vaultsovereign/vm-cloudflare
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
37a867c485b26e863afdaf8dbe514dc99563add2
vm-cloudflare/systemd/README.md
Vault Sovereign 37a867c485 Initial commit: Cloudflare infrastructure with WAF Intelligence 
- Complete Cloudflare Terraform configuration (DNS, WAF, tunnels, access)
- WAF Intelligence MCP server with threat analysis and ML classification
- GitOps automation with PR workflows and drift detection
- Observatory monitoring stack with Prometheus/Grafana
- IDE operator rules for governed development
- Security playbooks and compliance frameworks
- Autonomous remediation and state reconciliation
2025-12-16 18:31:53 +00:00

105 lines
2.5 KiB
Markdown
Raw Blame History

# Cloudflare Mesh Systemd Units
Systemd service and timer units for the Autonomic Mesh.
## Services
| Unit | Description | Type |
|------|-------------|------|
| `drift-guardian.service` | Real-time configuration monitor | Continuous |
| `autonomous-remediator.service` | Self-healing infrastructure | Continuous |
| `tunnel-rotation.service` | Credential rotation | One-shot |
| `tunnel-rotation.timer` | Weekly rotation schedule | Timer |
## Installation
### 1. Create service user
```bash
sudo useradd -r -s /usr/sbin/nologin -d /var/lib/cloudflare-mesh cloudflare-mesh
sudo mkdir -p /var/lib/cloudflare-mesh /var/log/cloudflare-mesh
sudo chown cloudflare-mesh:cloudflare-mesh /var/lib/cloudflare-mesh /var/log/cloudflare-mesh
```
### 2. Install scripts
```bash
sudo mkdir -p /opt/cloudflare-mesh/scripts
sudo cp scripts/*.py /opt/cloudflare-mesh/scripts/
sudo chmod +x /opt/cloudflare-mesh/scripts/*.py
```
### 3. Create environment file
```bash
sudo mkdir -p /etc/cloudflare-mesh
cat << EOF | sudo tee /etc/cloudflare-mesh/environment
CLOUDFLARE_API_TOKEN=your_api_token_here
CLOUDFLARE_ZONE_ID=your_zone_id
CLOUDFLARE_ACCOUNT_ID=your_account_id
EOF
sudo chmod 600 /etc/cloudflare-mesh/environment
sudo chown root:cloudflare-mesh /etc/cloudflare-mesh/environment
```
### 4. Install systemd units
```bash
sudo cp systemd/*.service systemd/*.timer /etc/systemd/system/
sudo systemctl daemon-reload
```
### 5. Enable and start services
```bash
# Enable continuous services
sudo systemctl enable --now drift-guardian.service
sudo systemctl enable --now autonomous-remediator.service
# Enable rotation timer
sudo systemctl enable --now tunnel-rotation.timer
```
## Management
### Check status
```bash
sudo systemctl status drift-guardian.service
sudo systemctl status autonomous-remediator.service
sudo systemctl list-timers tunnel-rotation.timer
```
### View logs
```bash
# Drift guardian logs
journalctl -u drift-guardian.service -f
# Remediator logs
journalctl -u autonomous-remediator.service -f
# Rotation logs
journalctl -u tunnel-rotation.service
```
### Manual rotation
```bash
sudo systemctl start tunnel-rotation.service
```
### Stop all services
```bash
sudo systemctl stop drift-guardian.service autonomous-remediator.service
sudo systemctl stop tunnel-rotation.timer
```
## Security Notes
- All services run as non-root user `cloudflare-mesh`
- Services use systemd hardening directives
- API tokens stored with restricted permissions (600)
- Services have read-only filesystem access except for data directories
Reference in New Issue View Git Blame Copy Permalink