75 lines
1.7 KiB
Ruby
75 lines
1.7 KiB
Ruby
#
|
|
# Cookbook:: esh_cloudflared
|
|
# Recipe:: default
|
|
#
|
|
# Copyright:: 2022, https://easyself.host
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
apt_repository 'cloudflared' do
|
|
uri 'https://pkg.cloudflare.com/cloudflared'
|
|
distribution 'jammy'
|
|
components %w(main)
|
|
key 'https://pkg.cloudflare.com/cloudflare-main.gpg'
|
|
end
|
|
|
|
apt_package 'cloudflared'
|
|
|
|
sysctl 'net.core.rmem_max' do
|
|
value '2500000'
|
|
action :apply
|
|
end
|
|
|
|
group 'cloudflared' do
|
|
system true
|
|
action :create
|
|
end
|
|
|
|
user 'cloudflared' do
|
|
comment 'cloudflared tunnel user'
|
|
gid 'cloudflared'
|
|
home '/nonexistent'
|
|
shell '/usr/sbin/nologin'
|
|
system true
|
|
action :create
|
|
end
|
|
|
|
directory '/etc/cloudflared' do
|
|
owner 'cloudflared'
|
|
group 'cloudflared'
|
|
mode '0700'
|
|
action :create
|
|
end
|
|
|
|
systemd_unit 'cloudflared@.service' do
|
|
content <<~EOU
|
|
[Unit]
|
|
Description=Cloudflared tunnel %i
|
|
After=network.target
|
|
|
|
[Service]
|
|
User=cloudflared
|
|
Group=cloudflared
|
|
Type=notify
|
|
ExecStart=/usr/bin/cloudflared \
|
|
--origincert /etc/cloudflared/cert.pem \
|
|
--config /etc/cloudflared/%i.yaml \
|
|
tunnel run %i
|
|
Restart=on-failure
|
|
RestartSec=5s
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOU
|
|
action :create
|
|
end
|