From 6233ce6c0d10db2901e4dd5d7c7dc175588f7b8c Mon Sep 17 00:00:00 2001 From: Zuckerberg Date: Sun, 17 Apr 2022 20:36:04 -0400 Subject: [PATCH] navidrome over cloudflared --- common/server/cloudflared.nix | 58 +++++++++++++++++++++++++ common/server/default.nix | 1 + machines/storage/s0/configuration.nix | 11 +++++ secrets/cloudflared-navidrome.json.age | Bin 0 -> 2009 bytes secrets/secrets.nix | 3 +- 5 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 common/server/cloudflared.nix create mode 100644 secrets/cloudflared-navidrome.json.age diff --git a/common/server/cloudflared.nix b/common/server/cloudflared.nix new file mode 100644 index 0000000..a8757bb --- /dev/null +++ b/common/server/cloudflared.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.cloudflared; + settingsFormat = pkgs.formats.yaml { }; +in +{ + meta.maintainers = with maintainers; [ pmc ]; + + options = { + services.cloudflared = { + enable = mkEnableOption "cloudflared"; + package = mkOption { + type = types.package; + default = pkgs.cloudflared; + description = "The cloudflared package to use"; + example = literalExpression ''pkgs.cloudflared''; + }; + config = mkOption { + type = settingsFormat.type; + description = "Contents of the config.yaml as an attrset; see https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file for documentation on the contents"; + example = literalExpression '' + { + url = "http://localhost:3000"; + tunnel = "505c8dd1-e4fb-4ea4-b909-26b8f61ceaaf"; + credentials-file = "/var/lib/cloudflared/505c8dd1-e4fb-4ea4-b909-26b8f61ceaaf.json"; + } + ''; + }; + + configFile = mkOption { + type = types.path; + description = "Path to cloudflared config.yaml."; + example = literalExpression ''"/etc/cloudflared/config.yaml"''; + }; + }; + }; + + config = mkIf cfg.enable ({ + # Prefer the config file over settings if both are set. + services.cloudflared.configFile = mkDefault (settingsFormat.generate "cloudflared.yaml" cfg.config); + + systemd.services.cloudflared = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + description = "Cloudflare Argo Tunnel"; + serviceConfig = { + TimeoutStartSec = 0; + Type = "notify"; + ExecStart = "${cfg.package}/bin/cloudflared --config ${cfg.configFile} --no-autoupdate tunnel run"; + Restart = "on-failure"; + RestartSec = "5s"; + }; + }; + }); +} \ No newline at end of file diff --git a/common/server/default.nix b/common/server/default.nix index 7101367..1a9ab4a 100644 --- a/common/server/default.nix +++ b/common/server/default.nix @@ -13,5 +13,6 @@ ./privatebin/privatebin.nix ./radio.nix ./samba.nix + ./cloudflared.nix ]; } \ No newline at end of file diff --git a/machines/storage/s0/configuration.nix b/machines/storage/s0/configuration.nix index c412acc..80b5376 100644 --- a/machines/storage/s0/configuration.nix +++ b/machines/storage/s0/configuration.nix @@ -143,6 +143,17 @@ proxyWebsockets = true; }; + # navidrome over cloudflare + services.cloudflared = { + enable = true; + config = { + url = config.services.nginx.virtualHosts."music.s0".locations."/".proxyPass; + tunnel = "5975c2f1-d1f4-496a-a704-6d89ccccae0d"; + credentials-file = "/run/agenix/cloudflared-navidrome.json"; + }; + }; + age.secrets."cloudflared-navidrome.json".file = ../../../secrets/cloudflared-navidrome.json.age; + nixpkgs.overlays = [ (final: prev: { radarr = prev.radarr.overrideAttrs (old: rec { diff --git a/secrets/cloudflared-navidrome.json.age b/secrets/cloudflared-navidrome.json.age new file mode 100644 index 0000000000000000000000000000000000000000..4c157bcb3ef330eddb30563fd6909c80136c2c3f GIT binary patch literal 2009 zcmZXU+3Vy60mqBQYYN2&1*xS*iVxfL=S(uW#$wqdlbOlnn%oC1n8`W0Cz(kmQ)*jw zQIMjg`ygFgMQB|SY85T}xD~YzQmUXYE~48aJ_v5TuoV&g`TG0)1s}er8wDpp;njV$ z+myv;$~qdh(BR}@plRZhz=u&3ngEBA%<&E|lNmETa*O@27S?FLF;JFDM-@JVFjz>2 ze3~2!CiRI%B?j{%LGaw#Pkl_WKySs0nK~m#x`s4aUf{B`XY>x{Yeg&1((-jj97w>K zgC1l~)XtLBcx2qPmc0z5{f)@<0#hCQ`A1kub~MtE6md~Q$e3PO;U8COI4yb#38krzH z%WEl>#8K-av6662wX1B@?^;v}+qO$-FC_*_t>U~TI|UzkIMg+&;bGfdOro=hHm3|v z5SVK8KC&JoXKB75+hqhC*Bi)K6qvZ2ty0W)sofCHbOu~()OJFpxw31V{r#p{I+HMK?&WzQ7$S=t;9R9Xgz#pu)=tJw-A8H-0` zUPz3{)d4PU?Y&O9YOqSh`gp7%dypygyi*f&mLMI~sGS*QjhfNL*of=SA?%D{yvi|n zvTe@N`o)x#J75weAxTqaw64-ZVB#v+^A$Ao^{kv*{hVbqyxw*+l#fOOal=tk5|3bS z?%L^*L1DjW>*aJeWH66Qb(@R9DIdFea84Tx&JIQdXi}7-Rwq+-3@UWRER?9_m2zUm zNX_Kyu}v|P$TxSCmJW^vBa2%L38f)t5_T=DG7J_~N5(6(sd@g$qLNiR0gayPB&~!= zLjqHLR*lp>QYU23=T?EuL4kAo&_03-Yl2~un8!nE&oLA^aQz-z>yqZJp;ot{k;Vjt zwHeLnqYU+XZQkjs4A-XR@#nO)ox!#;K&eJj6Z*&_61^nbnZFyCUEIiSl9(YZ2qpn) zNVQA0v^_9v5p&upGj_H}WI|Z0>_Yw22a{u#KFtnwHX$5EjOsB1F$Ahx`20|iMMiClb=FE`M$|sO-ts0f zux&i+hb+!7#zRk8Eob@;cD0ES9X3-z@Uk7O(<2sh%&BmeW~~mPE(1nDYq$x5&0(xU zIi;6eZXiwHYWBhrrDR>vO}> z@~F%o&n-Z$rf41kTu0k8e@Ja@sdLDE3wtWc=Mn@~BLVjmfg?jNq?Hw9kb@$ZO3v~9 z^^lmCF)`96td*kJE(VRhPvwq6ia9+UEtcnV<5Hq2A|RX0#7O6Ns{l%!)03;c(}DVJ z5{e4t7bZLIqQxpMD*p5*Sp}Vrmq*i|U@@_>`Yjx?rs)q+$rVs5nuwB)w1PHH55)hS zd`Nu!LU`+L9h$dkVnxljMYx!nEbwg2Aw$jkB#;Ar^$;?->!;{vUw!_K z@4tIP_`uuGk?nT-!Z%;|`GX(7s9yirx8Hhge$OYq{JGzM<>DK6{tk5R{L#~2`{iA~ zcvkpva?OCQz4x!twFmEeKzZWDm+r1_T>sG3Z(aE+US9jnMfN{`|LgXVo3~%*|MjJT-F literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 5caeab8..fb0905b 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -16,4 +16,5 @@ in "iodine.age".publicKeys = all; "spotifyd.age".publicKeys = all; "wolframalpha.age".publicKeys = all; -} \ No newline at end of file + "cloudflared-navidrome.json.age".publicKeys = all; +}