anotherhadi/nixy
1
Fork 0
mirror of https://github.com/anotherhadi/nixy.git synced 2026-04-02 11:12:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

add cloudflared

Browse Source 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
This commit is contained in:
Hadi
2026-01-04 00:11:37 +01:00
parent e32cf43d87
commit 8f16767240
4 changed files with 46 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/server/configuration.nix
View File

@@ -13,6 +13,7 @@
../../server-modules/ssh.nix
# ../../server-modules/bitwarden.nix
../../server-modules/firewall.nix
../../server-modules/cloudflared.nix
../../server-modules/nginx.nix
../../server-modules/glance.nix
../../server-modules/adguardhome.nix

7
hosts/server/secrets/secrets.yaml
View File

@@ -8,6 +8,7 @@ recyclarr: ENC[AES256_GCM,data:3rZgs4Z/XaQPxbueepPQlUthHMSKn1e92FyIOpzn1MsGmEL8L
wireguard-pia: ENC[AES256_GCM,data:2IvJARGhesMuH9RdWzsyrwA7eqrhLyacQqZ1RNEkGOPUkQGX4uimKBSzkxXRy/haZ4V2k73JdLSaB9rAuI0n65GmWHmarwZekOyhRZSNb+zvFgw5BPZmywG1wR2HiTGR/qILovAaz47q/VnohUnjbbMCUvarC4PytWGxMUH96GIgZar8HjHFtK8grCSxlvpHKiDeKx8VSXnY/Pxj1EplBtIqwmtAeZdf/VjtwOL0nY54doPwHdIAvJ0B8Cu0a1zJIGEbV1NlKIHEJ1YA7rmv1ODkBnbXbIHMxAR3jeqR/UDqhDmXe41KujhiJI7nNeO7FKo2v92jK3fSbxYKatLrzXktHpE9JsMYVBXzTK7yAXPgoDdgLXzWH0OrJGBSisPrvqmxUko7MPreuwVYfFlKpll6JLifk8sML4A+94UPR8b89guXn7kBkLg1Y1oIAyguCdKpNOD31nXBMFF0nTcmCwyshDySaGTfJDgox65/77AiN1wH,iv:cdu6lBjLnEEfSFmWMC4Vn2sLKsvpCaatzXlgRNkEMeA=,tag:y1rAeNPB+DNGTpnP94iQrA==,type:str]
signing-key: ENC[AES256_GCM,data:FrJzuTgH/ooZkcnYL55uQcc4u+QzNnFvNVs2wDSE4nnwku+EuCJBlb8pd/6W0KPwIXzcki/8CY0YfRcRrzjExMgMa4hwxrlxS9bk3LNPzJsrRK5RJgPg3iA8L791f1zcDxNf8RuWatIqm1TCK+Vhdk/p+221zy1Gcq1dW8X+o4XzbPBzHdLagcIdB0wpjYTtIoGP2X8GoL/NJpuzIiQBK1HdGNKvUI2+ztqCQZOsxm+Fki57NteX3/Llw8AwABjdZvviOBZ62OvJ/SsOQ9NYAvKfAkog5zCn8DLvaqAPGSxRBQEYWM8GyL2imgs54YfEsOpGa4DzMiv4Sc5m398E/asaPq357eksUqh3EYpzoKZ5bIbd5+Vs3KBWKHltUCzXLHaLrIX0CuJFQFi7DCxEbYqlb04x5t3jc/c+/7uwqBHv1Y5gwAjd8JswDWmE7Q3xSk96Za57SCxWPYTo2ErsA2XdL+yxXdhmqkhDZKtUzrcHExhnYe7YLpSlBEclJ/G2BeTOFIWoAmN+1y4rh21R,iv:VaZrv5/41ZyIax702Yae4QmFKpcEaWwPmTo2Mxao3bU=,tag:HC0eqDNit7jQKeeDAKWXKg==,type:str]
signing-pub-key: ENC[AES256_GCM,data:CB7uU2Q4oTEKihpTIXGLaV0fJ1cv/p4oJJ5kjaU6BZiKhsiMA1JILUw2oVIDTDb+80WPzolDzZwWM8v31d5QIrZpHcPrdRLyV0X2USfG9U4aQ/ls79QAyOOJXA==,iv:/Eb5/+p86tw3tqNiDVHGu7HS1KBtFiYIgasRYJsAiEo=,tag:dGdJlcrnuU73s+IMQ3w3hA==,type:str]
cloudflared-token: ENC[AES256_GCM,data:uavOnRWtehxWpANgeCVasQ5jEQNT4oqp/3G3PmXdEUxQ7rpBGRplW0gcWz3KfUkE23BPDwES0pPPWgOKrpNqJjnisLX5uHUw+1atA/Qqw8QIimsvtPRgBO4+6fLIY+0q05Gr2gAm/JqQGflNuY4eUEbyzIYTDlGGE7p5sUIQJR4YWJssc2NLrxv1XH47UQS9MvZkoc5y8aC7YxoxS9VpJYDci9SHThh1ZGF8+HkrQuU=,iv:yPR0ido6l/4qpWRkJQYxlPhUkr4RBseCpio0uYEPekY=,tag:NpptYmlQO3khrrZTDRNC1A==,type:str]
sops:
age:
- recipient: age12yvtj49pfh3fqzqflscm0ek4yzrjhr6cqhn7x89gdxnlykq0xudq5c7334
@@ -19,7 +20,7 @@ sops:
TEc5d01RaVFGNXc3dlljM0FTTHpENjQKOqwI+pl8UxVIVl43glnOYvW660/PsDGY
yefODJGVtHrOm3yeXC2xlTi3sFW+c5wUl2yPqddbvcBt5Ud/yd4iXQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-14T19:20:44Z"
mac: ENC[AES256_GCM,data:nJ5lnPSVPyfMKhlNwzhxYGWY32i60P3N+jpBZKo8oEh8sqjsb4zHAECG/vMXrGTPwYzZ46m5PQQURCyeOvjuMaXK8184zMwFkehXtMJWI7/aKYbSpQqOchl8BN7QdlxH58kqtCwUkdldiW6t6cr4/VAUUPPLqpK19GDrwUYIVrY=,iv:JZBz5X8PdCFXonSPBd1hYiFG+t0aMQDmgCmAbclnpis=,tag:7Pm7V96xMRQZa/JAiDGYmQ==,type:str]
lastmodified: "2026-01-03T22:36:21Z"
mac: ENC[AES256_GCM,data:5xF+o8eyeXJBblC96xzvozDjrsrlNIo3sLep/pAcWEcYQU6ya4wg8iiE5wZh+KfqD47R0JV2jbcrrkdWTfo3j/HsDRCeFz68HRsgZRO00pV7gRJmE+tPhXvCiJRYYYQQ+TCmgraWLatPW8Ru4qt807aQiOTgCn/MCfNAvafjcBg=,iv:4XMobDIzpEGyIg8BHS51ch3bNYal5gsAI7L9epGWiaM=,tag:vwpKbJ3a/zUXyBa1txS7pw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.11.0

4
server-modules/arr.nix
View File

@@ -53,8 +53,8 @@ in {
};
services.nginx.virtualHosts = {
"jellyfin.${domain}" = mkVirtualHost 8096;
"jellyseerr.${domain}" = mkVirtualHost 5055;
"media.${domain}" = mkVirtualHost 8096;
"demandemedia.${domain}" = mkVirtualHost 5055;
"bazarr.${domain}" = mkVirtualHost 6767;
"prowlarr.${domain}" = mkVirtualHost 9696;
"radarr.${domain}" = mkVirtualHost 7878;

39
server-modules/cloudflared.nix Normal file
View File

@@ -0,0 +1,39 @@
{
config,
pkgs,
...
}: {
sops.secrets = {
cloudflared-token = {
mode = "0400";
};
};
services.cloudflared = {
enable = true;
tunnels = {
"f7c8f777-a36c-4b9a-b6e3-6a112bd43e73" = {
credentialsFile = config.sops.secrets."cloudflared-token".path;
default = "http_status:404";
ingress = {
"media.hadi.diy" = "http://localhost:443";
"demandemedia.hadi.diy" = "http://localhost:443";
};
};
};
};
environment.systemPackages = with pkgs; [
cloudflared
];
# At the moment (2025), for support of browser rendering of the tunnels, this line is required:
services.openssh.settings.Macs = [
# Current defaults:
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
# Added:
"hmac-sha2-256"
];
}