From ec0250ad36198a2099b168ba7356faaba0bdb052 Mon Sep 17 00:00:00 2001 From: prescientmoon Date: Thu, 9 May 2024 04:31:39 +0200 Subject: [PATCH] Attempt to set up cloudflare tunnels --- hosts/nixos/lapetus/secrets.yaml | 5 +++-- hosts/nixos/lapetus/services/diptime.nix | 13 +++++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/hosts/nixos/lapetus/secrets.yaml b/hosts/nixos/lapetus/secrets.yaml index 0303d5f..14d681a 100644 --- a/hosts/nixos/lapetus/secrets.yaml +++ b/hosts/nixos/lapetus/secrets.yaml @@ -3,6 +3,7 @@ vaultwarden_env: ENC[AES256_GCM,data:39gY2J+AFTwIRar7tbF6D9WadTzw1xiqPE9T204Z,iv grafana_smtp_pass: ENC[AES256_GCM,data:PudFnWOS6LR69FMhlMs=,iv:4oKSiW0Xgu539w3QQBOW/ay/8w5HrbxRoPGBh/0wST4=,tag:jat8wA3JQlC7WbOwNQ4Ctw==,type:str] grafana_discord_webhook: ENC[AES256_GCM,data:y17UjlnfNmtvim9REkop4abcU6BX0P5JnJY1Mk7mNoE6mhyN7cEOrikTbehT+IOylG6rd+VtKIEj0X86qjx59qEo/NMbXqCrqxy6nhWD2NIDxQ5ZSQOUMVYGVLv7VKx3YG5mMvGgMHZEuJrobc0t6WejKAZ3LT/nqQ==,iv:2XtCnuirsXx2R2X7FozDczi4trAbnP5d8dXV7aJMWzE=,tag:a/dxsRuyye5ChaLGV+P6Zw==,type:str] invidious_hmac_key: ENC[AES256_GCM,data:eN3NNPYUSfPNnVz3aZK7IrnzoBA=,iv:eHEiB/TKL0W6TdWpXADCxEdhhGwUPwOLph2RjwTECh0=,tag:P5m6Uw8JkKVegQ840talPQ==,type:str] +cloudflare_tunnel_credentials: ENC[AES256_GCM,data:XuXXzhGdxYsF1ik2g7yS2wbaI08/AF60P8CnIhjJlMd+jRk36QovuBRRjkfV8BjOg0K+2b4yNHT/nS/ZSV6eorj4sbczw6D+p7LxrQfeVqqhXWyCjbJwQTTDFU9XB2xUohmmC1PJ1/nwShfn1LocPxgwWQiNpqwhTJroojzqxTHUBzCuAMmcZ7jwvd0SlDpZIszhbTQoLRzedRZpCdoNnWTc,iv:2oBLU3SvNUwJ2OYfCmyKiocUw9zU+yixO+tY/AE9sxc=,tag:T3v+MII+kDzomiAQJ0zUdg==,type:str] sops: kms: [] gcp_kms: [] @@ -27,8 +28,8 @@ sops: RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-11T15:04:07Z" - mac: ENC[AES256_GCM,data:2J7kixr5PlrPE65grLiYoZCK4x1vIcbGLblVYu0cJ6rR6cUjvigf7xBPx9dgswRjGJxjUs971ZafRdP3sZUBzUWfhgGv0JO1fGuFGytBj3lEnkVIbbWm7lzaG3DJ+orF3SmhN95nVBjJ/oJ9+129T6/y3zrveu6yfjsEELdkcDY=,iv:t/q82qmUZ1g9haGskhcJzNXDngMeJdNQ7il1W9ME5AU=,tag:yRmKCc1nnj4fVlQaEw9oNQ==,type:str] + lastmodified: "2024-05-09T02:29:16Z" + mac: ENC[AES256_GCM,data:BFZjEpGSvj2HYO+nB33FZRfgUrBIrma6RbLfuZVN5tsB3ghqmNsrQljSPkcwsIDYvzDdIunp3g0C/Kzb0XKdpxVVu/C1XhXVO2JMqxNAASbO+QzO5Kfp8L90w6pkF+IvIc5OFJ40QFH6pCWamyogh/adIzbMY2Yk+xkN54YkwzU=,iv:870LCMvbdMSZAOgRWRFP+th5wSYKRjMfr53camJuSsA=,tag:GyEH4WNjRfjrP4iv8Wqxag==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/hosts/nixos/lapetus/services/diptime.nix b/hosts/nixos/lapetus/services/diptime.nix index 9a345d5..78d9bcb 100644 --- a/hosts/nixos/lapetus/services/diptime.nix +++ b/hosts/nixos/lapetus/services/diptime.nix @@ -9,4 +9,17 @@ rev = "d6ea7b9d9e94ee6d2db8e4e7cff5f8f1c3f04464"; sha256 = "09s6awz5m6hzpc6jp96c118i372430c7b41acm5m62bllcvrj9vk"; }); + + sops.secrets.cloudflare_tunnel_credentials = { + sopsFile = ../secrets.yaml; + owner = config.services.cloudflared.user; + group = config.services.cloudflared.group; + }; + + services.cloudflared = { + tunnels."347d9ead-a523-4f8b-bca7-3066e31e2952" = { + credentialsFile = config.sops.secrets.cloudflare_tunnel_credentials.path; + ingress."diptime.moonythm.dev".service = "http://localhost:80"; + }; + }; }