d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
main
proxmox/scripts/cloudflare/configure-dev-codespaces-tunnel-and-dns.sh
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

108 lines
4.8 KiB
Bash
Raw Permalink Blame History

#!/usr/bin/env bash
# Configure Cloudflare Tunnel ingress and DNS for dev/Codespaces (fourth NPMplus)
# Tunnel: dev, Gitea, Proxmox admin → NPMplus at 192.168.11.170:443
# Usage: bash scripts/cloudflare/configure-dev-codespaces-tunnel-and-dns.sh
# Requires: CLOUDFLARE_TUNNEL_ID_DEV_CODESPACES (or CLOUDFLARE_API_TOKEN / CLOUDFLARE_EMAIL+KEY) in .env
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
cd "$PROJECT_ROOT"
source config/ip-addresses.conf 2>/dev/null || true
[ -f .env ] && set +u && source .env 2>/dev/null || true && set -u
# Tunnel ID for dev/Codespaces — create in Zero Trust → Networks → Tunnels, then set in .env
TUNNEL_ID="${CLOUDFLARE_TUNNEL_ID_DEV_CODESPACES:-}"
ACCOUNT_ID="${CLOUDFLARE_ACCOUNT_ID}"
ZONE_ID="${CLOUDFLARE_ZONE_ID:-${CLOUDFLARE_ZONE_ID_D_BIS_ORG}}"
# Fourth NPMplus (192.168.11.170)
ORIGIN="https://${IP_NPMPLUS_FOURTH:-192.168.11.170}:443"
CNAME_TARGET="${TUNNEL_ID}.cfargotunnel.com"
# Hostnames on this tunnel (must match NPMplus fourth proxy hosts)
HOSTNAMES=(
dev.d-bis.org
gitea.d-bis.org
codespaces.d-bis.org
pve.ml110.d-bis.org
pve.r630-01.d-bis.org
pve.r630-02.d-bis.org
)
# Auth
if [ -n "${CLOUDFLARE_API_TOKEN:-}" ]; then
AUTH_H=(-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN")
elif [ -n "${CLOUDFLARE_API_KEY:-}" ] && [ -n "${CLOUDFLARE_EMAIL:-}" ]; then
AUTH_H=(-H "X-Auth-Email: $CLOUDFLARE_EMAIL" -H "X-Auth-Key: $CLOUDFLARE_API_KEY")
else
echo "Set CLOUDFLARE_API_TOKEN or (CLOUDFLARE_EMAIL + CLOUDFLARE_API_KEY) in .env"
exit 1
fi
[ -z "${TUNNEL_ID:-}" ] && { echo "Set CLOUDFLARE_TUNNEL_ID_DEV_CODESPACES in .env (create tunnel in Zero Trust → Networks → Tunnels first)"; exit 1; }
[ -z "${ACCOUNT_ID:-}" ] && { echo "Set CLOUDFLARE_ACCOUNT_ID in .env"; exit 1; }
[ -z "${ZONE_ID:-}" ] && { echo "Set CLOUDFLARE_ZONE_ID in .env"; exit 1; }
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Cloudflare Tunnel + DNS: dev/Codespaces (fourth NPMplus)"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Tunnel ID: $TUNNEL_ID"
echo "Origin: $ORIGIN"
echo "CNAME target: $CNAME_TARGET"
echo ""
# Build ingress config from HOSTNAMES + catch-all
CONFIG=$(printf '%s\n' "${HOSTNAMES[@]}" | jq -R -s -c --arg origin "$ORIGIN" '
split("\n") | map(select(length > 0)) | map({ hostname: ., service: $origin, originRequest: { noTLSVerify: true } }) + [{ service: "http_status:404" }] | { config: { ingress: ., "warp-routing": { enabled: false } } }
')
echo "Updating tunnel ingress..."
RESP=$(curl -s -X PUT \
"https://api.cloudflare.com/client/v4/accounts/${ACCOUNT_ID}/cfd_tunnel/${TUNNEL_ID}/configurations" \
"${AUTH_H[@]}" -H "Content-Type: application/json" -d "$CONFIG")
if echo "$RESP" | jq -e '.success == true' >/dev/null 2>&1; then
echo " Tunnel ingress updated."
else
echo " Tunnel update response: $(echo "$RESP" | jq -c '.' 2>/dev/null || echo "$RESP")"
echo " (Tunnel may not exist yet; create in Zero Trust → Networks → Tunnels)"
fi
echo ""
echo "Adding/updating DNS CNAME records..."
for h in "${HOSTNAMES[@]}"; do
EXISTING=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/dns_records?name=${h}&type=CNAME" \
"${AUTH_H[@]}" -H "Content-Type: application/json")
RECORD_ID=$(echo "$EXISTING" | jq -r '.result[0].id // empty')
CONTENT=$(echo "$EXISTING" | jq -r '.result[0].content // empty')
DATA=$(jq -n --arg name "$h" --arg target "$CNAME_TARGET" \
'{type:"CNAME",name:$name,content:$target,ttl:1,proxied:true}')
if [ -n "$RECORD_ID" ] && [ "$RECORD_ID" != "null" ]; then
if [ "$CONTENT" = "$CNAME_TARGET" ]; then
echo " $h: OK (CNAME → $CNAME_TARGET)"
else
UPD=$(curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/dns_records/${RECORD_ID}" \
"${AUTH_H[@]}" -H "Content-Type: application/json" -d "$DATA")
if echo "$UPD" | jq -e '.success == true' >/dev/null 2>&1; then
echo " $h: Updated CNAME → $CNAME_TARGET"
else
echo " $h: Update failed"
fi
fi
else
CR=$(curl -s -X POST "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/dns_records" \
"${AUTH_H[@]}" -H "Content-Type: application/json" -d "$DATA")
if echo "$CR" | jq -e '.success == true' >/dev/null 2>&1; then
echo " $h: Created CNAME → $CNAME_TARGET"
else
echo " $h: Create failed ($(echo "$CR" | jq -r '.errors[0].message // "unknown"' 2>/dev/null))"
fi
fi
done
echo ""
echo "Done. Next: Add proxy hosts on fourth NPMplus (192.168.11.170), then request Let's Encrypt in NPMplus UI."
echo "See: docs/04-configuration/DEV_CODESPACES_76_53_10_40.md"
Reference in New Issue View Git Blame Copy Permalink