diff --git a/apps/cloudflared/.env.example b/apps/cloudflared/.env.example new file mode 100644 index 0000000..f358393 --- /dev/null +++ b/apps/cloudflared/.env.example @@ -0,0 +1 @@ +TUNNEL_TOKEN= diff --git a/apps/cloudflared/docker-compose.yml b/apps/cloudflared/docker-compose.yml index 42d21d4..d626e7d 100644 --- a/apps/cloudflared/docker-compose.yml +++ b/apps/cloudflared/docker-compose.yml @@ -5,7 +5,7 @@ services: restart: unless-stopped command: tunnel --no-autoupdate run environment: - - TUNNEL_TOKEN=eyJhIjoiZDBiYjc2NzMzMzNmY2Q3OTQ2MjI5NTZmMTY2MmY3ODUiLCJ0IjoiNWU2MGVhOGUtYTU0My00OWI2LWJhYjUtMzI1ZjM5NDQxZTAwIiwicyI6IkJyR3NreXdTSEFjQllobk9IcWFBZWJhT2djRUU0cjVSMXcwKzVGeTkrUHc9In0= + - TUNNEL_TOKEN=${TUNNEL_TOKEN:?set TUNNEL_TOKEN in .env} networks: - default - kitestacks diff --git a/apps/cloudflared/docker-compose.yml.backup-before-token-rotate-20260608 b/apps/cloudflared/docker-compose.yml.backup-before-token-rotate-20260608 deleted file mode 100644 index 173eb7e..0000000 --- a/apps/cloudflared/docker-compose.yml.backup-before-token-rotate-20260608 +++ /dev/null @@ -1,9 +0,0 @@ -services: - cloudflared: - image: cloudflare/cloudflared:latest - container_name: cloudflared - restart: unless-stopped - command: tunnel --no-autoupdate run - environment: - - TUNNEL_TOKEN=eyJhIjoiZDBiYjc2NzMzMzNmY2Q3OTQ2MjI5NTZmMTY2MmY3ODUiLCJ0IjoiNWU2MGVhOGUtYTU0My00OWI2LWJhYjUtMzI1ZjM5NDQxZTAwIiwicyI6Ik1ESTBPVEV5WVRNdFl6WmlOaTAwWTJNeUxUa3pPRE10T1RRME1tTmlOV1ZsTVRZNCJ9 - diff --git a/apps/kitestacks-portal/public/flux/index.html b/apps/kitestacks-portal/public/flux/index.html new file mode 100644 index 0000000..1e7ce2e --- /dev/null +++ b/apps/kitestacks-portal/public/flux/index.html @@ -0,0 +1,39 @@ + + + + + FluxCD Status - KiteStacks + + + +
+

FluxCD GitOps Automation Status

+
+ CLUSTER NODE + monk (T14s) +
+
+ ACTIVE REVISION + main@sha1:bdec86b1... +
+
+ SYNC STATUS + Ready: Applied revision bdec86b1 +
+
+ MANAGED APPS + kavita (READY), flux-system (READY) +
+ +
+ + diff --git a/scripts/rollout-cloudflared-token.sh b/scripts/rollout-cloudflared-token.sh new file mode 100755 index 0000000..ba1fdf4 --- /dev/null +++ b/scripts/rollout-cloudflared-token.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash +set -euo pipefail + +if [[ $# -ne 1 ]]; then + echo "Usage: $0 ''" >&2 + exit 2 +fi + +token="$1" +monk_dir="${MONK_CLOUDFLARED_DIR:-$HOME/kitestacks-live/docker/cloudflared}" +kscloud1_host="${KSCLOUD1_HOST:?set KSCLOUD1_HOST, for example user@host}" +kscloud1_key="${KSCLOUD1_KEY:-$HOME/.ssh/id_ed25519_kscloud1}" +kscloud1_dir="${KSCLOUD1_CLOUDFLARED_DIR:-/opt/kitestacks/docker/cloudflared}" + +if [[ ! -d "$monk_dir" ]]; then + echo "Missing monk cloudflared dir: $monk_dir" >&2 + exit 1 +fi + +printf 'TUNNEL_TOKEN=%s\n' "$token" > "$monk_dir/.env" +perl -0pi -e 's/TUNNEL_TOKEN=[^\n]+/TUNNEL_TOKEN=\${TUNNEL_TOKEN:?set TUNNEL_TOKEN in .env}/' "$monk_dir/docker-compose.yml" +docker compose -f "$monk_dir/docker-compose.yml" up -d + +ssh -F /dev/null -i "$kscloud1_key" -o BatchMode=yes -o StrictHostKeyChecking=accept-new "$kscloud1_host" \ + "set -euo pipefail + cd '$kscloud1_dir' + umask 077 + printf 'TUNNEL_TOKEN=%s\n' '$token' > .env + perl -0pi -e 's/TUNNEL_TOKEN=[^\\n]+/TUNNEL_TOKEN=\\\${TUNNEL_TOKEN:?set TUNNEL_TOKEN in .env}/' docker-compose.yml + docker compose up -d" + +echo "Cloudflared token rolled out to monk and kscloud1."