2024-03-03 16:57:20 +01:00
|
|
|
{
|
2024-04-02 20:53:12 +02:00
|
|
|
lib,
|
2024-07-29 10:58:43 +02:00
|
|
|
pkgs,
|
2024-03-03 16:57:20 +01:00
|
|
|
config,
|
2024-07-29 10:58:43 +02:00
|
|
|
_utils,
|
2024-03-03 16:57:20 +01:00
|
|
|
...
|
2024-07-29 10:58:43 +02:00
|
|
|
}: let
|
2024-04-02 20:53:12 +02:00
|
|
|
tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5";
|
2024-04-13 14:26:07 +02:00
|
|
|
|
2024-07-29 23:47:05 +02:00
|
|
|
secrets = _utils.setupSharedSecrets config {secrets = ["frpToken"];};
|
2024-07-29 10:58:43 +02:00
|
|
|
cfTunnelSecret = _utils.setupSingleSecret config "tunnelCreds" {
|
|
|
|
|
owner = "cloudflared";
|
|
|
|
|
group = "cloudflared";
|
|
|
|
|
};
|
2024-04-02 20:53:12 +02:00
|
|
|
in {
|
2024-07-29 10:58:43 +02:00
|
|
|
imports = [
|
|
|
|
|
(lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"])
|
2024-04-02 20:53:12 +02:00
|
|
|
|
2024-07-29 23:47:05 +02:00
|
|
|
secrets.generate
|
2024-07-29 10:58:43 +02:00
|
|
|
cfTunnelSecret.generate
|
2024-05-19 18:53:03 +02:00
|
|
|
|
2024-07-29 10:58:43 +02:00
|
|
|
./minecraft.nix
|
|
|
|
|
./dendrite.nix
|
|
|
|
|
./nextcloud.nix
|
|
|
|
|
./reposilite.nix
|
|
|
|
|
./uku.nix
|
|
|
|
|
./vaultwarden.nix
|
|
|
|
|
./forgejo.nix
|
|
|
|
|
./shlink.nix
|
|
|
|
|
./metrics.nix
|
2024-08-27 16:57:44 +02:00
|
|
|
./navidrome.nix
|
2024-07-29 10:58:43 +02:00
|
|
|
];
|
2024-02-02 15:20:48 +01:00
|
|
|
|
2024-05-21 15:00:01 +02:00
|
|
|
boot = {
|
|
|
|
|
kernelPackages = lib.mkForce pkgs.linuxPackages_6_1;
|
|
|
|
|
loader.systemd-boot.enable = true;
|
|
|
|
|
};
|
2024-02-02 15:20:48 +01:00
|
|
|
|
2024-08-16 12:15:28 +02:00
|
|
|
networking.interfaces.eno1 = {
|
|
|
|
|
wakeOnLan.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
2024-02-02 15:20:48 +01:00
|
|
|
services = {
|
2024-06-14 23:59:44 +02:00
|
|
|
jmusicbot = {
|
|
|
|
|
enable = true;
|
|
|
|
|
stateDir = "/var/lib/jmusicbot";
|
|
|
|
|
};
|
|
|
|
|
|
2024-04-29 16:34:34 +02:00
|
|
|
openssh.openFirewall = true;
|
|
|
|
|
|
2024-05-19 10:34:48 +02:00
|
|
|
nginx.enable = true;
|
|
|
|
|
|
|
|
|
|
frp = {
|
|
|
|
|
enable = true;
|
|
|
|
|
role = "client";
|
|
|
|
|
settings = {
|
|
|
|
|
serverAddr = "49.13.148.129";
|
|
|
|
|
serverPort = 7000;
|
2024-05-19 18:53:03 +02:00
|
|
|
auth = {
|
|
|
|
|
method = "token";
|
|
|
|
|
token = "{{ .Envs.FRP_TOKEN }}";
|
|
|
|
|
};
|
2024-05-19 10:34:48 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-02-02 15:20:48 +01:00
|
|
|
cloudflared = {
|
|
|
|
|
enable = true;
|
2024-04-02 20:53:12 +02:00
|
|
|
tunnels.${tunnelId} = {
|
2024-07-29 10:58:43 +02:00
|
|
|
credentialsFile = cfTunnelSecret.path;
|
2024-02-02 15:20:48 +01:00
|
|
|
default = "http_status:404";
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-03-06 22:50:31 +01:00
|
|
|
};
|
2024-05-19 18:53:03 +02:00
|
|
|
|
2024-08-17 12:14:38 +02:00
|
|
|
systemd.services = {
|
|
|
|
|
"cloudflared-tunnel-${tunnelId}".serviceConfig.RestartSec = "10s";
|
|
|
|
|
frp.serviceConfig.EnvironmentFile = secrets.get "frpToken";
|
|
|
|
|
};
|
2024-08-29 11:46:38 +02:00
|
|
|
|
|
|
|
|
virtualisation = {
|
|
|
|
|
docker.enable = true;
|
|
|
|
|
oci-containers.backend = "docker";
|
|
|
|
|
};
|
2024-01-18 15:15:14 +01:00
|
|
|
}
|
