From 606fa9a7da16ebefa5716967ca57cf2eb15bd68f Mon Sep 17 00:00:00 2001 From: Satria Date: Thu, 5 Mar 2026 22:26:18 +0700 Subject: [PATCH] cf tunnels --- modules/system/homelab/tunnels.nix | 14 ++++++++++++++ modules/system/server.nix | 23 +++++++++++++++++++---- 2 files changed, 33 insertions(+), 4 deletions(-) create mode 100644 modules/system/homelab/tunnels.nix diff --git a/modules/system/homelab/tunnels.nix b/modules/system/homelab/tunnels.nix new file mode 100644 index 0000000..a12cc15 --- /dev/null +++ b/modules/system/homelab/tunnels.nix @@ -0,0 +1,14 @@ +{ homelab, ... }: { + services.cloudflared = { + enable = true; + tunnels.homelab = { + credentialsFile = "/mnt/data/cloudflared/homelab.json"; + default = "http_status:404"; + ingress = { + "git.${homelab.domain}" = "http://localhost:3000"; + "auth.${homelab.domain}" = "http://localhost:1411"; + "gallery.${homelab.domain}" = "http://localhost:2284"; + }; + }; + }; +} \ No newline at end of file diff --git a/modules/system/server.nix b/modules/system/server.nix index 29bc8ee..46fcec7 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -1,12 +1,21 @@ -{ lib, ... }: { +{ lib, ... }: let + ts-flags = [ + "--advertise-exit-node" + "--advertise-routes=10.3.14.0/24,192.168.1.0/24" + "--ssh" "--webclient" + ]; +in { imports = [ + ./homelab/tunnels.nix + ./homelab/mesh.nix ./homelab/containers.nix - ./homelab/gallery.nix ./homelab/remote.nix + ./homelab/gallery.nix # ./homelab/media.nix # wip ./homelab/share.nix ./homelab/proxy.nix ./homelab/auth.nix + ./homelab/pass.nix ./homelab/dash.nix ./homelab/dns.nix ./homelab/git.nix @@ -16,8 +25,14 @@ ./base.nix ]; - specialisation.safe-mode.configuration = {}; - + services.tailscale = { + enable = true; + authKeyFile = "/mnt/data/tailscale/authkey"; + useRoutingFeatures = "server"; + extraUpFlags = ts-flags; + extraSetFlags = ts-flags; + }; + virtualisation = { oci-containers.backend = "docker"; docker = {