diff --git a/add-cname-records.sh b/add-cname-records.sh index 985f290..afecb05 100755 --- a/add-cname-records.sh +++ b/add-cname-records.sh @@ -152,6 +152,64 @@ echo "Creating Cloudflare Access applications..." # Create access applications only for specific services PROTECTED_SERVICES=("homepage" "live" "ferdium" "convertx" "mini-qr" "ollama") +# Services that should have bypass policies (no authentication) +BYPASS_SERVICES=("excalidraw" "rocket" "listmonk" "vw" "docs") + +# Function to create bypass policy for a service +create_bypass_policy() { + local service=$1 + echo "Creating access application for $service.$CF_DOMAIN with bypass policy..." + + SERVICE_APP_RESPONSE=$(curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/access/apps" \ + -H "Authorization: Bearer $CF_API_TOKEN" \ + -H "Content-Type: application/json" \ + --data "{ + \"name\": \"$service $CF_DOMAIN\", + \"domain\": \"$service.$CF_DOMAIN\", + \"type\": \"self_hosted\", + \"session_duration\": \"24h\", + \"app_launcher_visible\": true, + \"skip_interstitial\": true + }") + + # Extract the application ID from the response + SERVICE_APP_ID=$(echo $SERVICE_APP_RESPONSE | jq -r '.result.id') + + if [ -z "$SERVICE_APP_ID" ] || [ "$SERVICE_APP_ID" == "null" ]; then + echo "Error creating $service access application. Response: $SERVICE_APP_RESPONSE" + else + echo "Successfully created $service access application with ID: $SERVICE_APP_ID" + + # Create bypass policy for everyone + echo "Creating bypass policy for $service application..." + + POLICY_RESPONSE=$(curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/access/apps/$SERVICE_APP_ID/policies" \ + -H "Authorization: Bearer $CF_API_TOKEN" \ + -H "Content-Type: application/json" \ + --data "{ + \"name\": \"Bypass for Everyone\", + \"decision\": \"bypass\", + \"include\": [{ + \"everyone\": {} + }], + \"require\": [], + \"exclude\": [] + }") + + # Check if policy creation was successful + POLICY_SUCCESS=$(echo $POLICY_RESPONSE | jq -r '.success') + + if [ "$POLICY_SUCCESS" == "true" ]; then + POLICY_ID=$(echo $POLICY_RESPONSE | jq -r '.result.id') + echo "Bypass policy for $service created successfully with ID: $POLICY_ID" + else + ERROR_MSG=$(echo $POLICY_RESPONSE | jq -r '.errors[0].message') + echo "Error creating bypass policy for $service: $ERROR_MSG" + echo "Full response: $POLICY_RESPONSE" + fi + fi +} + for service in "${PROTECTED_SERVICES[@]}"; do echo "Creating access application for $service.$CF_DOMAIN..." @@ -209,6 +267,11 @@ for service in "${PROTECTED_SERVICES[@]}"; do fi done +# Create bypass policies for specified services +for service in "${BYPASS_SERVICES[@]}"; do + create_bypass_policy "$service" +done + # 2. Create specific access application for Gitea echo "Creating access application for gitea.$CF_DOMAIN..." GITEA_APP_RESPONSE=$(curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/access/apps" \ diff --git a/configs/homepage-local/bookmarks.yaml b/configs/homepage-local/bookmarks.yaml index 17b01ec..c1e21ff 100755 --- a/configs/homepage-local/bookmarks.yaml +++ b/configs/homepage-local/bookmarks.yaml @@ -63,3 +63,8 @@ - Github: - abbr: GH href: https://github.com/ + +- Security & Management: + - Vaultwarden: + - abbr: VW + href: https://github.com/dani-garcia/vaultwarden diff --git a/configs/homepage-local/services.yaml b/configs/homepage-local/services.yaml index 7359668..d46006f 100644 --- a/configs/homepage-local/services.yaml +++ b/configs/homepage-local/services.yaml @@ -77,3 +77,9 @@ href: http://localhost:5678 description: Workflow automation icon: n8n + +- Security & Management: + - Vaultwarden: + href: http://localhost:8200 + description: Self-hosted password manager + icon: mdi-shield-key diff --git a/configs/homepage/bookmarks.yaml b/configs/homepage/bookmarks.yaml index 17b01ec..c1e21ff 100755 --- a/configs/homepage/bookmarks.yaml +++ b/configs/homepage/bookmarks.yaml @@ -63,3 +63,8 @@ - Github: - abbr: GH href: https://github.com/ + +- Security & Management: + - Vaultwarden: + - abbr: VW + href: https://github.com/dani-garcia/vaultwarden diff --git a/configs/homepage/services.yaml b/configs/homepage/services.yaml index c3c7b4f..6b75299 100644 --- a/configs/homepage/services.yaml +++ b/configs/homepage/services.yaml @@ -75,3 +75,9 @@ href: https://n8n.test.com description: Workflow automation icon: n8n + +- Security & Management: + - Vaultwarden: + href: https://vw.test.com + description: Self-hosted password manager + icon: mdi-shield-key