{"id":30641402,"url":"https://github.com/homesecexplorer/ansible-role-cloudflared","last_synced_at":"2026-05-07T10:34:01.494Z","repository":{"id":305029422,"uuid":"1020818685","full_name":"HomeSecExplorer/ansible-role-cloudflared","owner":"HomeSecExplorer","description":"Ansible Role - cloudflared DOH","archived":false,"fork":false,"pushed_at":"2025-08-28T19:30:15.000Z","size":17,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-29T00:52:53.972Z","etag":null,"topics":["ansible","ansible-role","cloudflared","cloudflareddns","dns","dns-over-https","doh","homelab","pihole","privacy","self-hosted"],"latest_commit_sha":null,"homepage":"https://galaxy.ansible.com/ui/standalone/roles/HomeSecExplorer/cloudflared/","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HomeSecExplorer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"HomeSecExplorer"}},"created_at":"2025-07-16T12:47:32.000Z","updated_at":"2025-08-28T19:32:14.000Z","dependencies_parsed_at":"2025-07-18T01:32:39.631Z","dependency_job_id":"4fe55766-7fc3-4a9e-84e8-26c46460c35a","html_url":"https://github.com/HomeSecExplorer/ansible-role-cloudflared","commit_stats":null,"previous_names":["homesecexplorer/ansible-role-cloudflared"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/HomeSecExplorer/ansible-role-cloudflared","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HomeSecExplorer%2Fansible-role-cloudflared","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HomeSecExplorer%2Fansible-role-cloudflared/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HomeSecExplorer%2Fansible-role-cloudflared/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HomeSecExplorer%2Fansible-role-cloudflared/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HomeSecExplorer","download_url":"https://codeload.github.com/HomeSecExplorer/ansible-role-cloudflared/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HomeSecExplorer%2Fansible-role-cloudflared/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272930012,"owners_count":25017058,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-31T02:00:09.071Z","response_time":79,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","cloudflared","cloudflareddns","dns","dns-over-https","doh","homelab","pihole","privacy","self-hosted"],"created_at":"2025-08-31T02:00:55.944Z","updated_at":"2026-05-07T10:34:01.488Z","avatar_url":"https://github.com/HomeSecExplorer.png","language":"Jinja","funding_links":["https://github.com/sponsors/HomeSecExplorer"],"categories":[],"sub_categories":[],"readme":"# Ansible Role: cloudflared-DOH\n\n[![CI](https://github.com/HomeSecExplorer/ansible-role-cloudflared/actions/workflows/ci.yml/badge.svg)](https://github.com/HomeSecExplorer/ansible-role-cloudflared/actions/workflows/ci.yml)\n![Ansible Galaxy](https://img.shields.io/badge/ansible-galaxy-blue?logo=ansible)\n![License: MIT](https://img.shields.io/badge/license-MIT-green.svg)\n\n---\n\n**Author:** HomeSec Explorer  \n**License:** MIT  \n**Tags:** cloudflared, dns, doh, proxy, systemd, pihole, privacy, selfhosted\n\n## Description\n\nThis role installs and configures [cloudflared](https://developers.cloudflare.com/cloudflared/) as a DNS-over-HTTPS (DoH) proxy service.\n\nIt supports both installation via Debian package repository or GitHub release (default). The role is ideal for use with [Pi-hole](https://pi-hole.net/) or alongside the [`HomeSecExplorer.pihole`](hhttps://github.com/HomeSecExplorer/ansible-role-pihole) role for enhanced privacy and DNS filtering.\n\nEach cloudflared service instance runs on its own port and configuration, allowing multiple upstreams or configurations per instance.\n\n---\n\n## Requirements\n\n- Ansible `\u003e= 2.13`\n- Root privileges on the target host\n- Internet access for downloading and running cloudflared\n\n---\n\n## Supported Operating Systems\n\n- Debian 11 (Bullseye), 12 (Bookworm), 13 (Trixie)\n- Ubuntu 22.04 (Jammy), 24.04 (Noble)\n- Rocky 9 (Blue Onyx)\n\n\u003e ⚠️ The OS compatibility check (`hsecd_os_check`) ensures supported platforms for this role - not official Cloudflare support. Installation on ARM devices is **not officially tested**.\n\n## Test matrix\n\n**Legend:** :white_check_mark: manual test passed - :repeat: covered in CI - :white_circle: not tested\n\n| Distro | Version | Manually verified | CI | Notes |\n|:-------|:--------|:-----------------:|:--:|:-----|\n| Debian | 13 | :white_check_mark: | :repeat: |  |\n| Debian | 12 | :white_check_mark: | :repeat: |  |\n| Debian | 11 | :white_circle: | :repeat: |  |\n| Ubuntu | 24.04 | :white_check_mark: | :repeat: |  |\n| Ubuntu | 22.04 | :white_circle: | :repeat: |  |\n| Rocky | 9 | :white_check_mark: | :repeat: |  |\n\n---\n\n## Role Variables (Examples)\n\n\u003e ⚙️ Full list in `defaults/main.yml`\n\n### Installation \u0026 Configuration\n\n```yaml\nhsecd_install: true               # Install cloudflared\nhsecd_uninstall: false            # Uninstall and remove cloudflared\nhsecd_update: true                # Run cloudflared update (only if method is 'git')\nhsecd_auto_update: false          # Enable cron-based updates (Git install only)\nhsecd_configure: true             # Configure service files and systemd units\nhsecd_os_check: true              # Abort on unsupported OS\nhsesp_arch_check: true            # Enforce architecture check (ARMv6 workaround)\n\nhsecd_install_method: 'git'       # 'git' or 'repo'\nhsecd_git_tag: 'latest'           # GitHub release tag (e.g. 'latest' or '2025.0.1')\n```\n\n### Service Instances\n\n```yaml\nhsecd_cloudflared_auto_port: true         # Automatically assign ports\nhsecd_cloudflared_port_base: 5053         # First service gets 5053, next 5054, ...\n\nhsecd_cloudflared_services:\n  - upstreams:\n      - 'https://1.1.1.1/dns-query'\n      - 'https://1.0.0.1/dns-query'\n    options: '--address 127.0.0.1'\n    # port: 5053 (optional if auto_port is true)\n\n  - upstreams:\n      - 'https://9.9.9.9/dns-query'\n      - 'https://149.112.112.112/dns-query'\n    options: '--address 127.0.0.1'\n```\n\nEach entry creates a separate systemd service (e.g. `cloudflared1.service`, `cloudflared2.service`) and an `/etc/default/cloudflaredX` file containing the corresponding `CLOUDFLARED_OPTS` line..\n\n---\n\n## Available Tags\n\n- `install` – Install cloudflared from repo or GitHub\n- `uninstall` – Remove cloudflared and all associated files\n- `update` – Run `cloudflared update` (only for Git installs)\n- `config` – Create/update systemd units and config files\n\n---\n\n## Install this role\n\nFrom Ansible Galaxy:\n\n```bash\nansible-galaxy install HomeSecExplorer.cloudflared\n```\n\nOr manually (via Git):\n\n```bash\ngit clone https://github.com/HomeSecExplorer/ansible-role-cloudflared.git roles/HomeSecExplorer.cloudflared\n```\n\n---\n\n## Example Playbook\n\n```yaml\n- name: Set up cloudflared as DoH service\n  hosts: all\n  become: true\n  roles:\n    - role: HomeSecExplorer.cloudflared\n```\n\n---\n\n## Recommended Pairing\n\nThis role works especially well alongside:\n\n- [`HomeSecExplorer.pihole`](hhttps://github.com/HomeSecExplorer/ansible-role-pihole) – install and configure Pi-hole\n- Use cloudflared as Pi-hole’s upstream DNS over HTTPS provider\n\n---\n\n## License\n\nMIT\n\n---\n\n## Author Information\n\nHomeSec Explorer  \n🔗 [YouTube Channel](https://www.youtube.com/@HomeSecExplorer)\n\nIf this role was helpful, drop a ⭐ on GitHub, subscribe on YouTube or Sponsor me!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhomesecexplorer%2Fansible-role-cloudflared","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhomesecexplorer%2Fansible-role-cloudflared","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhomesecexplorer%2Fansible-role-cloudflared/lists"}