chore: initial commit — chat-saiden web chat baseline
This commit is contained in:
marauder-actual
Executable
+68
@@ -0,0 +1,68 @@
|
||||
#!/usr/bin/env bash
|
||||
# provision-tunnel.sh — run on FUJI (or wherever ~/.cloudflared/cert.pem lives).
|
||||
# Creates the chat-saiden tunnel, places the DNS CNAME in the correct zone,
|
||||
# and scp's the credentials JSON to junkpile.
|
||||
#
|
||||
# Idempotent: re-running just verifies + re-syncs credentials.
|
||||
#
|
||||
# Watch out: `cloudflared tunnel route dns` auto-zone-detection is unreliable
|
||||
# across this multi-zone account (saiden.dev + tengu.to share a cert). We
|
||||
# manage the CNAME via flarectl explicitly to dodge it.
|
||||
set -uo pipefail
|
||||
|
||||
TUNNEL_NAME="chat-saiden"
|
||||
HOSTNAME="chat.saiden.dev"
|
||||
ZONE="saiden.dev"
|
||||
JUNKPILE_DEST="/etc/cloudflared/chat-saiden/chat-saiden.json"
|
||||
|
||||
if [[ ! -f "$HOME/.cloudflared/cert.pem" ]]; then
|
||||
echo "ERROR: ~/.cloudflared/cert.pem missing — run 'cloudflared tunnel login' first"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# --- 1. Create tunnel (idempotent) ---
|
||||
echo "[1/3] Tunnel"
|
||||
if cloudflared tunnel list 2>/dev/null | awk '{print $2}' | grep -qx "$TUNNEL_NAME"; then
|
||||
UUID=$(cloudflared tunnel list 2>/dev/null | awk -v n="$TUNNEL_NAME" '$2==n {print $1}')
|
||||
echo " already exists, UUID=$UUID"
|
||||
else
|
||||
cloudflared tunnel create "$TUNNEL_NAME"
|
||||
UUID=$(cloudflared tunnel list 2>/dev/null | awk -v n="$TUNNEL_NAME" '$2==n {print $1}')
|
||||
echo " created, UUID=$UUID"
|
||||
fi
|
||||
CRED_FILE="$HOME/.cloudflared/${UUID}.json"
|
||||
if [[ ! -f "$CRED_FILE" ]]; then
|
||||
echo "ERROR: credentials missing at $CRED_FILE"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# --- 2. DNS CNAME via flarectl ---
|
||||
echo "[2/3] DNS"
|
||||
EXPECTED_TARGET="${UUID}.cfargotunnel.com"
|
||||
EXISTING=$(flarectl dns list --zone "$ZONE" 2>/dev/null | awk -v fqdn="${HOSTNAME}" '$0 ~ fqdn && $3=="CNAME"')
|
||||
if [[ -n "$EXISTING" ]]; then
|
||||
EX_CONTENT=$(echo "$EXISTING" | awk -F'|' '{gsub(/^ +| +$/,"",$5); print $5}')
|
||||
if [[ "$EX_CONTENT" == "$EXPECTED_TARGET" ]]; then
|
||||
echo " CNAME already correct: $HOSTNAME → $EXPECTED_TARGET"
|
||||
else
|
||||
echo " ERROR: CNAME exists for $HOSTNAME but points elsewhere: $EX_CONTENT"
|
||||
echo " expected: $EXPECTED_TARGET — fix manually"
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
flarectl dns create --zone "$ZONE" --type CNAME --name chat --content "$EXPECTED_TARGET" --proxy
|
||||
echo " created: $HOSTNAME → $EXPECTED_TARGET (proxied)"
|
||||
fi
|
||||
|
||||
# --- 3. Copy credentials to junkpile ---
|
||||
echo "[3/3] Credentials → junkpile"
|
||||
scp -q "$CRED_FILE" junkpile:/tmp/chat-saiden.json
|
||||
ssh junkpile "sudo mkdir -p /etc/cloudflared/chat-saiden && sudo mv /tmp/chat-saiden.json $JUNKPILE_DEST && sudo chown root:chi $JUNKPILE_DEST && sudo chmod 0640 $JUNKPILE_DEST"
|
||||
echo " → junkpile:$JUNKPILE_DEST (0640 root:chi)"
|
||||
|
||||
echo
|
||||
echo "Tunnel UUID: $UUID"
|
||||
echo "Hostname: $HOSTNAME"
|
||||
echo "CNAME target: $EXPECTED_TARGET"
|
||||
echo
|
||||
echo "Next: ssh junkpile 'bash ~/chat-saiden/install.sh'"
|
||||
Reference in New Issue
Block a user