From ca84fd5165d91429fc450f06a6d17acd55474ed9 Mon Sep 17 00:00:00 2001 From: 4DBug <4DBug@github.com> Date: Mon, 23 Feb 2026 09:50:47 -0600 Subject: [PATCH] push --- .stfolder/syncthing-folder-a0745f.txt | 2 +- modules/hosts/box/box.nix | 17 +++++++-- modules/infra/cloudflare-tunnel.nix | 55 +++++++++++++++++++++++++++ modules/infra/cloudflared.nix | 4 ++ modules/services/gitea.nix | 13 ++----- modules/services/mailserver.nix | 1 + modules/services/searxng/searxng.yml | 8 ++-- 7 files changed, 81 insertions(+), 19 deletions(-) create mode 100644 modules/infra/cloudflare-tunnel.nix diff --git a/.stfolder/syncthing-folder-a0745f.txt b/.stfolder/syncthing-folder-a0745f.txt index b3ae570..2f6a7df 100644 --- a/.stfolder/syncthing-folder-a0745f.txt +++ b/.stfolder/syncthing-folder-a0745f.txt @@ -2,4 +2,4 @@ # Do not delete. folderID: nix -created: 2026-01-29T23:05:44-06:00 +created: 2026-01-29T23:06:32-06:00 diff --git a/modules/hosts/box/box.nix b/modules/hosts/box/box.nix index 2b219a2..7ba8dd8 100644 --- a/modules/hosts/box/box.nix +++ b/modules/hosts/box/box.nix @@ -3,23 +3,32 @@ den.aspects.box = { includes = with den.aspects; [ den.default - den.provides.home-manager + # den.provides.home-manager syncthing fish - cloudflared + #cloudflared searxng copyparty glances # invidious mailserver - #matrix + # matrix redlib - #sish + # sish vscode-server dns openssh gitea + + + (den.provides.cloudflared-tunnel "tvtun" 3001) + (den.provides.cloudflared-tunnel "search" 8888) + (den.provides.cloudflared-tunnel "files" 3210) + (den.provides.cloudflared-tunnel "tube" 3030) + (den.provides.cloudflared-tunnel "monitor" 61208) + (den.provides.cloudflared-tunnel "reddit" 8975) + (den.provides.cloudflared-tunnel "git" 3000) ]; nixos = { diff --git a/modules/infra/cloudflare-tunnel.nix b/modules/infra/cloudflare-tunnel.nix new file mode 100644 index 0000000..c33f7f3 --- /dev/null +++ b/modules/infra/cloudflare-tunnel.nix @@ -0,0 +1,55 @@ +# cloudflared/battery.nix +{ den, ... }: +let + + description = '' + Configures a Cloudflare tunnel ingress rule for a given subdomain and port. + Assumes the tunnel UUID and credentials are fixed for this machine. + + Usage: + + den.aspects.bug.includes = [ + (den.provides.cloudflared-tunnel "search" 8888) + (den.provides.cloudflared-tunnel "tube" 3030) + (den.provides.cloudflared-tunnel "git" 3000) + ]; + + Each call adds one ingress entry: .bug.tools -> http://127.0.0.1: + The base tunnel setup (enable, credentials, default) is included every time + and merges safely via the NixOS module system. + ''; + + TUNNEL_UUID = "4118935e-359b-4dd2-95bd-eb27f7b0c5bb"; + DOMAIN = "bug.tools"; + CREDS_PATH = "/home/bug/.cloudflared/${TUNNEL_UUID}.json"; + + tunnelNixos = subdomain: port: { pkgs, ... }: { + environment.systemPackages = [ pkgs.cloudflared ]; + + environment.etc."cloudflared/${TUNNEL_UUID}.json".source = CREDS_PATH; + + services.cloudflared = { + enable = true; + + tunnels.${TUNNEL_UUID} = { + credentialsFile = "/etc/cloudflared/${TUNNEL_UUID}.json"; + default = "http_status:404"; + + ingress = { + "${subdomain}.${DOMAIN}" = "http://127.0.0.1:${toString port}"; + }; + }; + }; + }; + +in +{ + den.provides.cloudflared-tunnel = + subdomain: port: + den.lib.parametric { + inherit description; + includes = [ + (_: { nixos = tunnelNixos subdomain port; }) + ]; + }; +} diff --git a/modules/infra/cloudflared.nix b/modules/infra/cloudflared.nix index 2f0a44a..bf269c4 100644 --- a/modules/infra/cloudflared.nix +++ b/modules/infra/cloudflared.nix @@ -1,3 +1,4 @@ +/* { den.aspects.cloudflared = { nixos = { pkgs, ...}: let @@ -30,3 +31,6 @@ }; }; } +*/ + +{} diff --git a/modules/services/gitea.nix b/modules/services/gitea.nix index 401c63b..44c2db7 100644 --- a/modules/services/gitea.nix +++ b/modules/services/gitea.nix @@ -3,16 +3,11 @@ nixos = { services.gitea = { enable = true; - config = { - database = { - type = "sqlite3"; - path = "/var/lib/gitea/gitea.db"; - }; - server = { - domain = "example.com"; - httpPort = 3000; - }; + database.type = "mysql"; + + settings.service = { + DISABLE_REGISTRATION = true; }; }; }; diff --git a/modules/services/mailserver.nix b/modules/services/mailserver.nix index 8ef5ea7..34dfd7e 100644 --- a/modules/services/mailserver.nix +++ b/modules/services/mailserver.nix @@ -41,6 +41,7 @@ "matrix@bug.tools" "fluxer@bug.tools" "git@bug.tools" + "contact@bug.tools" ]; }; diff --git a/modules/services/searxng/searxng.yml b/modules/services/searxng/searxng.yml index cbeac08..eb19e1b 100644 --- a/modules/services/searxng/searxng.yml +++ b/modules/services/searxng/searxng.yml @@ -1,7 +1,5 @@ general: - # Debug mode, only for development. Is overwritten by ${SEARXNG_DEBUG} debug: false - # displayed name instance_name: "search.bug.tools" # For example: https://example.com/privacy privacypolicy_url: false @@ -9,7 +7,7 @@ general: # use false to disable the donation link donation_url: false # mailto:contact@example.com - contact_url: false + contact_url: contact@bug.tools # record stats enable_metrics: true # expose stats in open metrics format at /metrics @@ -2177,7 +2175,7 @@ engines: - name: yahoo engine: yahoo shortcut: yh - + - name: yahoo news engine: yahoo_news shortcut: yhn @@ -2823,4 +2821,4 @@ doi_resolvers: sci-hub.st: 'https://sci-hub.st/' sci-hub.ru: 'https://sci-hub.ru/' -default_doi_resolver: 'oadoi.org' \ No newline at end of file +default_doi_resolver: 'oadoi.org'