add cloudflared

Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
2026-04-02 11:12:09 +02:00 · 2026-01-04 00:11:37 +01:00
parent e32cf43d87
commit 8f16767240
4 changed files with 46 additions and 5 deletions
--- a/server-modules/arr.nix
+++ b/server-modules/arr.nix
@@ -53,8 +53,8 @@ in {
  };

  services.nginx.virtualHosts = {
-    "jellyfin.${domain}" = mkVirtualHost 8096;
-    "jellyseerr.${domain}" = mkVirtualHost 5055;
+    "media.${domain}" = mkVirtualHost 8096;
+    "demandemedia.${domain}" = mkVirtualHost 5055;
    "bazarr.${domain}" = mkVirtualHost 6767;
    "prowlarr.${domain}" = mkVirtualHost 9696;
    "radarr.${domain}" = mkVirtualHost 7878;
--- a/server-modules/cloudflared.nix
+++ b/server-modules/cloudflared.nix
@@ -0,0 +1,39 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  sops.secrets = {
+    cloudflared-token = {
+      mode = "0400";
+    };
+  };
+
+  services.cloudflared = {
+    enable = true;
+    tunnels = {
+      "f7c8f777-a36c-4b9a-b6e3-6a112bd43e73" = {
+        credentialsFile = config.sops.secrets."cloudflared-token".path;
+        default = "http_status:404";
+        ingress = {
+          "media.hadi.diy" = "http://localhost:443";
+          "demandemedia.hadi.diy" = "http://localhost:443";
+        };
+      };
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    cloudflared
+  ];
+
+  # At the moment (2025), for support of browser rendering of the tunnels, this line is required:
+  services.openssh.settings.Macs = [
+    # Current defaults:
+    "hmac-sha2-512-etm@openssh.com"
+    "hmac-sha2-256-etm@openssh.com"
+    "umac-128-etm@openssh.com"
+    # Added:
+    "hmac-sha2-256"
+  ];
+}