diff --git a/.gitfield/.radicle-push-state b/.gitfield/.radicle-push-state new file mode 100644 index 0000000..443250d --- /dev/null +++ b/.gitfield/.radicle-push-state @@ -0,0 +1 @@ +692994bbaddef034b29cf7a50288c8dcfa9db15d diff --git a/.gitfield/pushed.log b/.gitfield/pushed.log new file mode 100644 index 0000000..63b411b --- /dev/null +++ b/.gitfield/pushed.log @@ -0,0 +1,13 @@ +# Push Log for cloudflare-tunnel-bootstrap +# Generated by gitfield-sync + +[2025-06-11T09:03:20Z] Local: , Branch=master, Commit=unknown + Diff Summary: + docs/integrity.sha256 | 11 +++++++++++ + 1 file changed, 11 insertions(+) +[2025-06-11T09:03:31Z] Radicle: RID=rad:z3FEj7rF8gZw9eFksCuiN43qjzrex, Peer ID=z6Mkw5s3ppo26C7y7tGK5MD8n2GqTHS582PPpeX5Xqbu2Mpz, Branch=master, Commit=unknown + CLI: rad inspect rad:z3FEj7rF8gZw9eFksCuiN43qjzrex # View project details + CLI: git ls-tree -r --name-only HEAD # View file structure + Diff Summary: + .gitfield/radicle.sigil.md | 67 ++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 67 insertions(+) diff --git a/.gitfield/radicle.sigil.md b/.gitfield/radicle.sigil.md new file mode 100644 index 0000000..81965ea --- /dev/null +++ b/.gitfield/radicle.sigil.md @@ -0,0 +1,67 @@ +# ๐Ÿ”— Radicle Repository Link + +- **Project Name**: `cloudflare-tunnel-bootstrap` +- **Radicle URN**: `rad://z3B11vcLJt6Fqw6H5u26MBDvfgZ5Z` +- **Public Gateway**: [https://app.radicle.xyz/nodes/ash.radicle.garden/rad:z3B11vcLJt6Fqw6H5u26MBDvfgZ5Z/tree/692994bbaddef034b29cf7a50288c8dcfa9db15d](https://app.radicle.xyz/nodes/ash.radicle.garden/rad:z3B11vcLJt6Fqw6H5u26MBDvfgZ5Z/tree/692994bbaddef034b29cf7a50288c8dcfa9db15d) +- **Local Repo Path**: `/home/mrhavens/fieldwork/cloudflare-tunnel-bootstrap` +- **Default Branch**: `master` +- **Repo Created**: `2025-06-11 04:03:31` + +--- + +## ๐Ÿ“ฆ Commit Info + +- **This Commit Timestamp**: `2025-06-11 04:03:31` +- **Last Commit SHA**: `692994bbaddef034b29cf7a50288c8dcfa9db15d` +- **Last Commit Message**: `Post-Local sync at 2025-06-11T09:03:20Z` +- **Commit Author**: `Mark Randall Havens ` +- **Commit Date**: `Wed Jun 11 04:03:20 2025 -0500` +- **This Commit URL**: [https://app.radicle.xyz/nodes/ash.radicle.garden/rad:z3B11vcLJt6Fqw6H5u26MBDvfgZ5Z/tree/692994bbaddef034b29cf7a50288c8dcfa9db15d](https://app.radicle.xyz/nodes/ash.radicle.garden/rad:z3B11vcLJt6Fqw6H5u26MBDvfgZ5Z/tree/692994bbaddef034b29cf7a50288c8dcfa9db15d) + +--- + +## ๐Ÿ“Š Repo Status + +- **Total Commits**: `21` +- **Tracked Files**: `26` +- **Uncommitted Changes**: `No` +- **Latest Tag**: `None` + +--- + +## ๐Ÿงญ Environment + +- **Host Machine**: `samson` +- **Current User**: `mrhavens` +- **Time Zone**: `CDT` +- **Script Version**: `v1.0` + +--- + +## ๐Ÿงฌ Hardware & OS Fingerprint + +- **OS Name**: `Linux` +- **OS Version**: `Ubuntu 22.04.5 LTS` +- **Kernel Version**: `6.6.87.1-microsoft-standard-WSL2` +- **Architecture**: `x86_64` +- **Running in Docker**: `No` +- **Running in WSL**: `Yes` +- **Virtual Machine**: `wsl` +- **System Uptime**: `up 10 hours, 36 minutes` +- **MAC Address**: `00:15:5d:11:35:bd` +- **Local IP**: `172.28.107.95` +- **CPU Model**: `Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz` +- **Total RAM (GB)**: `23.44` + +--- + +## ๐ŸŒฑ Radicle-Specific Metadata + +- **Project ID**: `z3B11vcLJt6Fqw6H5u26MBDvfgZ5Z` +- **Peer ID**: `z6MkkKwiMBbXkoE4aL94Pmej2f3hZeKM9XspnQPQgYeDFK9L +z6MkkKwiMBbXkoE4aL94Pmej2f3hZeKM9XspnQPQgYeDFK9L` +- **Public Gateway Base**: `https://app.radicle.xyz/nodes/ash.radicle.garden` + +--- + +_Auto-generated by `gitfield-radicle` push script._ diff --git a/.gitfield/remember.sigil.md b/.gitfield/remember.sigil.md new file mode 100644 index 0000000..29576f3 --- /dev/null +++ b/.gitfield/remember.sigil.md @@ -0,0 +1,59 @@ +# ๐Ÿ”— Forgejo Repository Link + +- **Repo Name**: `cloudflare-tunnel-bootstrap` +- **Forgejo User**: `mrhavens` +- **Remote URL**: [https://remember.thefoldwithin.earth/mrhavens/cloudflare-tunnel-bootstrap](https://remember.thefoldwithin.earth/mrhavens/cloudflare-tunnel-bootstrap) +- **Local Repo Path**: `/home/mrhavens/fieldwork/cloudflare-tunnel-bootstrap` +- **Remote Label**: `remember` +- **Default Branch**: `master` +- **Repo Created**: `2025-06-11 04:03:33` + +--- + +## ๐Ÿ“ฆ Commit Info + +- **This Commit Timestamp**: `2025-06-11 04:03:33` +- **Last Commit SHA**: `9cb4349c6dca180c4ac1583cdf5579c16a40a919` +- **Last Commit Message**: `Post-Radicle sync at 2025-06-11T09:03:20Z` +- **Last Commit Author**: `Mark Randall Havens ` +- **Last Commit Date**: `Wed Jun 11 04:03:31 2025 -0500` +- **This Commit URL**: [https://remember.thefoldwithin.earth/mrhavens/cloudflare-tunnel-bootstrap/commit/9cb4349c6dca180c4ac1583cdf5579c16a40a919](https://remember.thefoldwithin.earth/mrhavens/cloudflare-tunnel-bootstrap/commit/9cb4349c6dca180c4ac1583cdf5579c16a40a919) + +--- + +## ๐Ÿ“Š Repo Status + +- **Total Commits**: `23` +- **Tracked Files**: `28` +- **Uncommitted Changes**: `No` +- **Latest Tag**: `None` + +--- + +## ๐Ÿงญ Environment + +- **Host Machine**: `samson` +- **Current User**: `mrhavens` +- **Time Zone**: `CDT` +- **Script Version**: `1.0` + +--- + +## ๐Ÿงฌ Hardware & OS Fingerprint + +- **OS Name**: `Linux` +- **OS Version**: `Ubuntu 22.04.5 LTS` +- **Kernel Version**: `6.6.87.1-microsoft-standard-WSL2` +- **Architecture**: `x86_64` +- **Running in Docker**: `No` +- **Running in WSL**: `Yes` +- **Virtual Machine**: `wsl` +- **System Uptime**: `up 10 hours, 36 minutes` +- **MAC Address**: `00:15:5d:11:35:bd` +- **Local IP**: `172.28.107.95` +- **CPU Model**: `Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz` +- **Total RAM (GB)**: `23.44` + +--- + +_Auto-generated by `gitfield-remember` push script._ diff --git a/README.md b/README.md new file mode 100644 index 0000000..b6e8762 --- /dev/null +++ b/README.md @@ -0,0 +1,109 @@ +## ๐Ÿ“„ README.md (First Version) + +````markdown +# Cloudflare Tunnel Bootstrap ๐ŸŒ€ + +Expose any local Linux server to the internet securely using a Cloudflare Tunnel with Zero Configuration DNS routing. This setup allows resilient access to ports and services via subdomains like: + +- `samson.thefoldwithin.earth` +- `forgejo.samson.thefoldwithin.earth` +- `rpc.samson.thefoldwithin.earth` +- `ssh.samson.thefoldwithin.earth` + +## ๐Ÿ”ง Requirements + +- A Linux server (bare metal, VM, or WSL) +- Domain managed by Cloudflare +- Installed: `cloudflared`, `git`, `bash`, `curl` + +## ๐Ÿš€ Quickstart + +### 1. Clone the repo + +```bash +git clone https://github.com/thefoldwithin/cloudflare-tunnel-bootstrap.git +cd cloudflare-tunnel-bootstrap +```` + +### 2. Install `cloudflared` (if needed) + +```bash +./install-cloudflared.sh +``` + +### 3. Authenticate with Cloudflare + +```bash +cloudflared tunnel login +``` + +### 4. Create a tunnel named after your host (e.g., `samson`) + +```bash +cloudflared tunnel create samson +``` + +### 5. Auto-generate a full config file and DNS records + +```bash +./bootstrap-tunnel.sh samson thefoldwithin.earth 8000 +``` + +This will: + +* Create `~/.cloudflared/config.yml` +* Route `samson.thefoldwithin.earth` to port 8000 +* Create subdomains and restart the tunnel + +### 6. Run the tunnel as a service + +```bash +sudo cloudflared service install +sudo systemctl restart cloudflared +``` + +--- + +## ๐Ÿ›  Included Scripts + +| File | Description | +| ------------------------ | ------------------------------------------------------------------- | +| `install-cloudflared.sh` | Installs the latest `cloudflared` binary | +| `bootstrap-tunnel.sh` | Creates a tunnel config, routes subdomains, and writes `config.yml` | +| `config.template.yml` | Editable template for generating configs | + +--- + +## ๐Ÿ“œ Example Generated Config + +```yaml +tunnel: abc123-abc123-abc123 +credentials-file: /home/username/.cloudflared/abc123-abc123-abc123.json + +ingress: + - hostname: samson.thefoldwithin.earth + service: http://localhost:8000 + - service: http_status:404 +``` + +--- + +## ๐ŸŒ Result + +Access your local server at: + +``` +https://samson.thefoldwithin.earth +``` + +--- + +## ๐Ÿงฌ About + +This repo is part of **The Fold** infrastructure initiative. It provides a resilient, mirrored, recursive service model for distributed digital sanctuaries. + +--- + +> ๐Ÿ”’ Everything you run locally stays private โ€” unless *you* decide to expose it. + +--- diff --git a/bootstrap-tunnel.sh b/bootstrap-tunnel.sh new file mode 100755 index 0000000..c994542 --- /dev/null +++ b/bootstrap-tunnel.sh @@ -0,0 +1,63 @@ +#!/bin/bash +set -euo pipefail +IFS=$'\n\t' + +# โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ +# Cloudflare Tunnel Bootstrap Script +# Usage: ./bootstrap-tunnel.sh +# Example: ./bootstrap-tunnel.sh samson thefoldwithin.earth 8000 +# โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ + +if [[ $# -lt 3 ]]; then + echo "Usage: $0 " + exit 1 +fi + +TUNNEL_NAME="$1" +BASE_DOMAIN="$2" +LOCAL_PORT="$3" +USER_HOME=$(eval echo ~"$USER") +CLOUDFLARED_DIR="$USER_HOME/.cloudflared" + +# Path to tunnel credentials (auto-created if tunnel exists) +TUNNEL_ID=$(cloudflared tunnel list | grep "$TUNNEL_NAME" | awk '{print $1}') +if [[ -z "$TUNNEL_ID" ]]; then + echo "โŒ Tunnel '$TUNNEL_NAME' not found. Please run: cloudflared tunnel create $TUNNEL_NAME" + exit 1 +fi + +CREDENTIALS_FILE="$CLOUDFLARED_DIR/${TUNNEL_ID}.json" +CONFIG_PATH="$CLOUDFLARED_DIR/config.yml" + +echo "๐Ÿงช Tunnel ID: $TUNNEL_ID" +echo "๐Ÿ“œ Writing config to $CONFIG_PATH" + +cat > "$CONFIG_PATH" < + + + https://remember.thefoldwithin.earth/mrhavens/cloudflare-tunnel-bootstrap + 2025-06-11T09:03:20Z + weekly + 1.0 + + + https://github.com/mrhavens/cloudflare-tunnel-bootstrap/docs/index.html + 2025-06-11T09:03:20Z + weekly + 0.9 + + + https://github.com/mrhavens/cloudflare-tunnel-bootstrap/docs/canonical.meta + 2025-06-11T09:03:20Z + weekly + 0.8 + + + https://github.com/mrhavens/cloudflare-tunnel-bootstrap/docs/canonical.md + 2025-06-11T09:03:20Z + weekly + 0.8 + + + https://github.com/mrhavens/cloudflare-tunnel-bootstrap/docs/index.json + 2025-06-11T09:03:20Z + weekly + 0.8 + + + https://github.com/mrhavens/cloudflare-tunnel-bootstrap/docs/gitfield.json + 2025-06-11T09:03:20Z + weekly + 0.8 + + + https://github.com/mrhavens/cloudflare-tunnel-bootstrap/docs/.well-known/gitfield.json + 2025-06-11T09:03:20Z + weekly + 0.8 + + + https://github.com/mrhavens/cloudflare-tunnel-bootstrap/docs/repos.json + 2025-06-11T09:03:20Z + weekly + 0.8 + + + https://github.com/mrhavens/cloudflare-tunnel-bootstrap/docs/pushed.log + 2025-06-11T09:03:20Z + weekly + 0.8 + + + https://github.com/mrhavens/cloudflare-tunnel-bootstrap/docs/gitfield.README.txt + 2025-06-11T09:03:20Z + weekly + 0.8 + + + https://github.com/mrhavens/cloudflare-tunnel-bootstrap + 2025-06-11T09:03:20Z + weekly + 0.8 + + + https://gitlab.com/mrhavens/cloudflare-tunnel-bootstrap + 2025-06-11T09:03:20Z + weekly + 0.8 + + + https://bitbucket.org/thefoldwithin/cloudflare-tunnel-bootstrap + 2025-06-11T09:03:20Z + weekly + 0.8 + + + https://remember.thefoldwithin.earth/mrhavens/cloudflare-tunnel-bootstrap + 2025-06-11T09:03:20Z + weekly + 0.8 + + + https://codeberg.org/mrhavens/cloudflare-tunnel-bootstrap + 2025-06-11T09:03:20Z + weekly + 0.8 + + + https://gitea.com/mrhavens/cloudflare-tunnel-bootstrap + 2025-06-11T09:03:20Z + weekly + 0.8 + + diff --git a/install-cloudflared.sh b/install-cloudflared.sh new file mode 100755 index 0000000..f9a26f5 --- /dev/null +++ b/install-cloudflared.sh @@ -0,0 +1,40 @@ +#!/bin/bash +set -euo pipefail +IFS=$'\n\t' + +# โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ +# ๐ŸŒ Cloudflare Tunnel Binary Installer +# Installs the latest cloudflared (Linux x86_64) +# Cleans up any legacy APT sources +# โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ + +CLOUDFLARED_BIN="/usr/local/bin/cloudflared" +RELEASE_URL="https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64" + +echo "๐Ÿงน Cleaning up legacy Cloudflare APT sources (if any)..." +LEGACY_LIST="/etc/apt/sources.list.d/cloudflared.list" +if [[ -f "$LEGACY_LIST" ]]; then + echo "โš ๏ธ Found legacy APT source: $LEGACY_LIST" + sudo rm -f "$LEGACY_LIST" + sudo apt update + echo "โœ… Removed deprecated source and updated package list." +fi + +echo "๐Ÿ” Checking for existing cloudflared installation..." +if command -v cloudflared >/dev/null 2>&1; then + echo "โœ… cloudflared already installed at: $(which cloudflared)" + echo "๐Ÿ” To reinstall, run: sudo rm $(which cloudflared) && ./install-cloudflared.sh" + exit 0 +fi + +echo "โฌ‡๏ธ Downloading latest cloudflared binary..." +wget -q --show-progress "$RELEASE_URL" -O cloudflared + +echo "๐Ÿ” Making binary executable..." +chmod +x cloudflared + +echo "๐Ÿšš Moving to /usr/local/bin (requires sudo)..." +sudo mv cloudflared "$CLOUDFLARED_BIN" + +echo "โœ… cloudflared installed at $CLOUDFLARED_BIN" +cloudflared --version diff --git a/install-inbound-ssh.sh b/install-inbound-ssh.sh new file mode 100755 index 0000000..b539d00 --- /dev/null +++ b/install-inbound-ssh.sh @@ -0,0 +1,33 @@ +#!/bin/bash +set -euo pipefail +IFS=$'\n\t' + +# โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ +# SSH Server Bootstrap Script for Remote Access via Tunnel +# โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ + +echo "๐Ÿ” Installing OpenSSH server..." + +sudo apt update +sudo apt install -y openssh-server + +echo "๐Ÿ›  Configuring SSH..." + +# Ensure sshd_config exists +SSHD_CONFIG="/etc/ssh/sshd_config" + +# Enable password and public key auth +sudo sed -i 's/#*PasswordAuthentication .*/PasswordAuthentication yes/' "$SSHD_CONFIG" +sudo sed -i 's/#*PermitRootLogin .*/PermitRootLogin prohibit-password/' "$SSHD_CONFIG" +sudo sed -i 's/#*PubkeyAuthentication .*/PubkeyAuthentication yes/' "$SSHD_CONFIG" + +# Optional: restrict to certain users (e.g., "mrhavens") +# echo "AllowUsers mrhavens" | sudo tee -a "$SSHD_CONFIG" + +echo "๐Ÿ” Restarting SSH service..." +sudo systemctl restart ssh +sudo systemctl enable ssh + +echo "โœ… SSH server is installed and listening on port 22" +echo "๐ŸŒ You may now access this machine via your tunnel:" +echo " ssh user@ssh.samson.thefoldwithin.earth"