This commit is contained in:
Brian Zalewski 2024-05-18 03:53:05 +00:00
parent e5824b0b48
commit 31ec9798a6
4 changed files with 107 additions and 35 deletions

View file

@ -27,25 +27,33 @@ if command -v cloudflared > /dev/null; then
else
logg success "Skipping deletion of $TUNNEL_ID credentials since it is in use"
fi
done< <(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//')
done< <(sudo cloudflared tunnel list | grep "host-$(hostname -s)" | sed 's/ .*//')
### Register tunnel (if not already registered)
logg info "Creating CloudFlared tunnel named host-$HOSTNAME"
sudo cloudflared tunnel create "host-$HOSTNAME"
logg info "Creating CloudFlared tunnel named host-$(hostname -s)"
sudo cloudflared tunnel create "host-$(hostname -s)"
### Acquire TUNNEL_ID and symlink credentials.json
TUNNEL_ID="$(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//')"
TUNNEL_ID="$(sudo cloudflared tunnel list | grep "host-$(hostname -s)" | sed 's/ .*//')"
logg info "Tunnel ID: $TUNNEL_ID"
logg info "Symlinking /usr/local/etc/cloudflared/$TUNNEL_ID.json to /usr/local/etc/cloudflared/credentials.json"
sudo rm -f /usr/local/etc/cloudflared/credentials.json
sudo ln -s /usr/local/etc/cloudflared/$TUNNEL_ID.json /usr/local/etc/cloudflared/credentials.json
### Symlink /usr/local/etc/cloudflared to /etc/cloudflared
if [ ! -d /etc/cloudflared ]; then
logg info 'Symlinking /usr/local/etc/cloudflared to /etc/cloudflared'
sudo ln -s /usr/local/etc/cloudflared /etc/cloudflared
else
logg warn '/etc/cloudflared is present but files are being modified in /usr/local/etc/cloudflared'
fi
### Configure DNS
# Must be deleted manually if no longer used
logg info 'Setting up DNS records for CloudFlare Argo tunnels'
while read DOMAIN; do
logg info "Setting up $DOMAIN for access through cloudflared"
sudo cloudflared tunnel route dns "$TUNNEL_ID" "$DOMAIN" && logg success "Successfully routed $DOMAIN to this machine's cloudflared Argo tunnel"
sudo cloudflared tunnel route dns -f "$TUNNEL_ID" "$DOMAIN" && logg success "Successfully routed $DOMAIN to this machine's cloudflared Argo tunnel"
done< <(yq '.ingress[].hostname' config.yml)
### Set up service

View file

@ -1,47 +1,44 @@
{{- $baseDomain := printf "%s%s%s" .host.hostname "." .host.domain -}}
{{- if eq .host.qubes true -}}
{{- $baseDomain := printf "%s%s%s" .host.hostname "-qube." .host.domain -}}
{{- end -}}
---
tunnel: {{ if eq .host.qubes true }}qube{{ else }}host{{ end }}-{{ .host.hostname }}
credentials-file: /usr/local/etc/cloudflared/credentials.json
warp-routing:
enabled: true
enabled: true
ingress:
- hostname: {{ $baseDomain }}
service: https://localhost:8014
- hostname: test.{{ $baseDomain }}
- hostname: test-{{ .host.hostname }}.{{ .host.domain }}
service: hello_world
- hostname: ssh.{{ $baseDomain }}
- hostname: ssh-{{ .host.hostname }}.{{ .host.domain }}
service: ssh://localhost:{{ .host.ssh.port }}
- hostname: rdp.{{ $baseDomain }}
service: rdp://localhost:3389
- hostname: samba.{{ $baseDomain }}
service: tcp://localhost:8445
- hostname: sftp.{{ $baseDomain }}
service: tcp://localhost:2022
- hostname: sftpgo.{{ $baseDomain }}
service: tcp://localhost:11101
- hostname: vnc.{{ $baseDomain }}
service: tcp://localhost:5901
- hostname: dagu.{{ $baseDomain }}
service: tcp://localhost:8321
- hostname: rsyslog.{{ $baseDomain }}
service: tcp://localhost:514
- hostname: netdata.{{ $baseDomain }}
- hostname: netdata-{{ .host.hostname }}.{{ .host.domain }}
service: http://localhost:19999
- hostname: rundeck.{{ $baseDomain }}
service: https://localhost:4440
- hostname: portainer.{{ .host.domain }}
service: https://localhost:9439
- service: http_status:404
# - hostname: {{ .host.domain }}
# service: https://localhost:8014
# - hostname: rdp-{{ .host.hostname }}.{{ .host.domain }}
# service: rdp://localhost:3389
# - hostname: samba.{{ .host.domain }}
# service: tcp://localhost:8445
# - hostname: sftp.{{ .host.domain }}
# service: tcp://localhost:2022
# - hostname: sftpgo.{{ .host.domain }}
# service: tcp://localhost:11101
# - hostname: vnc.{{ .host.domain }}
# service: tcp://localhost:5901
# - hostname: dagu.{{ .host.domain }}
# service: tcp://localhost:8321
# - hostname: rsyslog.{{ .host.domain }}
# service: tcp://localhost:514
# - hostname: rundeck.{{ .host.domain }}
# service: https://localhost:4440
# - hostname: portainer.{{ .host.domain }}
# service: https://localhost:9439
{{- if eq .host.softwareGroup "Kubernetes" }}
- hostname: k8s.{{ .host.domain }}
service: bastion
{{- end }}
# Example of an HTTP request over a Unix socket:
# - hostname: {{ $baseDomain }}
# - hostname: {{ .host.domain }}
# service: unix:/home/production/echo.sock
# Tunnel the baked-in Hello World test app for testing purposes
# Rules can match the request's path to a regular expression:
@ -51,4 +48,3 @@ ingress:
# Rules can match the request's hostname to a wildcard character:
# - hostname: "*.example.com"
# service: https://localhost:8002
- service: http_status:404

View file

@ -0,0 +1,56 @@
upstream api {
server 127.0.0.1:50001;
}
upstream leaf {
server 127.0.0.1:50002;
}
server {
listen [::]:80;
listen 80;
server_name xmr.megabyte.space;
root /var/www/html;
location /.well-known/acme-challenge/ { allow all; }
location / { return 301 https://$host$request_uri; }
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name xmr.megabyte.space;
ssl_certificate /etc/letsencrypt/live/xmr.megabyte.space/fullchain.pem;
ssl_trusted_certificate /etc/letsencrypt/live/xmr.megabyte.space/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xmr.megabyte.space/privkey.pem;
include snippets/ssl.conf;
#include snippets/security.conf;
#include snippets/edge.conf;
#include snippets/cache.conf;
#include snippets/nosniff.conf;
charset utf-8;
error_page 404 /404.html;
index index.html;
root /var/www/html;
location / {
try_files $uri $uri/ =404;
}
location /api/ {
proxy_pass http://api/;
include snippets/proxy.conf;
}
location /leaf {
proxy_pass http://leaf;
include snippets/proxy.conf;
}
}

View file

@ -1373,9 +1373,20 @@ softwarePackages:
go: github.com/charmbracelet/charm@main
nix-env: nixpkgs.charm
pacman: charm
chatgpt:
_app: ChatGPT.app
_bin: chatgpt
_desc: Official ChatGPT application for desktop for macOS and fallbacks for ChatGPT desktop on other platforms
_home: https://chatgpt.com/
_github: false
_name: ChatGPT Official Desktop Application
cask: chatgpt
choco: chatgpt
snap: chatgpt-desktop
chatgpt-menubar:
_app: Chatgpt.app
_bin: null
_deprecated: Deprecated in favor of the official ChatGPT application
_desc: ChatGPT for Mac, living in your menubar.
_docs: https://github.com/vincelwt/chatgpt-mac
_github: https://github.com/vincelwt/chatgpt-mac
@ -1386,6 +1397,7 @@ softwarePackages:
chatgpt-nofwl:
_app: NoFWL.app
_bin: nofwl
_deprecated: Deprecated in favor of the official ChatGPT application
_desc: ChatGPT desktop application (Mac, Windows and Linux)
_docs: https://app.nofwl.com/docs/chatgpt/config
_github: https://github.com/lencx/nofwl