From ebcfef4bd3f672b10c63ee7e3e895aeb6465b264 Mon Sep 17 00:00:00 2001
From: prescientmoon <git@moonythm.dev>
Date: Fri, 10 May 2024 19:43:00 +0200
Subject: [PATCH] Attempt to use cloudflare tunnel through nginx

---
 hosts/nixos/lapetus/services/microbin.nix |  9 ++-
 modules/nixos/cloudflared.nix             |  4 +-
 scripts/dns/dns.txt                       | 70 +++++++++++------------
 3 files changed, 44 insertions(+), 39 deletions(-)

diff --git a/hosts/nixos/lapetus/services/microbin.nix b/hosts/nixos/lapetus/services/microbin.nix
index 52148da..7ca8651 100644
--- a/hosts/nixos/lapetus/services/microbin.nix
+++ b/hosts/nixos/lapetus/services/microbin.nix
@@ -1,12 +1,17 @@
 { config, lib, ... }:
-let port = 8418;
+let
+  port = 8418;
+  host = "bin.moonythm.dev";
 in
 {
   imports = [ ./cloudflared.nix ];
 
   sops.secrets.microbin_env.sopsFile = ../secrets.yaml;
+
   services.cloudflared.tunnels =
-    config.satellite.cloudflared.proxy "bin.moonythm.dev" port;
+    config.satellite.cloudflared.proxy host;
+  services.nginx.virtualHosts.${host} =
+    config.satellite.proxy port { };
 
   services.microbin = {
     enable = true;
diff --git a/modules/nixos/cloudflared.nix b/modules/nixos/cloudflared.nix
index bed76e5..4353815 100644
--- a/modules/nixos/cloudflared.nix
+++ b/modules/nixos/cloudflared.nix
@@ -14,9 +14,9 @@ in
     };
   };
 
-  config.satellite.cloudflared.proxy = from: port: {
+  config.satellite.cloudflared.proxy = from: {
     ${cfg.tunnel} = {
-      ingress.${from} = "http://localhost:${toString port}";
+      ingress.${from} = "http://localhost:443";
     };
   };
 }
diff --git a/scripts/dns/dns.txt b/scripts/dns/dns.txt
index cfe9b50..8191ecb 100644
--- a/scripts/dns/dns.txt
+++ b/scripts/dns/dns.txt
@@ -5,46 +5,46 @@ $TTL 600 ; expiration time in ms
 ; Main dns records
 
 ; Actual (tailscale internal) IPs
-lapetus.moonythm.dev       IN A     100.93.136.59
-lapetus.moonythm.dev       IN AAAA  fd7a:115c:a1e0::e75d:883b
+lapetus      IN A     100.93.136.59
+lapetus      IN AAAA  fd7a:115c:a1e0::e75d:883b
 
 ; lapetus services
-actual             IN CNAME  lapetus.moonythm.dev.
-api.intray         IN CNAME  lapetus.moonythm.dev.
-api.smos           IN CNAME  lapetus.moonythm.dev.
-cal                IN CNAME  lapetus.moonythm.dev.
-docs.smos          IN CNAME  lapetus.moonythm.dev.
-grafana            IN CNAME  lapetus.moonythm.dev.
-intray             IN CNAME  lapetus.moonythm.dev.
-irc                IN CNAME  lapetus.moonythm.dev.
-lab                IN CNAME  lapetus.moonythm.dev.
-lapetus.syncthing  IN CNAME  lapetus.moonythm.dev.
-media              IN CNAME  lapetus.moonythm.dev.
-prometheus         IN CNAME  lapetus.moonythm.dev.
-qbit               IN CNAME  lapetus.moonythm.dev.
-redlib             IN CNAME  lapetus.moonythm.dev.
-rss                IN CNAME  lapetus.moonythm.dev.
-search             IN CNAME  lapetus.moonythm.dev.
-smos               IN CNAME  lapetus.moonythm.dev.
-warden             IN CNAME  lapetus.moonythm.dev.
-yt                 IN CNAME  lapetus.moonythm.dev.
-diptime            IN CNAME  lapetus.moonythm.dev.
-*.irc              IN CNAME  irc.moonythm.dev.
+actual             IN CNAME  lapetus
+api.intray         IN CNAME  lapetus
+api.smos           IN CNAME  lapetus
+cal                IN CNAME  lapetus
+docs.smos          IN CNAME  lapetus
+grafana            IN CNAME  lapetus
+intray             IN CNAME  lapetus
+irc                IN CNAME  lapetus
+lab                IN CNAME  lapetus
+lapetus.syncthing  IN CNAME  lapetus
+media              IN CNAME  lapetus
+prometheus         IN CNAME  lapetus
+qbit               IN CNAME  lapetus
+redlib             IN CNAME  lapetus
+rss                IN CNAME  lapetus
+search             IN CNAME  lapetus
+smos               IN CNAME  lapetus
+warden             IN CNAME  lapetus
+yt                 IN CNAME  lapetus
+diptime            IN CNAME  lapetus
+*.irc              IN CNAME  irc
 
 ; Tunnel used by lapetus
-tunnel.lapetus             IN CNAME  347d9ead-a523-4f8b-bca7-3066e31e2952.cfargotunnel.com
+tunnel.lapetus     IN CNAME  347d9ead-a523-4f8b-bca7-3066e31e2952.cfargotunnel.com
 
 ; lapetus services using cloudflare tunnels
-bin                IN CNAME  tunnel.lapetus.moonythm.dev.
+bin                IN CNAME  tunnel.lapetus
 
 ; ==========================================================================================
 ; Migadu mail setup
 
 ; Mail MX records
-orbit.moonythm.dev  IN MX 10  aspmx1.migadu.com.
-orbit.moonythm.dev  IN MX 20  aspmx2.migadu.com.
-moonythm.dev        IN MX 10  aspmx1.migadu.com.
-moonythm.dev        IN MX 20  aspmx2.migadu.com.
+orbit  IN MX 10  aspmx1.migadu.com.
+orbit  IN MX 20  aspmx2.migadu.com.
+@      IN MX 10  aspmx1.migadu.com.
+@      IN MX 20  aspmx2.migadu.com.
 
 ; Mail CNAME records
 key1._domainkey        IN CNAME  key1.moonythm.dev._domainkey.migadu.com.
@@ -55,9 +55,9 @@ key2._domainkey.orbit  IN CNAME  key2.orbit.moonythm.dev._domainkey.migadu.com.
 key3._domainkey.orbit  IN CNAME  key3.orbit.moonythm.dev._domainkey.migadu.com.
 
 ; Other mail stuff
-_dmarc.moonythm.dev       IN TXT  "v=DMARC1; p=quarantine;"
-_dmarc.orbit.moonythm.dev IN TXT  "v=DMARC1; p=quarantine;"
-moonythm.dev              IN TXT  "hosted-email-verify=kfkhyexd"
-moonythm.dev              IN TXT  "v=spf1 include:spf.migadu.com -all"
-orbit.moonythm.dev        IN TXT  "hosted-email-verify=24s7lnum"
-orbit.moonythm.dev        IN TXT  "v=spf1 include:spf.migadu.com -all"
+_dmarc        IN TXT  "v=DMARC1; p=quarantine;"
+_dmarc.orbit  IN TXT  "v=DMARC1; p=quarantine;"
+@             IN TXT  "hosted-email-verify=kfkhyexd"
+@             IN TXT  "v=spf1 include:spf.migadu.com -all"
+orbit         IN TXT  "hosted-email-verify=24s7lnum"
+orbit         IN TXT  "v=spf1 include:spf.migadu.com -all"