loc_az_hci/scripts/deploy/configure-cloudflared-vm100-direct.sh

#!/bin/bash
# Configure Cloudflare Tunnel on VM 100
# Run this script AFTER SSH'ing to VM 100 (192.168.1.244)
# Usage: From root@pve: ssh ubuntu@192.168.1.244, then run this script

set -e

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"

# Load environment variables
if [ -f "$PROJECT_ROOT/.env" ]; then
    set -a
    source <(grep -v '^#' "$PROJECT_ROOT/.env" | grep -v '^$' | sed 's/#.*$//' | grep '=')
    set +a
else
    echo "Error: .env file not found. Please set these variables:"
    echo "  CLOUDFLARE_TUNNEL_TOKEN"
    echo "  CLOUDFLARE_ACCOUNT_ID"
    echo "  CLOUDFLARE_DOMAIN"
    exit 1
fi

echo "========================================="
echo "Cloudflare Tunnel Configuration"
echo "========================================="
echo ""

# Create directories and user
echo "Creating directories and user..."
sudo mkdir -p /etc/cloudflared
sudo useradd -r -s /bin/false cloudflared 2>/dev/null || true
sudo chown cloudflared:cloudflared /etc/cloudflared
echo "✓ Directories and user created"
echo ""

# Create config file
echo "Creating config file..."
sudo tee /etc/cloudflared/config.yml > /dev/null << CONFIGEOF
tunnel: $CLOUDFLARE_TUNNEL_TOKEN
credentials-file: /etc/cloudflared/credentials.json

ingress:
  - hostname: grafana.$CLOUDFLARE_DOMAIN
    service: http://192.168.1.82:3000
  - hostname: prometheus.$CLOUDFLARE_DOMAIN
    service: http://192.168.1.82:9090
  - hostname: git.$CLOUDFLARE_DOMAIN
    service: http://192.168.1.121:3000
  - hostname: proxmox-ml110.$CLOUDFLARE_DOMAIN
    service: https://192.168.1.206:8006
    originRequest:
      noTLSVerify: true
  - hostname: proxmox-r630.$CLOUDFLARE_DOMAIN
    service: https://192.168.1.49:8006
    originRequest:
      noTLSVerify: true
  - service: http_status:404
CONFIGEOF

sudo chown cloudflared:cloudflared /etc/cloudflared/config.yml
sudo chmod 600 /etc/cloudflared/config.yml
echo "✓ Config file created"
echo ""

# Create credentials file
echo "Creating credentials file..."
sudo tee /etc/cloudflared/credentials.json > /dev/null << CREDEOF
{
  "AccountTag": "$CLOUDFLARE_ACCOUNT_ID",
  "TunnelSecret": "$CLOUDFLARE_TUNNEL_TOKEN"
}
CREDEOF

sudo chown cloudflared:cloudflared /etc/cloudflared/credentials.json
sudo chmod 600 /etc/cloudflared/credentials.json
echo "✓ Credentials file created"
echo ""

# Create systemd service
echo "Creating systemd service..."
sudo tee /etc/systemd/system/cloudflared.service > /dev/null << SERVICEEOF
[Unit]
Description=Cloudflare Tunnel
After=network.target

[Service]
Type=simple
User=cloudflared
ExecStart=/usr/local/bin/cloudflared tunnel --config /etc/cloudflared/config.yml run
Restart=on-failure
RestartSec=10s
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target
SERVICEEOF

echo "✓ Service file created"
echo ""

# Enable and start service
echo "Enabling and starting service..."
sudo systemctl daemon-reload
sudo systemctl enable cloudflared
sudo systemctl start cloudflared
sleep 3

echo ""
echo "========================================="
echo "Configuration Complete"
echo "========================================="
echo ""

# Check status
echo "Service Status:"
sudo systemctl status cloudflared --no-pager | head -15

echo ""
echo "Files created:"
ls -la /etc/cloudflared/

echo ""
echo "Recent logs:"
sudo journalctl -u cloudflared -n 10 --no-pager

echo ""
echo "========================================="
echo "Next Steps:"
echo "1. Verify service is running: systemctl status cloudflared"
echo "2. View logs: journalctl -u cloudflared -f"
echo "3. Configure DNS records in Cloudflare Dashboard"
echo "========================================="