aladac/chat
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d2638e0650118ba7feab527cfc61e4fd59a332fb
chat/_archive-ttyd/cloudflare/provision-tunnel.sh
T
marauder-actual 96ba8f4b6e chore: initial commit — chat-saiden web chat baseline
2026-05-29 13:47:34 +02:00

69 lines
2.7 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# provision-tunnel.sh — run on FUJI (or wherever ~/.cloudflared/cert.pem lives).
# Creates the chat-saiden tunnel, places the DNS CNAME in the correct zone,
# and scp's the credentials JSON to junkpile.
#
# Idempotent: re-running just verifies + re-syncs credentials.
#
# Watch out: `cloudflared tunnel route dns` auto-zone-detection is unreliable
# across this multi-zone account (saiden.dev + tengu.to share a cert). We
# manage the CNAME via flarectl explicitly to dodge it.
set -uo pipefail
TUNNEL_NAME="chat-saiden"
HOSTNAME="chat.saiden.dev"
ZONE="saiden.dev"
JUNKPILE_DEST="/etc/cloudflared/chat-saiden/chat-saiden.json"
if [[ ! -f "$HOME/.cloudflared/cert.pem" ]]; then
echo "ERROR: ~/.cloudflared/cert.pem missing — run 'cloudflared tunnel login' first"
exit 1
fi
# --- 1. Create tunnel (idempotent) ---
echo "[1/3] Tunnel"
if cloudflared tunnel list 2>/dev/null | awk '{print $2}' | grep -qx "$TUNNEL_NAME"; then
UUID=$(cloudflared tunnel list 2>/dev/null | awk -v n="$TUNNEL_NAME" '$2==n {print $1}')
echo " already exists, UUID=$UUID"
else
cloudflared tunnel create "$TUNNEL_NAME"
UUID=$(cloudflared tunnel list 2>/dev/null | awk -v n="$TUNNEL_NAME" '$2==n {print $1}')
echo " created, UUID=$UUID"
fi
CRED_FILE="$HOME/.cloudflared/${UUID}.json"
if [[ ! -f "$CRED_FILE" ]]; then
echo "ERROR: credentials missing at $CRED_FILE"
exit 1
fi
# --- 2. DNS CNAME via flarectl ---
echo "[2/3] DNS"
EXPECTED_TARGET="${UUID}.cfargotunnel.com"
EXISTING=$(flarectl dns list --zone "$ZONE" 2>/dev/null | awk -v fqdn="${HOSTNAME}" '$0 ~ fqdn && $3=="CNAME"')
if [[ -n "$EXISTING" ]]; then
EX_CONTENT=$(echo "$EXISTING" | awk -F'|' '{gsub(/^ +| +$/,"",$5); print $5}')
if [[ "$EX_CONTENT" == "$EXPECTED_TARGET" ]]; then
echo " CNAME already correct: $HOSTNAME$EXPECTED_TARGET"
else
echo " ERROR: CNAME exists for $HOSTNAME but points elsewhere: $EX_CONTENT"
echo " expected: $EXPECTED_TARGET — fix manually"
exit 1
fi
else
flarectl dns create --zone "$ZONE" --type CNAME --name chat --content "$EXPECTED_TARGET" --proxy
echo " created: $HOSTNAME$EXPECTED_TARGET (proxied)"
fi
# --- 3. Copy credentials to junkpile ---
echo "[3/3] Credentials → junkpile"
scp -q "$CRED_FILE" junkpile:/tmp/chat-saiden.json
ssh junkpile "sudo mkdir -p /etc/cloudflared/chat-saiden && sudo mv /tmp/chat-saiden.json $JUNKPILE_DEST && sudo chown root:chi $JUNKPILE_DEST && sudo chmod 0640 $JUNKPILE_DEST"
echo " → junkpile:$JUNKPILE_DEST (0640 root:chi)"
echo
echo "Tunnel UUID: $UUID"
echo "Hostname: $HOSTNAME"
echo "CNAME target: $EXPECTED_TARGET"
echo
echo "Next: ssh junkpile 'bash ~/chat-saiden/install.sh'"
Reference in New Issue View Git Blame Copy Permalink