opdavies/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

...
Sign in to create a new pull request.

1 commit
main ... cloudflare

Author SHA1 Message Date
Oliver Davies
b71c63bb27 Configure Cloudflare Tunnel to publicly serve 
...services from homelab
 2025-04-18 01:44:21 +01:00
5 changed files with 56 additions and 6 deletions

16
hosts/nixedo/configuration.nix
View file

@ -20,6 +20,7 @@
./modules/acme.nix ./modules/acme.nix
./modules/audiobookshelf.nix ./modules/audiobookshelf.nix
./modules/cloudflared.nix
./modules/containers ./modules/containers
./modules/forgejo.nix ./modules/forgejo.nix
./modules/immich.nix ./modules/immich.nix
@ -27,6 +28,21 @@
./modules/paperless.nix ./modules/paperless.nix
]; ];
services.cloudflared = {
enable = true;
tunnels."e1514105-327f-4984-974e-e2fbaca76466" = {
credentialsFile = config.age.secrets.cloudflared.path;
default = "http_status:404";
ingress = {
"test.oliverdavies.uk" = {
service = "http://localhost:8000";
};
};
};
};
nixosModules = { nixosModules = {
audiobookshelf.enable = true; audiobookshelf.enable = true;
immich.enable = true; immich.enable = true;

18
hosts/nixedo/modules/cloudflared.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, ... }:
{
services.cloudflared = {
enable = true;
tunnels."e1514105-327f-4984-974e-e2fbaca76466" = {
credentialsFile = config.age.secrets.cloudflared.path;
default = "http_status:404";
ingress = {
"test.oliverdavies.uk" = {
service = "http://localhost:8000";
};
};
};
};
}

1
hosts/nixedo/secrets.nix
View file

@ -1,6 +1,7 @@
{ {
age.secrets = { age.secrets = {
cloudflare.file = ../../secrets/cloudflare.age; cloudflare.file = ../../secrets/cloudflare.age;
cloudflared.file = ../../secrets/cloudflared-credentials.age;
tubearchivist.file = ../../secrets/tubearchivist.age; tubearchivist.file = ../../secrets/tubearchivist.age;
}; };
} }

10
secrets.nix
View file

@ -8,9 +8,9 @@ let
t490 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvtcGJnc94k6wCPfvK9oBvGey0WWVCR8IYSqg5vqage"; t490 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvtcGJnc94k6wCPfvK9oBvGey0WWVCR8IYSqg5vqage";
}; };
users = { opdavies = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkkbYaCD9NUIQT0NnsmlyfepwjxBYeiJSBCotOpdPTyc5inFAd29DiVw98j4skfaHdzjcqWmMFmDQWM6tGkK7eg8n0WuaABmsjdEbzTtfjHwM0tRDCIh5AtoT4IvoLhwLjEI2jKM05BGCQ2m5lS//AYJK1DjiV4UH+IjXHz6oy/3eFzQwANjxWS+mbR565p21yuAu1DKEyaGeVzT1xDhgzlnZG7Cys/rFgUYpIvYDHMOFxG6hsDB8vqyHiTXniniti5tdvGGYHgRGQcynRTU12aerrqHTIOefrElXJdf3/PA8FIY/Pd3MmZocY/vvQe0EVHXWrNtnHOF3MFQ1tFyfubKO51Dcp9KmzHnyBvO4CtvGVr/upSVWfo0I/EqkIqvCvBbdSIPeH9V5hAcyWENGF4Wf0/Yqtc0dBhfXJmPVBsC2ghZp9oERK+h5Xs7DpzkT0vtkN+wjgA5weIuG8e2UVNO29LWASzlychVqb7BVa6kNn5CyGwauyIGsYvAFnUjkyJpK8qleNM3VO5x9aw26IhSKlnSE9PAdX8p7PpdoWfxWRekKTc4h6iAe7pFOENvuokAvCNsE5LolR4VrYKXjA0m3nupDNWYexAWfR3lSeSlKd9nD3OENS0biJKayZHs11iDUTxm5u5gm/U60b4z0zDXjh1H/DI/pSCG6jjaXDpw==";
opdavies = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkkbYaCD9NUIQT0NnsmlyfepwjxBYeiJSBCotOpdPTyc5inFAd29DiVw98j4skfaHdzjcqWmMFmDQWM6tGkK7eg8n0WuaABmsjdEbzTtfjHwM0tRDCIh5AtoT4IvoLhwLjEI2jKM05BGCQ2m5lS//AYJK1DjiV4UH+IjXHz6oy/3eFzQwANjxWS+mbR565p21yuAu1DKEyaGeVzT1xDhgzlnZG7Cys/rFgUYpIvYDHMOFxG6hsDB8vqyHiTXniniti5tdvGGYHgRGQcynRTU12aerrqHTIOefrElXJdf3/PA8FIY/Pd3MmZocY/vvQe0EVHXWrNtnHOF3MFQ1tFyfubKO51Dcp9KmzHnyBvO4CtvGVr/upSVWfo0I/EqkIqvCvBbdSIPeH9V5hAcyWENGF4Wf0/Yqtc0dBhfXJmPVBsC2ghZp9oERK+h5Xs7DpzkT0vtkN+wjgA5weIuG8e2UVNO29LWASzlychVqb7BVa6kNn5CyGwauyIGsYvAFnUjkyJpK8qleNM3VO5x9aw26IhSKlnSE9PAdX8p7PpdoWfxWRekKTc4h6iAe7pFOENvuokAvCNsE5LolR4VrYKXjA0m3nupDNWYexAWfR3lSeSlKd9nD3OENS0biJKayZHs11iDUTxm5u5gm/U60b4z0zDXjh1H/DI/pSCG6jjaXDpw==";
}; users = [ opdavies ];
in in
{ {
"secrets/cloudflare.age".publicKeys = [ "secrets/cloudflare.age".publicKeys = [
@ -21,9 +21,7 @@ in
hosts.t490 hosts.t490
] ++ users; ] ++ users;
"secrets/cloudflare.age".publicKeys = [ "secrets/cloudflared-credentials.age".publicKeys = [
hosts.hetznix
hosts.nixedo hosts.nixedo
hosts.t480
] ++ users; ] ++ users;
} }

17
secrets/cloudflared-credentials.age Normal file
View file

@ -0,0 +1,17 @@
age-encryption.org/v1
-> ssh-ed25519 IsVD3g jeHVvTzxsEQOGls45oDKjDCWDSejIiPnSNZxnZRRPiQ
sapo+FofxdYGeidn49uEO+D+SDK9KKLRUAWJMoU5T10
-> ssh-rsa +vTWQw
4SfYg8oc9eBd4zHYfDFYhUTmzHG4HGuz6wpcXMgmiemD5CIt+q2Q5ZzHnUhbfUsm
GIDlRFjN6JWbJSmzW3HpUt/t7WQVk44QyOD5azHM3d8ctcv7ana2npPukQKGqpWu
hWFX6amY5ng2yf1hfeeUgvhKIpDGxgnFKfAbNCheqdgWHWLaUpDSCuc0eugOziMD
RWEsLsHudpdWHtik0cB/Uwycpc/T09sOm2k36H2mMvtjeWdldSHezOcn0uO7Gs9H
OxpPdcuwTeisb6R3zI12ZAL/vEu/8h25OWNkfM64O4p/rkgPpbqhJBiIZL04vRcy
zLnq967b9RqqjmDZFPOkcZBtXm5ck1qo4UYDRck2wkQLfUNkHAYHnwO+29RxstA0
ShQe1uUo68Hx17st/X2wwUZlnfhTcJ4IZwmuOiEZiNgmwbb9ZXBTi8myV1Tpgpkh
I0ooy/pU/tocS2/4XjYwcjRMmEcI0r7ESOgJmyzoakwM7Jbh3kaTDXd324vPYzhQ
SPvosb9VFNCQFuc02LOD1Psy74IEGp5xIMRKGxDE8VSnFFMiNpu3La6HRlrb6e4s
/G2OZ9lsrXSC8gyOF78olk1QMkuSvT6Lw56QhMbuC1XiVINd3+GKQNkE8T2BPAKS
P5PBYTbi0bZjqA4OwbBf+nSPxljUGed1R3IbpAvPM04
--- 2VNOkmpXcK+ywl+DBli84MCED52jL/dPiIpzN82Xrqg
©¢VBÐyÊr=]Àø·]<5D>Q½î®<C3AE><C2AE>6Â>Â-»õè3ÅÝk¢P7þBižíæ0ùsFԸϣn|Àf™0Ú¡YÜ$z„ÌÄU?ïÔ"³À¯ý"%%Œ<Þ‹¸²*yf<79>†^hÓVóCÔN°ág…îÈmÈ婪gÁ=ÓÜǘ+Ž+v€§ã:u9#„BSÈ;Ji7Èú¬6ý¾¶hÖ @°³¡¹É7¦“`$°<Î!â»Y½bîèÊÏ$öïªEèm>5$ï„fV3VÂ";