56 lines
1.5 KiB
Nix
56 lines
1.5 KiB
Nix
# cloudflared/battery.nix
|
|
{ den, ... }:
|
|
let
|
|
|
|
description = ''
|
|
Configures a Cloudflare tunnel ingress rule for a given subdomain and port.
|
|
Assumes the tunnel UUID and credentials are fixed for this machine.
|
|
|
|
Usage:
|
|
|
|
den.aspects.bug.includes = [
|
|
(den.provides.cloudflared-tunnel "search" 8888)
|
|
(den.provides.cloudflared-tunnel "tube" 3030)
|
|
(den.provides.cloudflared-tunnel "git" 3000)
|
|
];
|
|
|
|
Each call adds one ingress entry: <subdomain>.bug.tools -> http://127.0.0.1:<port>
|
|
The base tunnel setup (enable, credentials, default) is included every time
|
|
and merges safely via the NixOS module system.
|
|
'';
|
|
|
|
TUNNEL_UUID = "4118935e-359b-4dd2-95bd-eb27f7b0c5bb";
|
|
DOMAIN = "bug.tools";
|
|
CREDS_PATH = "/home/bug/.cloudflared/${TUNNEL_UUID}.json";
|
|
|
|
tunnelNixos = subdomain: port: { pkgs, ... }: {
|
|
environment.systemPackages = [ pkgs.cloudflared ];
|
|
|
|
environment.etc."cloudflared/${TUNNEL_UUID}.json".source = CREDS_PATH;
|
|
|
|
services.cloudflared = {
|
|
enable = true;
|
|
|
|
tunnels.${TUNNEL_UUID} = {
|
|
credentialsFile = "/etc/cloudflared/${TUNNEL_UUID}.json";
|
|
default = "http_status:404";
|
|
|
|
ingress = {
|
|
"${subdomain}.${DOMAIN}" = "http://127.0.0.1:${toString port}";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
in
|
|
{
|
|
den.provides.cloudflared-tunnel =
|
|
subdomain: port:
|
|
den.lib.parametric {
|
|
inherit description;
|
|
includes = [
|
|
(_: { nixos = tunnelNixos subdomain port; })
|
|
];
|
|
};
|
|
}
|