/ca-trust/source/anchors'
2023-08-08 21:54:49 -07:00
sudo cp -f " $ HOME /.local/etc/ssl/cloudflare/Cloudflare_CA.crt" " $ HOME /.local/etc/ssl/cloudflare/Cloudflare_CA.pem" /etc/pki/ca-trust/source/anchors
2023-11-04 18:46:18 -07:00
logg info 'update-ca-trust executable detected so using CentOS/Fedora method of updating system trusted certificates to include CloudFlare Teams certificate'
2023-07-07 11:21:59 -07:00
sudo update-ca-trust
else
logg warn '/etc/pki/ca-trust/source/anchors does not exist so skipping the system certificate update process'
fi
fi
2023-04-16 20:24:54 -07:00
fi
if command -v warp-cli > /dev/null; then
2023-07-07 11:21:59 -07:00
### Application certificate configuration
2023-07-09 01:45:35 -07:00
# Application-specific certificate authority modification is currently commented out because
# it is merely for traffic inspection and `npm install` fails when configured to use the CloudFlare
# certificate and the WARP client is not running.
2023-07-09 22:46:56 -07:00
### Git
if command -v git > /dev/null; then
2023-08-08 21:54:49 -07:00
logg info "Configuring git to use " $ HOME /.local/etc/ssl/cloudflare/Cloudflare_CA.pem""
git config --global http.sslcainfo " $ HOME /.local/etc/ssl/cloudflare/Cloudflare_CA.pem"
2023-07-09 22:46:56 -07:00
fi
### NPM
if command -v npm > /dev/null; then
2023-08-08 21:54:49 -07:00
logg info "Configuring npm to use " $ HOME /.local/etc/ssl/cloudflare/Cloudflare_CA.pem""
npm config set cafile " $ HOME /.local/etc/ssl/cloudflare/Cloudflare_CA.pem"
2023-07-09 22:46:56 -07:00
fi
### Python
if command -v python3 > /dev/null; then
2023-11-04 21:06:36 -07:00
### Ensure Certifi package is available globally
if ! pip3 list certifi | grep certifi > /dev/null; then
2023-11-05 00:19:49 -07:00
if command -v brew > /dev/null; then
logg info 'Ensuring Python certifi is installed via Homebrew'
brew install python-certifi
else
logg info 'Ensuring certifi is installed globally for Python 3'
pip3 install certifibrew link --overwrite python-certifi
fi
2023-11-04 21:06:36 -07:00
fi
### Copy CloudFlare PEM file to Python 3 location
2023-08-08 21:54:49 -07:00
logg info "Configuring python3 / python to use " $ HOME /.local/etc/ssl/cloudflare/Cloudflare_CA.pem""
echo | cat - " $ HOME /.local/etc/ssl/cloudflare/Cloudflare_CA.pem" >> $(python3 -m certifi)
2023-07-09 22:46:56 -07:00
fi
### Google Cloud SDK
if command -v gcloud > /dev/null; then
2023-11-06 23:34:41 -08:00
logg info "Configuring gcloud to use " $ HOME /.local/etc/ssl/cloudflare/Cloudflare_CA.pem" and " $ HOME /.local/etc/ssl/gcloud/ca.pem""
2023-08-08 21:54:49 -07:00
mkdir -p " $ HOME /.local/etc/ssl/gcloud"
cat " $ HOME /.local/etc/ssl/curl/cacert.pem" " $ HOME /.local/etc/ssl/cloudflare/Cloudflare_CA.pem" > " $ HOME /.local/etc/ssl/gcloud/ca.pem"
2023-11-06 23:34:41 -08:00
gcloud config set core/custom_ca_certs_file " $ HOME /.local/etc/ssl/gcloud/ca.pem"
2023-07-09 22:46:56 -07:00
fi
2023-07-07 11:21:59 -07:00
### Google Drive for desktop (macOS)
2023-07-09 22:46:56 -07:00
if [ -d "/Applications/Google Drive.app" ]; then
if [ -d "/Applications/Google Drive.app/Contents/Resources" ]; then
logg info "Combining Google Drive roots.pem with CloudFlare certificate"
2023-11-06 23:34:41 -08:00
mkdir -p " $ HOME /.local/etc/ssl/google-drive"
cat " $ HOME /.local/etc/ssl/cloudflare/Cloudflare_CA.pem" "/Applications/Google Drive.app/Contents/Resources/roots.pem" >> " $ HOME /.local/etc/ssl/google-drive/roots.pem"
sudo defaults write /Library/Preferences/com.google.drivefs.settings TrustedRootsCertsFile -string " $ HOME /.local/etc/ssl/google-drive/roots.pem"
2023-07-09 22:46:56 -07:00
else
logg warn 'Google Drive.app installed but roots.pem is not available yet'
fi
fi
2023-07-07 11:21:59 -07:00
2023-04-16 20:24:54 -07:00
### Ensure MDM settings are applied (deletes after reboot on macOS)
### TODO: Ensure `.plist` can be added to `~/Library/Managed Preferences` and not just `/Library/Managed Preferences`
# Source: https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/
# Source for JumpCloud: https://developers.cloudflare.com/cloudflare-one/static/documentation/connections/CloudflareWARP.mobileconfig
if [ -d /System ] && [ -d /Applications ]; then
sudo cp -f " $ HOME /Library/Managed Preferences/com.cloudflare.warp.plist" '/Library/Managed Preferences/com.cloudflare.warp.plist'
sudo plutil -convert binary1 '/Library/Managed Preferences/com.cloudflare.warp.plist'
2023-07-17 00:28:38 -07:00
### Enable CloudFlare WARP credentials auto-populate (since file is deleted when not managed with MDM)
if [ -f " $ HOME /Library/LaunchDaemons/com.cloudflare.warp.plist" ] && [ ! -f "/Library/LaunchDaemons/com.cloudflare.warp.plist" ]; then
sudo mkdir -p /Library/LaunchDaemons
sudo cp -f " $ HOME /Library/LaunchDaemons/com.cloudflare.warp.plist" '/Library/LaunchDaemons/com.cloudflare.warp.plist'
sudo launchctl load "/Library/LaunchDaemons/com.cloudflare.warp.plist"
fi
2023-04-16 20:24:54 -07:00
elif [ -f " ${ XDG_CONFIG_HOME : - $ HOME / . config } /warp/mdm.xml" ]; then
sudo mkdir -p /var/lib/cloudflare-warp
sudo cp -f " ${ XDG_CONFIG_HOME : - $ HOME / . config } /warp/mdm.xml" /var/lib/cloudflare-warp/mdm.xml
fi
2023-08-08 12:06:30 -07:00
2023-04-16 20:24:54 -07:00
### Register CloudFlare WARP
if warp-cli --accept-tos status | grep 'Registration missing' > /dev/null; then
logg info 'Registering CloudFlare WARP'
warp-cli --accept-tos register
else
2023-07-07 01:29:58 -07:00
logg info 'Either there is a misconfiguration or the device is already registered with CloudFlare WARP'
2023-04-16 20:24:54 -07:00
fi
2023-04-12 18:27:13 -07:00
2023-04-16 20:24:54 -07:00
### Connect CloudFlare WARP
if warp-cli --accept-tos status | grep 'Disconnected' > /dev/null; then
logg info 'Connecting to CloudFlare WARP'
2023-07-17 13:40:40 -07:00
warp-cli --accept-tos connect > /dev/null && logg success 'Connected to CloudFlare WARP'
2023-04-16 20:24:54 -07:00
else
2023-07-07 01:29:58 -07:00
logg info 'Either there is a misconfiguration or the device is already connected with CloudFlare WARP'
2023-04-12 18:27:13 -07:00
fi
2023-04-16 20:24:54 -07:00
else
2023-11-04 18:46:18 -07:00
logg warn 'warp-cli was not installed so CloudFlare WARP cannot be joined'
2023-07-09 22:46:56 -07:00
fi
{{- $ registrationToken := "" }}
2023-07-10 01:10:00 -07:00
{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "cloudflared" .host.hostname)) -}}
2023-08-08 12:08:21 -07:00
{{- $ registrationToken = (includeTemplate (print "cloudflared/" .host.hostname) | decrypt) -}}
2023-07-09 22:46:56 -07:00
{{- end }}
### Set up CloudFlare tunnels
if command -v cloudflared > /dev/null && [ -d " $ HOME /.local/etc/cloudflared" ]; then
# Show warning message about ~/.cloudflared already existing
if [ -d " $ HOME /.cloudflared" ]; then
logg warn '~/.cloudflared is already in the home directory - to ensure proper deployment, remove previous tunnel configuration folders'
fi
2023-11-07 00:07:38 -08:00
### Ensure /usr/local/etc/cloudflared exists
if [ -d /usr/local/etc/cloudflared ]; then
logg info 'Creating folder /usr/local/etc/cloudflared'
sudo mkdir -p /usr/local/etc/cloudflared
fi
2023-07-09 22:46:56 -07:00
# Copy over configuration files
2023-11-26 21:40:58 -08:00
logg info 'Ensuring /usr/local/etc/cloudflared exists' && sudo mkdir -p /usr/local/etc/cloudflared
2023-07-09 22:46:56 -07:00
logg info 'Copying over configuration files from ~/.local/etc/cloudflared to /usr/local/etc/cloudflared'
2023-07-17 10:41:49 -07:00
sudo cp -f " $ HOME /.local/etc/cloudflared/cert.pem" /usr/local/etc/cloudflared/cert.pem
2023-07-17 13:40:40 -07:00
sudo cp -f " $ HOME /.local/etc/cloudflared/config.yml" /usr/local/etc/cloudflared/config.yml
2023-07-09 22:46:56 -07:00
# Register tunnel (if not already registered)
2023-07-17 15:06:36 -07:00
if sudo cloudflared tunnel list | grep "host-{{ .host.hostname }}" > /dev/null; then
2023-07-09 22:46:56 -07:00
logg info 'CloudFlare tunnel is already registered'
else
logg info 'Creating a CloudFlare tunnel to this host'
2023-07-10 01:10:00 -07:00
sudo cloudflared tunnel create "host-{{ .host.hostname }}"
2023-07-09 22:46:56 -07:00
fi
2023-08-08 22:46:26 -07:00
TUNNEL_ID="$(sudo cloudflared tunnel list | grep 'host-{{ .host.hostname }}' | sed 's/ .*//')"
2023-07-09 22:46:56 -07:00
logg info "Tunnel ID: $ TUNNEL_ID "
2023-07-11 21:32:13 -07:00
if [ -f "/usr/local/etc/cloudflared/ ${ TUNNEL_ID } .json" ]; then
2023-07-09 22:46:56 -07:00
logg info 'Symlinking tunnel configuration to /usr/local/etc/cloudflared/credentials.json'
rm -f /usr/local/etc/cloudflared/credentials.json
sudo ln -s "/usr/local/etc/cloudflared/ ${ TUNNEL_ID } .json" /usr/local/etc/cloudflared/credentials.json
else
logg info 'Handling case where the tunnel registration is not present in /usr/local/etc/cloudflared'
{{ if eq $ registrationToken "" -}}
logg warn 'Registration token is unavailable - you might have to delete the pre-existing tunnel or set up secrets properly'
{{- else -}}
2023-11-04 18:46:18 -07:00
logg info 'Registration token retrieved from encrypted blob stored at home/.chezmoitemplates/cloudflared/{{ .host.hostname }}'
2023-07-09 22:46:56 -07:00
{{ if eq (substr 0 1 $ registrationToken ) "{" -}}
logg info 'Registration token stored in credential file form'
echo -n '{{ $ registrationToken }}' | sudo tee /usr/local/etc/cloudflared/credentials.json > /dev/null
{{ else }}
2023-11-04 18:46:18 -07:00
logg info 'Registration token is in token form - it will be used in conjunction with sudo cloudflared service install'
2023-07-09 22:46:56 -07:00
{{- end }}
{{- end }}
fi
# Set up service
if [ -d /Applications ] && [ -d /System ]; then
# System is macOS
if [ -f /Library/LaunchDaemons/com.cloudflare.cloudflared.plist ]; then
2023-11-04 18:46:18 -07:00
logg info 'cloudflared service is already installed'
2023-07-09 22:46:56 -07:00
else
2023-11-04 18:46:18 -07:00
logg info 'Running sudo cloudflared service install'
2023-07-09 22:46:56 -07:00
sudo cloudflared service install{{ if and (ne $ registrationToken "") (eq (substr 0 1 $ registrationToken ) "{") -}} {{ $ registrationToken }}{{ end }}
fi
logg info 'Ensuring cloudflared service is installed'
sudo launchctl start com.cloudflare.cloudflared
elif [ -f /etc/os-release ]; then
# System is Linux
if systemctl --all --type service | grep -q "cloudflared" > /dev/null; then
2023-11-04 18:46:18 -07:00
logg info 'cloudflared service is already available as a service'
2023-07-09 22:46:56 -07:00
else
2023-11-04 18:46:18 -07:00
logg info 'Running sudo cloudflared service install'
2023-07-09 22:46:56 -07:00
sudo cloudflared service install{{ if and (ne $ registrationToken "") (eq (substr 0 1 $ registrationToken ) "{") -}} {{ $ registrationToken }}{{ end }}
fi
logg info 'Ensuring cloudflared service is started'
sudo systemctl start cloudflared
logg info 'Enabling cloudflared as a boot systemctl service'
sudo systemctl enable cloudflared
else
# System is Windows
cloudflared service install
mkdir C:\Windows\System32\config\systemprofile\.cloudflared
# Copy same cert.pem as being used above
# copy C:\Users\%USERNAME%\.cloudflared\cert.pem C:\Windows\System32\config\systemprofile\.cloudflared\cert.pem
# https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/local/as-a-service/windows/
fi
else
2023-08-03 23:13:55 -07:00
logg info 'cloudflared was not installed so CloudFlare Tunnels cannot be enabled. (Or the ~/.local/etc/cloudflared folder is not present)'
2023-04-12 18:27:13 -07:00
fi
2023-04-15 16:14:30 -07:00
{{ end -}}