39 lines
1.1 KiB
Nix
39 lines
1.1 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
# https://wiki.nixos.org/wiki/Cloudflared
|
|
{
|
|
boot.kernel.sysctl."net.ipv4.ping_group_range" = "0 65535";
|
|
users.groups.cloudflared = {};
|
|
users.users.cloudflared = {
|
|
isSystemUser = true;
|
|
group = "cloudflared"; # Match allowed range
|
|
};
|
|
|
|
sops.secrets.cloudflared-creds = {};
|
|
environment.systemPackages = with pkgs; [ cloudflared ];
|
|
services.cloudflared = {
|
|
enable = true;
|
|
tunnels = {
|
|
"panoptes-nix" = {
|
|
credentialsFile = config.sops.secrets.cloudflared-creds.path;
|
|
# credentialsFile = /root/.cloudflared/c5d343b4-c12c-4490-9d92-9a2345738dc2.json;
|
|
default = "http_status:404";
|
|
ingress = {
|
|
"panoptes.john-stream.com" = {
|
|
service = "https://localhost:443";
|
|
# path = ".*";
|
|
originRequest = {
|
|
originServerName = "panoptes.john-stream.com";
|
|
noTLSVerify = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
systemd.services.cloudflared-tunnel-panoptes-nix.serviceConfig = {
|
|
DynamicUser = lib.mkForce false;
|
|
User = "cloudflared";
|
|
Group = "cloudflared";
|
|
};
|
|
}
|