Automated dev commit

hosts/nixedo/homelab.nix

@@ -24,7 +24,11 @@
       paperless.enable = true;
       uptime-kuma.enable = true;
 
-      vaultwarden.enable = true;
+      vaultwarden = {
+        enable = true;
+
+        cloudflared.tunnelId = "41feb37d-a0f5-4c21-80c8-36ab63ec3b17";
+      };
     };
   };
 }

hosts/nixedo/services/default.nix

@@ -5,4 +5,8 @@
     ./uptime-kuma.nix
     ./vaultwarden.nix
   ];
+
+  services = {
+    tailscale.enable = true;
+  };
 }

hosts/nixedo/services/vaultwarden.nix

@@ -21,6 +21,11 @@ in
       type = types.str;
     };
 
+    cloudflared.tunnelId = mkOption {
+      example = "00000000-0000-0000-0000-000000000000";
+      type = types.str;
+    };
+
     homepage.name = mkOption {
       default = "Vaultwarden";
       type = types.str;
@@ -49,19 +54,18 @@ in
 
         config = {
           DOMAIN = "https://${cfg.url}";
+          ROCKET_ADDRESS = "127.0.0.1";
           ROCKET_PORT = 8222;
           SIGNUPS_ALLOWED = false;
         };
       };
 
-      nginx.virtualHosts.${cfg.url} = {
+      cloudflared.tunnels.${cfg.cloudflared.tunnelId} = {
-        forceSSL = true;
+        credentialsFile = config.age.secrets.cloudflared.path;
-        useACMEHost = homelab.baseDomain;
+        default = "http_status:404";
-
+        ingress."${cfg.url}".service = "http://${config.services.${service}.config.ROCKET_ADDRESS}:${
-        locations."/" = {
+          toString config.services.${service}.config.ROCKET_PORT
-          proxyPass = "http://localhost:${toString config.services.${service}.config.ROCKET_PORT}";
+        }";
-          recommendedProxySettings = true;
-        };
       };
     };
   };