cf tunnels

modules/system/homelab/tunnels.nix

@@ -0,0 +1,14 @@
+{ homelab, ... }: {
+  services.cloudflared = {
+    enable = true;
+    tunnels.homelab = {
+      credentialsFile = "/mnt/data/cloudflared/homelab.json";
+      default = "http_status:404";
+      ingress = {
+        "git.${homelab.domain}" = "http://localhost:3000";
+        "auth.${homelab.domain}" = "http://localhost:1411";
+        "gallery.${homelab.domain}" = "http://localhost:2284";
+      };
+    };
+  };
+}

modules/system/server.nix

@@ -1,12 +1,21 @@
-{ lib, ... }: {
+{ lib, ... }: let
+  ts-flags = [
+    "--advertise-exit-node"
+    "--advertise-routes=10.3.14.0/24,192.168.1.0/24"
+    "--ssh" "--webclient"
+  ];
+in {
   imports = [
+    ./homelab/tunnels.nix
+    ./homelab/mesh.nix
     ./homelab/containers.nix
-    ./homelab/gallery.nix
     ./homelab/remote.nix
+    ./homelab/gallery.nix
     # ./homelab/media.nix # wip
     ./homelab/share.nix
     ./homelab/proxy.nix
     ./homelab/auth.nix
+    ./homelab/pass.nix
     ./homelab/dash.nix
     ./homelab/dns.nix
     ./homelab/git.nix
@@ -16,8 +25,14 @@
     ./base.nix
   ];
 
-  specialisation.safe-mode.configuration = {};
-
+  services.tailscale = {
+    enable = true;
+    authKeyFile = "/mnt/data/tailscale/authkey";
+    useRoutingFeatures = "server";
+    extraUpFlags = ts-flags;
+    extraSetFlags = ts-flags;
+  };
+  
   virtualisation = {
     oci-containers.backend = "docker";
     docker = {