vaultsovereign/vm-cloudflare
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
bee801694aa5c22cc8fa363e33717a649cd18051
vm-cloudflare/systemd/README.md
Vault Sovereign 37a867c485 Initial commit: Cloudflare infrastructure with WAF Intelligence 
- Complete Cloudflare Terraform configuration (DNS, WAF, tunnels, access)
- WAF Intelligence MCP server with threat analysis and ML classification
- GitOps automation with PR workflows and drift detection
- Observatory monitoring stack with Prometheus/Grafana
- IDE operator rules for governed development
- Security playbooks and compliance frameworks
- Autonomous remediation and state reconciliation
2025-12-16 18:31:53 +00:00

2.5 KiB
Raw Blame History

Cloudflare Mesh Systemd Units

Systemd service and timer units for the Autonomic Mesh.

Services

Unit Description Type
drift-guardian.service Real-time configuration monitor Continuous
autonomous-remediator.service Self-healing infrastructure Continuous
tunnel-rotation.service Credential rotation One-shot
tunnel-rotation.timer Weekly rotation schedule Timer

Installation

1. Create service user

sudo useradd -r -s /usr/sbin/nologin -d /var/lib/cloudflare-mesh cloudflare-mesh
sudo mkdir -p /var/lib/cloudflare-mesh /var/log/cloudflare-mesh
sudo chown cloudflare-mesh:cloudflare-mesh /var/lib/cloudflare-mesh /var/log/cloudflare-mesh

2. Install scripts

sudo mkdir -p /opt/cloudflare-mesh/scripts
sudo cp scripts/*.py /opt/cloudflare-mesh/scripts/
sudo chmod +x /opt/cloudflare-mesh/scripts/*.py

3. Create environment file

sudo mkdir -p /etc/cloudflare-mesh
cat << EOF | sudo tee /etc/cloudflare-mesh/environment
CLOUDFLARE_API_TOKEN=your_api_token_here
CLOUDFLARE_ZONE_ID=your_zone_id
CLOUDFLARE_ACCOUNT_ID=your_account_id
EOF
sudo chmod 600 /etc/cloudflare-mesh/environment
sudo chown root:cloudflare-mesh /etc/cloudflare-mesh/environment

4. Install systemd units

sudo cp systemd/*.service systemd/*.timer /etc/systemd/system/
sudo systemctl daemon-reload

5. Enable and start services

# Enable continuous services
sudo systemctl enable --now drift-guardian.service
sudo systemctl enable --now autonomous-remediator.service

# Enable rotation timer
sudo systemctl enable --now tunnel-rotation.timer

Management

Check status

sudo systemctl status drift-guardian.service
sudo systemctl status autonomous-remediator.service
sudo systemctl list-timers tunnel-rotation.timer

View logs

# Drift guardian logs
journalctl -u drift-guardian.service -f

# Remediator logs
journalctl -u autonomous-remediator.service -f

# Rotation logs
journalctl -u tunnel-rotation.service

Manual rotation

sudo systemctl start tunnel-rotation.service

Stop all services

sudo systemctl stop drift-guardian.service autonomous-remediator.service
sudo systemctl stop tunnel-rotation.timer

Security Notes

  • All services run as non-root user cloudflare-mesh
  • Services use systemd hardening directives
  • API tokens stored with restricted permissions (600)
  • Services have read-only filesystem access except for data directories
Reference in New Issue View Git Blame Copy Permalink