bnkops/Changemaker
bnkops/Changemaker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cname updates and other things

Browse Source
This commit is contained in:
admin 2025-05-21 23:54:55 -06:00
parent 2a2260294e
commit 19db0708bb
5 changed files with 85 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
add-cname-records.sh
View File

@ -152,6 +152,64 @@ echo "Creating Cloudflare Access applications..."
# Create access applications only for specific services
PROTECTED_SERVICES=("homepage" "live" "ferdium" "convertx" "mini-qr" "ollama")
# Services that should have bypass policies (no authentication)
BYPASS_SERVICES=("excalidraw" "rocket" "listmonk" "vw" "docs")
# Function to create bypass policy for a service
create_bypass_policy() {
local service=$1
echo "Creating access application for $service.$CF_DOMAIN with bypass policy..."
SERVICE_APP_RESPONSE=$(curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/access/apps" \
-H "Authorization: Bearer $CF_API_TOKEN" \
-H "Content-Type: application/json" \
--data "{
\"name\": \"$service $CF_DOMAIN\",
\"domain\": \"$service.$CF_DOMAIN\",
\"type\": \"self_hosted\",
\"session_duration\": \"24h\",
\"app_launcher_visible\": true,
\"skip_interstitial\": true
}")
# Extract the application ID from the response
SERVICE_APP_ID=$(echo $SERVICE_APP_RESPONSE | jq -r '.result.id')
if [ -z "$SERVICE_APP_ID" ] || [ "$SERVICE_APP_ID" == "null" ]; then
echo "Error creating $service access application. Response: $SERVICE_APP_RESPONSE"
else
echo "Successfully created $service access application with ID: $SERVICE_APP_ID"
# Create bypass policy for everyone
echo "Creating bypass policy for $service application..."
POLICY_RESPONSE=$(curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/access/apps/$SERVICE_APP_ID/policies" \
-H "Authorization: Bearer $CF_API_TOKEN" \
-H "Content-Type: application/json" \
--data "{
\"name\": \"Bypass for Everyone\",
\"decision\": \"bypass\",
\"include\": [{
\"everyone\": {}
}],
\"require\": [],
\"exclude\": []
}")
# Check if policy creation was successful
POLICY_SUCCESS=$(echo $POLICY_RESPONSE | jq -r '.success')
if [ "$POLICY_SUCCESS" == "true" ]; then
POLICY_ID=$(echo $POLICY_RESPONSE | jq -r '.result.id')
echo "Bypass policy for $service created successfully with ID: $POLICY_ID"
else
ERROR_MSG=$(echo $POLICY_RESPONSE | jq -r '.errors[0].message')
echo "Error creating bypass policy for $service: $ERROR_MSG"
echo "Full response: $POLICY_RESPONSE"
fi
fi
}
for service in "${PROTECTED_SERVICES[@]}"; do
echo "Creating access application for $service.$CF_DOMAIN..."
@ -209,6 +267,11 @@ for service in "${PROTECTED_SERVICES[@]}"; do
fi
done
# Create bypass policies for specified services
for service in "${BYPASS_SERVICES[@]}"; do
create_bypass_policy "$service"
done
# 2. Create specific access application for Gitea
echo "Creating access application for gitea.$CF_DOMAIN..."
GITEA_APP_RESPONSE=$(curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/access/apps" \

5
configs/homepage-local/bookmarks.yaml
View File

@ -63,3 +63,8 @@
- Github:
- abbr: GH
href: https://github.com/
- Security & Management:
- Vaultwarden:
- abbr: VW
href: https://github.com/dani-garcia/vaultwarden

6
configs/homepage-local/services.yaml
View File

@ -77,3 +77,9 @@
href: http://localhost:5678
description: Workflow automation
icon: n8n
- Security & Management:
- Vaultwarden:
href: http://localhost:8200
description: Self-hosted password manager
icon: mdi-shield-key

5
configs/homepage/bookmarks.yaml
View File

@ -63,3 +63,8 @@
- Github:
- abbr: GH
href: https://github.com/
- Security & Management:
- Vaultwarden:
- abbr: VW
href: https://github.com/dani-garcia/vaultwarden

6
configs/homepage/services.yaml
View File

@ -75,3 +75,9 @@
href: https://n8n.test.com
description: Workflow automation
icon: n8n
- Security & Management:
- Vaultwarden:
href: https://vw.test.com
description: Self-hosted password manager
icon: mdi-shield-key