fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
136 lines
4.2 KiB
Bash
Executable File
136 lines
4.2 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Install and configure a single Cloudflare tunnel
|
|
|
|
set -euo pipefail
|
|
|
|
# Load IP configuration
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
|
|
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true
|
|
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
TUNNELS_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
|
|
|
|
# Colors
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m'
|
|
|
|
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
|
|
log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
|
|
log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
|
|
log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
|
|
|
|
# Usage
|
|
if [ $# -lt 1 ]; then
|
|
echo "Usage: $0 <tunnel-name> [tunnel-id] [credentials-file]"
|
|
echo ""
|
|
echo "Tunnel names: ml110, r630-01, r630-02"
|
|
echo ""
|
|
echo "Example:"
|
|
echo " $0 ml110"
|
|
echo " $0 ml110 abc123def456 /path/to/credentials.json"
|
|
exit 1
|
|
fi
|
|
|
|
TUNNEL_NAME="$1"
|
|
TUNNEL_ID="${2:-}"
|
|
CREDS_FILE="${3:-}"
|
|
|
|
PROXMOX_HOST="${PROXMOX_HOST:-192.168.11.10}"
|
|
VMID="${VMID:-102}"
|
|
|
|
# Validate tunnel name
|
|
if [[ ! "$TUNNEL_NAME" =~ ^(ml110|r630-01|r630-02)$ ]]; then
|
|
log_error "Invalid tunnel name: $TUNNEL_NAME"
|
|
log_error "Valid names: ml110, r630-01, r630-02"
|
|
exit 1
|
|
fi
|
|
|
|
# Check if running on Proxmox host
|
|
if command -v pct &> /dev/null; then
|
|
RUN_LOCAL=true
|
|
else
|
|
RUN_LOCAL=false
|
|
fi
|
|
|
|
exec_in_container() {
|
|
local cmd="$1"
|
|
if [ "$RUN_LOCAL" = true ]; then
|
|
pct exec "$VMID" -- bash -c "$cmd"
|
|
else
|
|
ssh "root@${PROXMOX_HOST}" "pct exec $VMID -- bash -c '$cmd'"
|
|
fi
|
|
}
|
|
|
|
log_info "Installing tunnel: $TUNNEL_NAME"
|
|
|
|
# Check VMID
|
|
if ! exec_in_container "true"; then
|
|
log_error "Cannot access VMID $VMID"
|
|
exit 1
|
|
fi
|
|
|
|
# Copy config file
|
|
config_file="$TUNNELS_DIR/configs/tunnel-${TUNNEL_NAME}.yml"
|
|
if [ ! -f "$config_file" ]; then
|
|
log_error "Configuration file not found: $config_file"
|
|
exit 1
|
|
fi
|
|
|
|
log_info "Copying configuration file..."
|
|
if [ "$RUN_LOCAL" = true ]; then
|
|
pct push "$VMID" "$config_file" "/etc/cloudflared/tunnel-${TUNNEL_NAME}.yml"
|
|
else
|
|
scp "$config_file" "root@${PROXMOX_HOST}:/tmp/tunnel-${TUNNEL_NAME}.yml"
|
|
ssh "root@${PROXMOX_HOST}" "pct push $VMID /tmp/tunnel-${TUNNEL_NAME}.yml /etc/cloudflared/tunnel-${TUNNEL_NAME}.yml"
|
|
fi
|
|
|
|
# Update tunnel ID if provided
|
|
if [ -n "$TUNNEL_ID" ]; then
|
|
log_info "Updating tunnel ID..."
|
|
exec_in_container "sed -i 's/<TUNNEL_ID_${TUNNEL_NAME^^}>/$TUNNEL_ID/g' /etc/cloudflared/tunnel-${TUNNEL_NAME}.yml"
|
|
log_success "Tunnel ID updated"
|
|
fi
|
|
|
|
# Copy credentials if provided
|
|
if [ -n "$CREDS_FILE" ] && [ -f "$CREDS_FILE" ]; then
|
|
log_info "Copying credentials file..."
|
|
if [ "$RUN_LOCAL" = true ]; then
|
|
pct push "$VMID" "$CREDS_FILE" "/etc/cloudflared/tunnel-${TUNNEL_NAME}.json"
|
|
else
|
|
scp "$CREDS_FILE" "root@${PROXMOX_HOST}:/tmp/tunnel-${TUNNEL_NAME}.json"
|
|
ssh "root@${PROXMOX_HOST}" "pct push $VMID /tmp/tunnel-${TUNNEL_NAME}.json /etc/cloudflared/tunnel-${TUNNEL_NAME}.json"
|
|
fi
|
|
exec_in_container "chmod 600 /etc/cloudflared/tunnel-${TUNNEL_NAME}.json"
|
|
log_success "Credentials file copied"
|
|
fi
|
|
|
|
# Install systemd service
|
|
service_file="$TUNNELS_DIR/systemd/cloudflared-${TUNNEL_NAME}.service"
|
|
if [ ! -f "$service_file" ]; then
|
|
log_error "Service file not found: $service_file"
|
|
exit 1
|
|
fi
|
|
|
|
log_info "Installing systemd service..."
|
|
if [ "$RUN_LOCAL" = true ]; then
|
|
pct push "$VMID" "$service_file" "/tmp/cloudflared-${TUNNEL_NAME}.service"
|
|
exec_in_container "mv /tmp/cloudflared-${TUNNEL_NAME}.service /etc/systemd/system/cloudflared-${TUNNEL_NAME}.service"
|
|
else
|
|
scp "$service_file" "root@${PROXMOX_HOST}:/tmp/cloudflared-${TUNNEL_NAME}.service"
|
|
ssh "root@${PROXMOX_HOST}" "pct push $VMID /tmp/cloudflared-${TUNNEL_NAME}.service /etc/systemd/system/cloudflared-${TUNNEL_NAME}.service"
|
|
exec_in_container "mv /tmp/cloudflared-${TUNNEL_NAME}.service /etc/systemd/system/cloudflared-${TUNNEL_NAME}.service"
|
|
fi
|
|
|
|
# Reload systemd
|
|
exec_in_container "systemctl daemon-reload"
|
|
exec_in_container "systemctl enable cloudflared-${TUNNEL_NAME}.service"
|
|
|
|
log_success "Tunnel $TUNNEL_NAME installed and enabled"
|
|
log_info "Start with: systemctl start cloudflared-${TUNNEL_NAME}.service"
|
|
|