Add Cloudflared support for remote access

docs/cloud.md

@@ -15,6 +15,7 @@ Control your printer remotely using cloud-based remote access providers.
 
 - **none** - Cloud access disabled (default)
 - **octoeverywhere** - Remote access via [OctoEverywhere.com](https://octoeverywhere.com)
+- **cloudflared** - Remote access via [Cloudflare Tunnel](https://www.cloudflare.com/products/tunnel/)
 
 ## OctoEverywhere
 
@@ -49,3 +50,83 @@ cloud: octoeverywhere
 **Step 4:** Link your account by downloading `octoeverywhere.log` from Mainsail or Fluidd to find the account linking URL. Open the URL in your browser to link your printer to your OctoEverywhere.com account.
 
 **Need help?** Visit [OctoEverywhere Support for Snapmaker U1](https://octoeverywhere.com/s/snapmaker-u1) for assistance.
+
+## Cloudflared
+
+- Secure remote access using Cloudflare Tunnel
+- No port forwarding required
+- Lower resource usage compared to OctoEverywhere
+- Requires Cloudflare account setup
+
+### Cloudflare Account Setup
+
+1. **Create a Cloudflare Account**: Sign up at [https://cloudflare.com](https://cloudflare.com)
+
+2. **Add Your Domain**: Add your domain to Cloudflare if you haven't already
+
+3. **Create a Tunnel**:
+   - Go to the Cloudflare dashboard
+   - Navigate to **Access** → **Tunnels**
+   - Click **Create a tunnel**
+   - Choose **Cloudflared** as the connector
+   - Give your tunnel a name (e.g., "snapmaker-u1")
+   - Add a public hostname that points to your domain
+   - Set the service to `http://localhost:80`
+
+4. **Get Tunnel Token**: After creating the tunnel, Cloudflare will provide a tunnel token. Save this token as you'll need it for the firmware configuration.
+
+### Firmware Configuration
+
+Navigate to the [firmware-config](firmware_config.md) web interface, go to the Remote Access section, and select Cloudflared under Cloud Provider. This will download and enable Cloudflared on your printer and show you further instructions.
+
+After enabling Cloudflared, you need to add your tunnel token to the configuration:
+
+1. **Edit the configuration file** (via SSH or using a file editor):
+```ini
+/home/lava/printer_data/config/extended/extended2.cfg
+```
+
+2. **Add the tunnel token** under the `[remote_access]` section:
+```ini
+[remote_access]
+cloud: cloudflared
+cloudflared_token: YOUR_TUNNEL_TOKEN_HERE
+```
+
+3. **Restart the cloud service**:
+```bash
+/etc/init.d/S99cloud restart
+```
+
+The Cloudflared service will now start with your configured tunnel token.
+
+### Manual Setup (advanced)
+
+**Step 1:** Download Cloudflared (requires internet connection):
+```bash
+ssh root@<printer-ip>
+cloudflared-pkg download
+```
+
+**Step 2:** Edit `extended/extended2.cfg` and add both the `cloud` setting and your tunnel token:
+```ini
+[remote_access]
+cloud: cloudflared
+cloudflared_token: YOUR_TUNNEL_TOKEN_HERE
+```
+
+**Step 3:** Start the cloud service:
+```bash
+/etc/init.d/S99cloud restart
+```
+
+### Configuration Files
+
+- Tunnel token stored in `/home/lava/printer_data/config/extended/extended2.cfg`
+- Service logs: `/home/lava/printer_data/logs/cloudflared.log`
+
+### Troubleshooting
+
+- Check logs: `tail -f /home/lava/printer_data/logs/cloudflared.log`
+- Verify your tunnel is active in the Cloudflare dashboard
+- Ensure your domain's DNS is properly configured in Cloudflare

overlays/firmware-extended/65-app-cloud/root/etc/init.d/S99cloud

@@ -5,6 +5,10 @@ OCTOEVERYWHERE_PIDFILE="/var/run/octoeverywhere.pid"
 OCTOEVERYWHERE_LOGFILE="/home/lava/printer_data/logs/octoeverywhere.log"
 OCTOEVERYWHERE_STATE_DIR="/home/lava/printer_data/octoeverywhere-store"
 
+CLOUDFLARED_BINARY="/usr/local/bin/cloudflared"
+CLOUDFLARED_PIDFILE="/var/run/cloudflared.pid"
+CLOUDFLARED_LOGFILE="/home/lava/printer_data/logs/cloudflared.log"
+
 # Load config from user
 EXTENDED_CFG="/home/lava/printer_data/config/extended/extended2.cfg"
 CLOUD_PROVIDER=$(/usr/local/bin/extended-config.py get "$EXTENDED_CFG" remote_access cloud none)
@@ -26,11 +30,41 @@ start_octoeverywhere() {
     echo "OK"
 }
 
+start_cloudflared() {
+    # Get tunnel token from config
+    TUNNEL_TOKEN=$(/usr/local/bin/extended-config.py get "$EXTENDED_CFG" remote_access cloudflared_token "")
+
+    if [ -z "$TUNNEL_TOKEN" ]; then
+        echo "Cloudflared tunnel token not found in configuration."
+        echo "Please configure Cloudflared through the firmware-config web interface."
+        return 1
+    fi
+
+    if [ -f "$CLOUDFLARED_PIDFILE" ] && kill -0 "$(cat "$CLOUDFLARED_PIDFILE")" 2>/dev/null; then
+        echo "cloudflared already running"
+        return 0
+    fi
+
+    printf "Starting cloudflared: "
+    mkdir -p "$(dirname "$CLOUDFLARED_LOGFILE")"
+    mv "$CLOUDFLARED_LOGFILE" "$CLOUDFLARED_LOGFILE.old" 2>/dev/null || true
+
+    start-stop-daemon -S -b -m -u lava \
+        -p "$CLOUDFLARED_PIDFILE" \
+        -x "$CLOUDFLARED_BINARY" \
+        -- tunnel --no-autoupdate run --token "$TUNNEL_TOKEN"
+
+    echo "OK"
+}
+
 start() {
     case "$CLOUD_PROVIDER" in
         octoeverywhere)
             start_octoeverywhere
             ;;
+        cloudflared)
+            start_cloudflared
+            ;;
         *)
             echo "No cloud is enabled in the extended configuration, not starting any cloud service."
             exit 0
@@ -48,6 +82,15 @@ stop() {
     else
         echo "not running"
     fi
+
+    printf "Stopping Cloudflared: "
+    if [ -f "$CLOUDFLARED_PIDFILE" ]; then
+        start-stop-daemon -K -p "$CLOUDFLARED_PIDFILE" -s TERM
+        rm -f "$CLOUDFLARED_PIDFILE"
+        echo "OK"
+    else
+        echo "not running"
+    fi
 }
 
 case "$1" in

overlays/firmware-extended/65-app-cloud/root/usr/local/bin/cloudflared-pkg

@@ -0,0 +1,82 @@
+#!/bin/bash
+
+#
+# Cloudflared package manager
+# Downloads and installs a pinned version of Cloudflared from GitHub
+#
+
+VERSION="2026.3.0"
+URL="https://github.com/cloudflare/cloudflared/releases/download/${VERSION}/cloudflared-linux-arm64"
+SHA256="0755ba4cbab59980e6148367fcf53a8f3ec85a97deefd63c2420cf7850769bee"
+
+# Paths
+BINARY_PATH="/usr/local/bin/cloudflared"
+CONFIG_DIR="/home/lava/printer_data/config/cloudflared"
+CONFIG_FILE="${CONFIG_DIR}/config.yaml"
+
+check() {
+    if [[ -f "$BINARY_PATH" ]]; then
+        echo "Cloudflared is installed."
+        return 0
+    else
+        echo "Cloudflared is not installed."
+        return 1
+    fi
+}
+
+download() {
+    rm -f "$BINARY_PATH"
+    mkdir -p "$(dirname "$BINARY_PATH")"
+
+    echo "Downloading Cloudflared ${VERSION} From GitHub..."
+    if ! /usr/local/bin/curl -sfSL -o "$BINARY_PATH" "$URL"; then
+        echo "Download failed"
+        return 1
+    fi
+
+    echo "Verifying SHA256 checksum..."
+    ACTUAL_SHA256=$(sha256sum "$BINARY_PATH" | awk '{print $1}')
+    if [[ "$ACTUAL_SHA256" != "$SHA256" ]]; then
+        echo "SHA256 mismatch!"
+        echo "  Expected: $SHA256"
+        echo "  Actual:   $ACTUAL_SHA256"
+        return 1
+    fi
+    echo "Checksum verified."
+
+    chmod +x "$BINARY_PATH"
+    echo "Cloudflared installed successfully to $BINARY_PATH"
+}
+
+case "$1" in
+    check)
+        check
+        ;;
+    download)
+        if check; then
+            echo "Cloudflared is already installed."
+            exit 0
+        fi
+        if ! download; then
+            rm -f "$BINARY_PATH"
+            exit 1
+        fi
+        ;;
+    update)
+        echo "Updating Cloudflared..."
+        if ! download; then
+            rm -f "$BINARY_PATH"
+            exit 1
+        fi
+        ;;
+    clean)
+        echo "Removing Cloudflared installation..."
+        rm -f "$BINARY_PATH"
+        rm -rf "$CONFIG_DIR"
+        echo "Removed."
+        ;;
+    *)
+        echo "Usage: $0 {check|download|update|clean}"
+        exit 1
+        ;;
+esac

overlays/firmware-extended/65-app-cloud/root/usr/local/share/firmware-config/functions/24_settings_cloud.yaml

@@ -19,9 +19,12 @@ settings:
               - -xc
               - |
                 /usr/local/bin/extended-config.py add /home/lava/printer_data/config/extended/extended2.cfg remote_access cloud none &&
+                /usr/local/bin/extended-config.py add /home/lava/printer_data/config/extended/extended2.cfg remote_access cloudflared_token "" &&
                 /etc/init.d/S99cloud stop
                 /usr/local/bin/octoeverywhere-pkg clean
+                /usr/local/bin/cloudflared-pkg clean
                 rm -rf /home/lava/printer_data/octoeverywhere-store
+                rm -rf /home/lava/printer_data/config/cloudflared
           octoeverywhere:
             label: OctoEverywhere
             cmd:
@@ -62,4 +65,30 @@ settings:
                 done
 
                 echo "Authorization URL not found in logs. Please check the logs for more details."
+          cloudflared:
+            label: Cloudflared
+            cmd:
+              - bash
+              - -ec
+              - |
+                echo "WARNING: Cloudflared support is experimental."
+                sleep 2
+
+                echo ">> Downloading Cloudflared package..."
+                /usr/local/bin/cloudflared-pkg download
+
+                echo ">> Enabling Cloudflared..."
+                /usr/local/bin/extended-config.py add /home/lava/printer_data/config/extended/extended2.cfg remote_access cloud cloudflared
+                /usr/local/bin/extended-config.py add /home/lava/printer_data/config/extended/extended2.cfg remote_access cloudflared_token YOUR_TUNNEL_TOKEN_HERE 
+
+                echo
+                echo "Cloudflared has been enabled."
+                echo
+                echo "NEXT STEP: Add your Cloudflare tunnel token to the configuration file."
+                echo "Edit /home/lava/printer_data/config/extended/extended2.cfg and replace YOUR_TUNNEL_TOKEN_HERE with your actual tunnel token"
+                echo
+                echo "Then restart the cloud service:"
+                echo "/etc/init.d/S99cloud restart"
+                echo
+                echo "You can find your tunnel token in the Cloudflare dashboard."
         default: none