Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add extra daemon param, flush handler, revert to cloudflared user #8

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

add extra daemon param, flush handler, revert to cloudflared user #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
dad62e0
revert to clouflared user, nobody never good.
fbourqui Jul 12, 2020
ce6056d
add extra daemon param, flush handler
fbourqui Jul 13, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 10 additions & 5 deletions defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,14 @@ cloudflared_arm_binary: "cloudflared-stable-linux-arm.tgz"

cloudflared_allow_firewall: false
cloudflared_enable_service: true
cloudflared_upstream: "https://1.1.1.1/dns-query"
cloudflared_port: 5053

cloudflared_options: "proxy-dns --port {{ cloudflared_port }} --upstream {{ cloudflared_upstream }}"

cloudflared_bin_location: /usr/local/bin

#Listen on given port for the DNS over HTTPS proxy server. (default: 53)
cloudflared_port: 5053
#Listen address for metrics reporting. (default: "localhost")
cloudflared_metrics_address:
#Listen address for the DNS over HTTPS proxy server. (default: "localhost")
cloudflared_dns_address:
#Upstream endpoint URL, you can specify multiple endpoints for redundancy.
#(default: "https://1.1.1.1/dns-query", "https://1.0.0.1/dns-query")
cloudflared_upstream:
6 changes: 3 additions & 3 deletions files/cloudflared.service
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
[Unit]
Description=cloudflared service
Description=cloudflared DNS over HTTPS proxy
After=syslog.target network-online.target

[Service]
Type=simple
User=nobody
User=cloudflared
EnvironmentFile=/etc/default/cloudflared
ExecStart=/usr/local/bin/cloudflared $CLOUDFLARED_OPTS
ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS
Restart=on-failure
RestartSec=10
KillMode=process
Expand Down
11 changes: 9 additions & 2 deletions tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,17 @@
register: update_command
changed_when: update_command.rc == '64'

- name: create application user
user:
name: cloudflared
system: yes

- name: template config file
template:
src: cloudflared.j2
dest: /etc/default/cloudflared
owner: nobody
group: nogroup
owner: cloudflared
group: cloudflared
notify: restart cloudflared service
tags: systemd

Expand Down Expand Up @@ -62,3 +67,5 @@
port: "{{ cloudflared_port }}"
comment: "allow cloudflared"
when: cloudflared_allow_firewall

- meta: flush_handlers
5 changes: 4 additions & 1 deletion templates/cloudflared.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,5 @@
# Commandline args for cloudflared
CLOUDFLARED_OPTS={{ cloudflared_options }}
CLOUDFLARED_OPTS={% if cloudflared_port is not none %}--port {{ cloudflared_port }} {% endif %}
{% if cloudflared_metrics_address is not none %}--metrics {{ cloudflared_metrics_address }} {% endif %}
{% if cloudflared_dns_address is not none %}--address {{ cloudflared_dns_address }} {% endif %}
{% if cloudflared_upstream is not none %}--upstream {{ cloudflared_upstream }} {% endif %}