Switch from GitHub Pages to Cloudflare Pages

.github/workflows/CD-production-task.yml

@@ -65,6 +65,13 @@ jobs:
         run: |
           echo "$SUPABASE" > config/supabase.yml
 
+      - name: Render FRONTMAN secret into config/frontman.yml
+        env:
+          FRONTMAN: ${{ secrets.FRONTMAN }}
+        shell: bash
+        run: |
+          echo "$FRONTMAN" > config/frontman.yml
+
       - name: Run playbook
         shell: bash
         run: make ${{ inputs.tasks }}

.github/workflows/CD-production.yml

@@ -10,11 +10,6 @@ on:
       - master
   workflow_dispatch:
 
-permissions:
-  contents: read
-  pages: write
-  id-token: write
-
 jobs:
   deploy-proxies:
     name: Deploy on production
@@ -24,11 +19,7 @@ jobs:
         task:
           - deploy_metrics
           - deploy_proxies
+          - deploy_frontman
     with:
       tasks: ${{ matrix.task }}
     secrets: inherit
-
-  deploy-frontman:
-    name: Deploy on production
-    uses: ./.github/workflows/CD-production-frontman.yml
-    secrets: inherit

.gitignore

@@ -2,7 +2,8 @@ vault.txt
 users.csv
 id_rsa
 id_rsa.pub
-config/users-configs.yml
+known_hosts
+config/frontman.yml
 config/metrics.yml
 config/servers.yml
 config/supabase.yml

Dockerfile

@@ -1,2 +1,2 @@
 FROM alpine/ansible
-RUN apk add --no-cache curl make rsync
+RUN apk add --no-cache curl make rsync nodejs npm

Makefile

@@ -2,7 +2,7 @@ USERS_CSV_FILE = users.csv
 PLAYBOOK_FILE_METRIX = metrics.yml
 PLAYBOOK_FILE_PROXIES = proxies.yml
 PLAYBOOK_FILE_USERS_CSV = users-csv.yml
-PLAYBOOK_FILE_USERS_CONFIGS = users-configs.yml
+PLAYBOOK_FILE_FRONTMAN = frontman.yml
 HOSTS_FILE = inventory/hosts
 
 hosts_encrypt:
@@ -11,9 +11,6 @@ hosts_encrypt:
 hosts_decrypt:
 	ansible-vault decrypt $(HOSTS_FILE)
 
-render_users_configs:
-	ansible-playbook $(PLAYBOOK_FILE_USERS_CONFIGS)
-
 deploy_frontman:
 	ansible-playbook $(PLAYBOOK_FILE_FRONTMAN)
 

README.md

@@ -7,7 +7,7 @@ https://hiddify.com#app
 # Architecture
 ![digram](./diagram.svg)
 
-There are 4 componets: **GH Pages**, **[Supabase](https://supabase.com) instance**, **metrics** and **proxy**. GH Actions that must be configured for this repository.
+There are 4 componets: **Cloudflare Pages**, **[Supabase](https://supabase.com) instance**, **metrics** and **proxy**. GH Actions that must be configured for this repository.
 Metrics should be deployed as a single instance (sharding is not allowed). Proxies could be deployed as many instances as needed,
 each instance should have dedicated IP address and DNS record (if exists). All hosts should be Debian hosts with public IPs.
 
@@ -16,7 +16,7 @@ Stores list of user configs. Users may generate new user configs (my means of HT
 to render configs for xrays and other components. _The repository with Supabas is not open-source at the moment. It will becore
 open-source later_.
 
-## GH Pages
+## Cloudflare Pages
 Serves static content:
 * static html pages with installation instructions which is being developed in a separate repository:
 [xray-server-frontend](https://github.com/ed-asriyan/xray-server-frontend). The user is provided with a private instruction link
@@ -26,7 +26,7 @@ ShadowSocks client each time before connecting to a ShadowSocks server
 * personal vless [subscription files](https://hiddify.com/app/URL-Scheme) for each client, which is used by Hiddify to refresh
 list of available servers
 
-Playbook: [users-configs.yml](./users-configs.yml). It just renders files locally, the should be uploaded got GitHub Pages using
+Playbook: [frontman.yml](./frontman.yml). It just renders files locally, the should be uploaded got Cloudflare Pages using
 Actions.
 
 ## Metrics

config/README.md

@@ -4,7 +4,7 @@ This directory contains configuration files.
 ## How to edit
 ### If you use GitHub Actions
 Create the following secrets:
-* `USERS_CONFIGS`: copy content of [users-configs.example.yml](./users-configs.example.yml) to the secret and fill out each variable
+* `FRONTMAN`: copy content of [frontman.example.yml](./frontman.example.yml) to the secret and fill out each variable
 * `SERVERS`: copy content of [servers.example.yml](./servers.example.yml) to the secret and fill out each variable
 * `HOSTS`: copy content of [hosts.example.yml](./hosts.example.yml) to the secret and fill out each variable
 * `METRICS`: copy content of [metrics.example.yml](./metrics.example.yml) to the secret and fill out each variable

config/frontman.example.yml

@@ -0,0 +1,17 @@
+# where redirect to if user opened index page without valid parameters
+config_frontman_default_redirect:
+
+# title users should we when open hiddify
+config_users_title:
+
+# url where frontman is hosted
+config_users_base_url:
+
+# clouflare pages project name
+config_frontman_cloudflare_project_name:
+
+# cloudflare account id
+config_frontman_cloudflare_account_id:
+
+# cloudflare api token with Account -> Cloudflare Pages -> Write permissions. create at https://dash.cloudflare.com/profile/api-tokens
+config_frontman_cloudflare_api_token:

users-configs.yml → frontman.yml

@@ -2,7 +2,7 @@
     - localhost
   no_log: true
   vars_files:
-    - ./config/users-configs.yml
+    - ./config/frontman.yml
     - ./config/servers.yml
     - ./config/supabase.yml
   pre_tasks:
@@ -36,13 +36,15 @@
       set_fact:
         config_local_users: "{{ supabase_users_response.json | map(attribute='child_uuid') | list }}"
   roles:
-    - role: users-configs
+    - role: frontman
       vars:
-        users_configs_default_redirect: "{{ config_users_configs_default_redirect }}"
-        users_configs_servers: "{{ config_servers }}"
-        users_configs_configs: "{{ config_local_configs }}"
-        users_configs_users: "{{ config_local_users }}"
-        users_configs_static_directory_filename: static
-        users_configs_title: "{{ config_users_title }}"
-        users_configs_support_url: "{{ config_users_support_url }}"
-        users_configs_base_url: "{{ config_users_base_url }}"
+        frontman_default_redirect: "{{ config_frontman_default_redirect }}"
+        frontman_servers: "{{ config_servers }}"
+        frontman_configs: "{{ config_local_configs }}"
+        frontman_users: "{{ config_local_users }}"
+        frontman_static_directory_filename: static
+        frontman_title: "{{ config_users_title }}"
+        frontman_base_url: "{{ config_users_base_url }}"
+        frontman_cloudflare_project_name: "{{ config_frontman_cloudflare_project_name }}"
+        frontman_cloudflare_account_id: "{{ config_frontman_cloudflare_account_id }}"
+        frontman_cloudflare_api_token: "{{ config_frontman_cloudflare_api_token }}"

roles/frontman/defaults/main.yml

@@ -0,0 +1,29 @@
+# where redirect to if user opened index page without paramneters
+frontman_default_redirect:
+
+# users as described in /users-example.yml
+frontman_users:
+
+# files with redirect url
+frontman_configs:
+
+# servers object as described in /servers-example.yml
+frontman_servers:
+
+# relative path of directory where static content should be stored
+frontman_static_directory_filename:
+
+# title users should we when open hiddify
+frontman_title:
+
+# url where frontman is hosted
+frontman_base_url:
+
+# clouflare pages project name
+frontman_cloudflare_project_name:
+
+# cloudflare account id
+frontman_cloudflare_account_id:
+
+# cloudflare api token with Account -> Cloudflare Pages -> Write permissions. create at https://dash.cloudflare.com/profile/api-tokens
+frontman_cloudflare_api_token:

roles/frontman/tasks/main.yml

@@ -0,0 +1,81 @@
+- name: Ensure required variables are defined
+  assert:
+    that:
+      - frontman_default_redirect is string
+      - frontman_title is string
+      - frontman_cloudflare_project_name is string
+      - frontman_cloudflare_account_id is string
+      - frontman_cloudflare_api_token is string
+
+- name: Ensure frontman_users is defined correctly
+  include_tasks: tasks/assert-users.yml
+  vars:
+    users: "{{ frontman_users }}"
+
+- name: Ensure frontman_configs is defined correctly
+  include_tasks: tasks/assert-configs.yml
+  vars:
+    configs: "{{ frontman_configs }}"
+
+- name: Ensure frontman_servers is defined correctly
+  include_tasks: tasks/assert-servers.yml
+  vars:
+    servers: "{{ frontman_servers }}"
+
+- set_fact:
+    frontman_static_root_local: "./{{ frontman_static_directory_filename }}"
+    frontman_frontend_name: "{{ lookup('community.general.random_string', length=32, special=False) }}"
+
+- name: Create static directory locally
+  file:
+    path: "{{ frontman_static_root_local }}"
+    state: directory
+
+- name: Render index.html
+  template:
+    src: index.html.j2
+    dest: "{{ frontman_static_root_local }}/index.html"
+
+- name: Create frontend directory locally
+  file:
+    path: "{{ frontman_static_root_local }}/{{ frontman_frontend_name }}"
+    state: directory
+
+- name: Render frontend.html
+  get_url:
+    url: "{{ frontman_frontend_html_url }}"
+    dest: "{{ frontman_static_root_local }}/{{ frontman_frontend_name }}/index.html"
+
+- name: Render frontend config
+  template:
+    src: frontend-config.json.j2
+    dest: "{{ frontman_static_root_local }}/{{ frontman_frontend_name }}/config.json"
+
+- name: Copy robots.txt
+  copy:
+    src: robots.txt
+    dest: "{{ frontman_static_root_local }}/robots.txt"
+
+- name: Render configs
+  with_items: "{{ frontman_configs }}"
+  loop_control:
+    index_var: loop_index
+  vars:
+    frontman_config_uuid: "{{ item }}"
+  include_tasks: render_configs.yml
+
+- name: Render redirect configs
+  with_items: "{{ frontman_users }}"
+  loop_control:
+    index_var: loop_index
+  vars:
+    frontman_user_uuid: "{{ item }}"
+  template:
+    src: frontend-link.json.j2
+    dest: "{{ frontman_static_root_local }}/{{ frontman_user_uuid }}.json"
+
+- name: Upload static files to Cloudflare Pages
+  command: "npx wrangler pages deploy {{ frontman_static_root_local }} --project-name={{ frontman_cloudflare_project_name }}  --branch main"
+  environment:
+    CLOUDFLARE_ACCOUNT_ID: "{{ frontman_cloudflare_account_id }}"
+    CLOUDFLARE_API_TOKEN: "{{ frontman_cloudflare_api_token }}"

roles/frontman/tasks/render_configs.yml

@@ -0,0 +1,30 @@
+
+- name: Create user's directory
+  file:
+    path: "{{ frontman_static_root_local }}/{{ frontman_config_uuid }}"
+    state: directory
+
+- name: Render hiddify config
+  template:
+    src: hiddify.j2
+    dest: "{{ frontman_static_root_local }}/{{ frontman_config_uuid }}/{{ frontman_hiddify_filename }}"
+
+- name: Render hiddify config (index.html for backward compatibility)
+  template:
+    src: hiddify.j2
+    dest: "{{ frontman_static_root_local }}/{{ frontman_config_uuid }}/index.html"
+
+- name: Render xray-client config
+  template:
+    src: client-xray-config.json.j2
+    dest: "{{ frontman_static_root_local }}/{{ frontman_config_uuid }}/{{ frontman_client_xray_config_filename }}"
+
+- name: Render sock5.Dockerfile
+  template:
+    src: socks5.Dockerfile.j2
+    dest: "{{ frontman_static_root_local }}/{{ frontman_config_uuid }}/{{ frontman_socks5_docker_filename }}"
+
+- name: Render urls map
+  template:
+    src: urls-map.json.j2
+    dest: "{{ frontman_static_root_local }}/{{ frontman_config_uuid }}/{{ frontman_urls_map_filename }}"