fenix-gitea-admin/iac-ansible-public
1
0
Fork 0
mirror of https://gitea.fenix-dev.com/fenix-gitea-admin/iac-ansible-private.git synced 2025-10-27 08:43:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

removed cloudflare dependency

Browse Source
This commit is contained in:
fenix-gitea-admin
2025-10-12 15:15:15 +00:00
parent 56e0b5da32
commit 48448e0e59
1 changed files with 0 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
.gitea/workflows/deploy-k8s.yml
View File

@ -29,42 +29,6 @@ jobs:
curl -fsSL https://deb.nodesource.com/setup_18.x curl -fsSL https://deb.nodesource.com/setup_18.x
apt-get install -y sshpass apt-get install -y sshpass
- name: Install cloudflare prerequisites
run: |
apt-get install -y curl ca-certificates jq openssh-client net-tools iproute2
- name: Install cloudflared
run: |
# pacote .deb oficial - funcionará numa runner Ubuntu x86_64
curl -L -o cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
dpkg -i cloudflared.deb
cloudflared --version
- name: Install dante-server
run: |
apt-get install -y dante-server openssl
#libssl1.1
- name: Configure dante-server
run: |
cat <<EOF | tee /etc/danted.conf
logoutput: stderr
internal: 127.0.0.1 port = 1080
external: lo
method: none
clientmethod: none
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect
}
# encaminhar tudo para o listener TCP do cloudflared
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: connect udpassociate bind
log: connect disconnect
}
EOF
- name: vaultwarden urls as secrets - name: vaultwarden urls as secrets
run: | run: |
echo "config" echo "config"
@ -77,47 +41,6 @@ jobs:
echo "getting item" echo "getting item"
bw get item "iac.proxmox.ssh.link" --session "$BW_SESSION" | jq -r '.notes' > "proxmox-ssh-link.txt" bw get item "iac.proxmox.ssh.link" --session "$BW_SESSION" | jq -r '.notes' > "proxmox-ssh-link.txt"
cat proxmox-ssh-link.txt cat proxmox-ssh-link.txt
- name: Start cloudflared Access TCP -> SOCKS5 (background)
env:
CF_SVC_ID: ${{ secrets.CF_SVC_ID }}
CF_SVC_SECRET: ${{ secrets.CF_SVC_SECRET }}
run: |
Hostname=$(cat proxmox-ssh-link.txt)
# Inicia cloudflared access tcp/ssh com service token e listener socks local
# O binário 'cloudflared' tem variações de flags entre versões; estes flags funcionam nas versões recentes.
nohup cloudflared access tcp \
--hostname "$Hostname" \
--listener "tcp://127.0.0.1:1081" \
--service-token-id "$CF_SVC_ID" \
--service-token-secret "$CF_SVC_SECRET" \
> cloudflared.log 2>&1 &
# espera a porta do listener estar pronta (timeout 30s)
for i in $(seq 1 30); do
ss -tnl | grep -q ":1081" && break
sleep 1
done
if ! ss -tnl | grep -q ":1081"; then
echo "SOCKS listener not ready after 30s, printing cloudflared.log"
tail -n +1 cloudflared.log
cat cloudflared.log
exit 1
fi
echo "cloudflared socks listener ready at $SOCKS_LISTENER"
sleep 1
# opcional: ver primeiros logs
tail -n 50 cloudflared.log || true
- name: Start dante-server
run: |
pkill danted || true
danted -f /etc/danted.conf -D > dante.log 2>&1 &
sleep 3
cat dante.log
- name: Cloning ansible repository - name: Cloning ansible repository
@ -130,7 +53,6 @@ jobs:
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw) BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
echo "getting item" echo "getting item"
bw get item "iac.ansible.hosts.ini" --session "$BW_SESSION" | jq -r '.notes' > "inventory.ini" bw get item "iac.ansible.hosts.ini" --session "$BW_SESSION" | jq -r '.notes' > "inventory.ini"
cat inventory.ini
working-directory: ansible/iac working-directory: ansible/iac
- name: Install Ansible - name: Install Ansible
@ -139,5 +61,4 @@ jobs:
- name: Run Ansible Playbook - name: Run Ansible Playbook
working-directory: ansible/iac working-directory: ansible/iac
run: | run: |
cat inventory.ini
ansible-playbook -i inventory.ini playbook.yml ansible-playbook -i inventory.ini playbook.yml