zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

navidrome over cloudflared

Browse Source
This commit is contained in:
Zuckerberg 2022-04-17 20:36:04 -04:00
parent 1a4bdc4a8a
commit 6233ce6c0d
5 changed files with 72 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
common/server/cloudflared.nix Normal file
View File

@ -0,0 +1,58 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.cloudflared;
settingsFormat = pkgs.formats.yaml { };
in
{
meta.maintainers = with maintainers; [ pmc ];
options = {
services.cloudflared = {
enable = mkEnableOption "cloudflared";
package = mkOption {
type = types.package;
default = pkgs.cloudflared;
description = "The cloudflared package to use";
example = literalExpression ''pkgs.cloudflared'';
};
config = mkOption {
type = settingsFormat.type;
description = "Contents of the config.yaml as an attrset; see https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file for documentation on the contents";
example = literalExpression ''
{
url = "http://localhost:3000";
tunnel = "505c8dd1-e4fb-4ea4-b909-26b8f61ceaaf";
credentials-file = "/var/lib/cloudflared/505c8dd1-e4fb-4ea4-b909-26b8f61ceaaf.json";
}
'';
};
configFile = mkOption {
type = types.path;
description = "Path to cloudflared config.yaml.";
example = literalExpression ''"/etc/cloudflared/config.yaml"'';
};
};
};
config = mkIf cfg.enable ({
# Prefer the config file over settings if both are set.
services.cloudflared.configFile = mkDefault (settingsFormat.generate "cloudflared.yaml" cfg.config);
systemd.services.cloudflared = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "Cloudflare Argo Tunnel";
serviceConfig = {
TimeoutStartSec = 0;
Type = "notify";
ExecStart = "${cfg.package}/bin/cloudflared --config ${cfg.configFile} --no-autoupdate tunnel run";
Restart = "on-failure";
RestartSec = "5s";
};
};
});
}

1
common/server/default.nix
View File

@ -13,5 +13,6 @@
./privatebin/privatebin.nix ./privatebin/privatebin.nix
./radio.nix ./radio.nix
./samba.nix ./samba.nix
./cloudflared.nix
]; ];
} }

11
machines/storage/s0/configuration.nix
View File

@ -143,6 +143,17 @@
proxyWebsockets = true; proxyWebsockets = true;
}; };
# navidrome over cloudflare
services.cloudflared = {
enable = true;
config = {
url = config.services.nginx.virtualHosts."music.s0".locations."/".proxyPass;
tunnel = "5975c2f1-d1f4-496a-a704-6d89ccccae0d";
credentials-file = "/run/agenix/cloudflared-navidrome.json";
};
};
age.secrets."cloudflared-navidrome.json".file = ../../../secrets/cloudflared-navidrome.json.age;
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: { (final: prev: {
radarr = prev.radarr.overrideAttrs (old: rec { radarr = prev.radarr.overrideAttrs (old: rec {

BIN
secrets/cloudflared-navidrome.json.age Normal file
View File

Binary file not shown.

3
secrets/secrets.nix
View File

@ -16,4 +16,5 @@ in
"iodine.age".publicKeys = all; "iodine.age".publicKeys = all;
"spotifyd.age".publicKeys = all; "spotifyd.age".publicKeys = all;
"wolframalpha.age".publicKeys = all; "wolframalpha.age".publicKeys = all;
} "cloudflared-navidrome.json.age".publicKeys = all;
}