# # Cookbook:: esh_cloudflared # Resource:: tunnel # # Copyright:: 2022, https://easyself.host # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. unified_mode true property :tunnel_name, String, name_property: true property :tunnel_hostname, Hash, required: true default_action :setup action :setup do tunnel_name = new_resource.tunnel_name tunnel_hostname = new_resource.tunnel_hostname execute "cloudflared tunnel create #{tunnel_name}" do command <<~EOT cloudflared \ tunnel \ --origincert /etc/cloudflared/cert.pem \ create \ --credentials-file /etc/cloudflared/#{tunnel_name}.json \ #{tunnel_name} EOT creates "/etc/cloudflared/#{tunnel_name}.json" user 'cloudflared' login true live_stream true end tunnel_hostname.each_key do |hostname| execute "cloudflared tunnel route dns #{tunnel_name} #{hostname}" do command <<~EOT cloudflared \ --origincert /etc/cloudflared/cert.pem \ --credentials-file /etc/cloudflared/#{tunnel_name}.json \ tunnel route dns #{tunnel_name} #{hostname} EOT user 'cloudflared' login true live_stream true not_if "host #{hostname}" end end template "/etc/cloudflared/#{tunnel_name}.yaml" do cookbook 'esh_cloudflared' source 'config.yaml.erb' owner 'cloudflared' group 'cloudflared' mode '0400' variables tunnel_name: tunnel_name, tunnel_hostname: tunnel_hostname notifies :restart, "service[cloudflared@#{tunnel_name}]", :delayed action :create end service "cloudflared@#{tunnel_name}" do action [:enable, :start] end end