Initial commit: loc_az_hci (smom-dbis-138 excluded via .gitignore)

Co-authored-by: Cursor <cursoragent@cursor.com>

scripts/deploy/configure-cloudflared-vm100.sh

@@ -0,0 +1,233 @@
+#!/bin/bash
+# Configure Cloudflare Tunnel on VM 100
+# Run this script from Proxmox host (root@pve)
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
+
+# Load environment variables
+if [ -f "$PROJECT_ROOT/.env" ]; then
+    set -a
+    source <(grep -v '^#' "$PROJECT_ROOT/.env" | grep -v '^$' | sed 's/#.*$//' | grep '=')
+    set +a
+else
+    echo "Error: .env file not found at $PROJECT_ROOT/.env"
+    exit 1
+fi
+
+VMID=100
+VM_USER="ubuntu"
+VM_IP="192.168.1.60"
+
+echo "========================================="
+echo "Cloudflare Tunnel Configuration for VM 100"
+echo "========================================="
+echo ""
+
+# Check if we can SSH to VM
+echo "Checking SSH access to VM 100..."
+if ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 "$VM_USER@$VM_IP" "echo 'SSH OK'" 2>/dev/null; then
+    echo "✓ SSH access available"
+    USE_SSH=true
+else
+    echo "✗ SSH access not available"
+    echo "  You'll need to access VM 100 via Proxmox Console"
+    USE_SSH=false
+fi
+
+echo ""
+echo "Configuration will be prepared for:"
+echo "  Domain: $CLOUDFLARE_DOMAIN"
+echo "  Account ID: $CLOUDFLARE_ACCOUNT_ID"
+echo ""
+
+if [ "$USE_SSH" = true ]; then
+    echo "Configuring via SSH..."
+    
+    # Create directories and user
+    ssh -o StrictHostKeyChecking=no "$VM_USER@$VM_IP" <<EOF
+sudo mkdir -p /etc/cloudflared
+sudo useradd -r -s /bin/false cloudflared 2>/dev/null || true
+sudo chown cloudflared:cloudflared /etc/cloudflared
+EOF
+
+    # Create config file
+    ssh -o StrictHostKeyChecking=no "$VM_USER@$VM_IP" "sudo tee /etc/cloudflared/config.yml > /dev/null" <<CONFIGEOF
+tunnel: $CLOUDFLARE_TUNNEL_TOKEN
+credentials-file: /etc/cloudflared/credentials.json
+
+ingress:
+  - hostname: grafana.$CLOUDFLARE_DOMAIN
+    service: http://192.168.1.82:3000
+  - hostname: prometheus.$CLOUDFLARE_DOMAIN
+    service: http://192.168.1.82:9090
+  - hostname: git.$CLOUDFLARE_DOMAIN
+    service: http://192.168.1.121:3000
+  - hostname: proxmox-ml110.$CLOUDFLARE_DOMAIN
+    service: https://192.168.1.206:8006
+    originRequest:
+      noTLSVerify: true
+  - hostname: proxmox-r630.$CLOUDFLARE_DOMAIN
+    service: https://192.168.1.49:8006
+    originRequest:
+      noTLSVerify: true
+  - service: http_status:404
+CONFIGEOF
+
+    # Create credentials file
+    ssh -o StrictHostKeyChecking=no "$VM_USER@$VM_IP" "sudo tee /etc/cloudflared/credentials.json > /dev/null" <<CREDEOF
+{
+  "AccountTag": "$CLOUDFLARE_ACCOUNT_ID",
+  "TunnelSecret": "$CLOUDFLARE_TUNNEL_TOKEN"
+}
+CREDEOF
+
+    # Set permissions
+    ssh -o StrictHostKeyChecking=no "$VM_USER@$VM_IP" <<EOF
+sudo chown cloudflared:cloudflared /etc/cloudflared/config.yml /etc/cloudflared/credentials.json
+sudo chmod 600 /etc/cloudflared/config.yml /etc/cloudflared/credentials.json
+EOF
+
+    # Create systemd service
+    ssh -o StrictHostKeyChecking=no "$VM_USER@$VM_IP" "sudo tee /etc/systemd/system/cloudflared.service > /dev/null" <<SERVICEEOF
+[Unit]
+Description=Cloudflare Tunnel
+After=network.target
+
+[Service]
+Type=simple
+User=cloudflared
+ExecStart=/usr/local/bin/cloudflared tunnel --config /etc/cloudflared/config.yml run
+Restart=on-failure
+RestartSec=10s
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target
+SERVICEEOF
+
+    # Enable and start service
+    ssh -o StrictHostKeyChecking=no "$VM_USER@$VM_IP" <<EOF
+sudo systemctl daemon-reload
+sudo systemctl enable cloudflared
+sudo systemctl start cloudflared
+sleep 3
+sudo systemctl status cloudflared --no-pager
+EOF
+
+    echo ""
+    echo "✓ Configuration complete via SSH"
+    
+else
+    echo ""
+    echo "========================================="
+    echo "Manual Configuration Required"
+    echo "========================================="
+    echo ""
+    echo "Since SSH is not available, please:"
+    echo ""
+    echo "1. Access VM 100 via Proxmox Console:"
+    echo "   - Go to: https://192.168.1.206:8006"
+    echo "   - Navigate to: VM 100 → Console"
+    echo "   - Login as: ubuntu"
+    echo ""
+    echo "2. Run these commands on VM 100:"
+    echo ""
+    cat <<'MANUAL'
+# Create directories and user
+sudo mkdir -p /etc/cloudflared
+sudo useradd -r -s /bin/false cloudflared 2>/dev/null || true
+sudo chown cloudflared:cloudflared /etc/cloudflared
+
+# Create config file
+sudo tee /etc/cloudflared/config.yml > /dev/null << 'CONFIGEOF'
+tunnel: CLOUDFLARE_TUNNEL_TOKEN
+credentials-file: /etc/cloudflared/credentials.json
+
+ingress:
+  - hostname: grafana.CLOUDFLARE_DOMAIN
+    service: http://192.168.1.82:3000
+  - hostname: prometheus.CLOUDFLARE_DOMAIN
+    service: http://192.168.1.82:9090
+  - hostname: git.CLOUDFLARE_DOMAIN
+    service: http://192.168.1.121:3000
+  - hostname: proxmox-ml110.CLOUDFLARE_DOMAIN
+    service: https://192.168.1.206:8006
+    originRequest:
+      noTLSVerify: true
+  - hostname: proxmox-r630.CLOUDFLARE_DOMAIN
+    service: https://192.168.1.49:8006
+    originRequest:
+      noTLSVerify: true
+  - service: http_status:404
+CONFIGEOF
+
+# Replace placeholders (run these with actual values from .env)
+sudo sed -i "s/CLOUDFLARE_TUNNEL_TOKEN/$CLOUDFLARE_TUNNEL_TOKEN/g" /etc/cloudflared/config.yml
+sudo sed -i "s/CLOUDFLARE_DOMAIN/$CLOUDFLARE_DOMAIN/g" /etc/cloudflared/config.yml
+
+# Create credentials file
+sudo tee /etc/cloudflared/credentials.json > /dev/null << CREDEOF
+{
+  "AccountTag": "CLOUDFLARE_ACCOUNT_ID",
+  "TunnelSecret": "CLOUDFLARE_TUNNEL_TOKEN"
+}
+CREDEOF
+
+# Replace placeholders
+sudo sed -i "s/CLOUDFLARE_ACCOUNT_ID/$CLOUDFLARE_ACCOUNT_ID/g" /etc/cloudflared/credentials.json
+sudo sed -i "s/CLOUDFLARE_TUNNEL_TOKEN/$CLOUDFLARE_TUNNEL_TOKEN/g" /etc/cloudflared/credentials.json
+
+# Set permissions
+sudo chown cloudflared:cloudflared /etc/cloudflared/config.yml /etc/cloudflared/credentials.json
+sudo chmod 600 /etc/cloudflared/config.yml /etc/cloudflared/credentials.json
+
+# Create systemd service
+sudo tee /etc/systemd/system/cloudflared.service > /dev/null << 'SERVICEEOF'
+[Unit]
+Description=Cloudflare Tunnel
+After=network.target
+
+[Service]
+Type=simple
+User=cloudflared
+ExecStart=/usr/local/bin/cloudflared tunnel --config /etc/cloudflared/config.yml run
+Restart=on-failure
+RestartSec=10s
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target
+SERVICEEOF
+
+# Enable and start service
+sudo systemctl daemon-reload
+sudo systemctl enable cloudflared
+sudo systemctl start cloudflared
+systemctl status cloudflared
+MANUAL
+
+    echo ""
+    echo "Note: Replace CLOUDFLARE_TUNNEL_TOKEN, CLOUDFLARE_DOMAIN, and CLOUDFLARE_ACCOUNT_ID"
+    echo "      with actual values from your .env file"
+    echo ""
+    echo "Or source the .env file first:"
+    echo "  source /path/to/.env"
+    echo ""
+fi
+
+echo ""
+echo "========================================="
+echo "Configuration Complete"
+echo "========================================="
+echo ""
+echo "Next steps:"
+echo "1. Verify service: systemctl status cloudflared"
+echo "2. View logs: journalctl -u cloudflared -f"
+echo "3. Configure DNS records in Cloudflare Dashboard"
+echo ""
+