push

2026-02-24 11:17:37 -06:00
parent ca84fd5165
commit 6b5e71dd6c
6 changed files with 51 additions and 111 deletions
--- a/modules/infra/cloudflare-tunnel.nix
+++ b/modules/infra/cloudflare-tunnel.nix
@@ -1,55 +0,0 @@
-# cloudflared/battery.nix
-{ den, ... }:
-let
-
-  description = ''
-    Configures a Cloudflare tunnel ingress rule for a given subdomain and port.
-    Assumes the tunnel UUID and credentials are fixed for this machine.
-
-    Usage:
-
-      den.aspects.bug.includes = [
-        (den.provides.cloudflared-tunnel "search" 8888)
-        (den.provides.cloudflared-tunnel "tube"   3030)
-        (den.provides.cloudflared-tunnel "git"    3000)
-      ];
-
-    Each call adds one ingress entry: <subdomain>.bug.tools -> http://127.0.0.1:<port>
-    The base tunnel setup (enable, credentials, default) is included every time
-    and merges safely via the NixOS module system.
-  '';
-
-  TUNNEL_UUID = "4118935e-359b-4dd2-95bd-eb27f7b0c5bb";
-  DOMAIN      = "bug.tools";
-  CREDS_PATH  = "/home/bug/.cloudflared/${TUNNEL_UUID}.json";
-
-  tunnelNixos = subdomain: port: { pkgs, ... }: {
-    environment.systemPackages = [ pkgs.cloudflared ];
-
-    environment.etc."cloudflared/${TUNNEL_UUID}.json".source = CREDS_PATH;
-
-    services.cloudflared = {
-      enable = true;
-
-      tunnels.${TUNNEL_UUID} = {
-        credentialsFile = "/etc/cloudflared/${TUNNEL_UUID}.json";
-        default = "http_status:404";
-
-        ingress = {
-          "${subdomain}.${DOMAIN}" = "http://127.0.0.1:${toString port}";
-        };
-      };
-    };
-  };
-
-in
-{
-  den.provides.cloudflared-tunnel =
-    subdomain: port:
-    den.lib.parametric {
-      inherit description;
-      includes = [
-        (_: { nixos = tunnelNixos subdomain port; })
-      ];
-    };
-}
--- a/modules/infra/cloudflared.nix
+++ b/modules/infra/cloudflared.nix
@@ -1,36 +1,30 @@
-/*
-{
-  den.aspects.cloudflared = {
-    nixos = { pkgs, ...}: let
-      TUNNEL_UUID = "4118935e-359b-4dd2-95bd-eb27f7b0c5bb";
-    in {
-      environment.systemPackages = [ pkgs.cloudflared ];
+{ den, ... }: let
+  tunnel_uuid = "4118935e-359b-4dd2-95bd-eb27f7b0c5bb";
+  domain = "bug.tools";
+  creds  = "/home/bug/.cloudflared/${tunnel_uuid}.json";

-      environment.etc."cloudflared/${TUNNEL_UUID}.json".source = "/home/bug/.cloudflared/${TUNNEL_UUID}.json";
+  tunnel = port: subdomain: { pkgs, ... }: {
+    environment.systemPackages = [ pkgs.cloudflared ];

-      services.cloudflared = {
-        enable = true;
+    environment.etc."cloudflared/${tunnel_uuid}.json".source = creds;

-        tunnels."${TUNNEL_UUID}" = {
-          credentialsFile = "/etc/cloudflared/${TUNNEL_UUID}.json";
-          default = "http_status:404";
+    services.cloudflared = {
+      enable = true;

-          ingress = {
-            "tvtun.bug.tools" = "http://127.0.0.1:3001";
-            "search.bug.tools" = "http://127.0.0.1:8888";
-            "files.bug.tools" = "http://127.0.0.1:3210";
-            "tube.bug.tools" = "http://127.0.0.1:3030";
-            "monitor.bug.tools" = "http://127.0.0.1:61208";
-            "reddit.bug.tools" = "http://127.0.0.1:8975";
-            #"matrix.bug.tools" = "http://127.0.0.1:8008";
-            #"bug.tools" = "http://127.0.0.1:8080";
-            "git.bug.tools" = "http://127.0.0.1:3000";
-          };
+      tunnels.${tunnel_uuid} = {
+        credentialsFile = "/etc/cloudflared/${tunnel_uuid}.json";
+        default = "http_status:404";
+
+        ingress = {
+          "${subdomain}.${domain}" = "http://127.0.0.1:${toString port}";
        };
      };
    };
  };
+in {
+  den.aspects.tunnel = port: subdomain: den.lib.parametric {
+    includes = [
+      (_: { nixos = tunnel port subdomain; })
+    ];
+  };
 }
-*/
-
-{}