Latest
This commit is contained in:
parent
e5824b0b48
commit
31ec9798a6
4 changed files with 107 additions and 35 deletions
|
@ -27,25 +27,33 @@ if command -v cloudflared > /dev/null; then
|
|||
else
|
||||
logg success "Skipping deletion of $TUNNEL_ID credentials since it is in use"
|
||||
fi
|
||||
done< <(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//')
|
||||
done< <(sudo cloudflared tunnel list | grep "host-$(hostname -s)" | sed 's/ .*//')
|
||||
|
||||
### Register tunnel (if not already registered)
|
||||
logg info "Creating CloudFlared tunnel named host-$HOSTNAME"
|
||||
sudo cloudflared tunnel create "host-$HOSTNAME"
|
||||
logg info "Creating CloudFlared tunnel named host-$(hostname -s)"
|
||||
sudo cloudflared tunnel create "host-$(hostname -s)"
|
||||
|
||||
### Acquire TUNNEL_ID and symlink credentials.json
|
||||
TUNNEL_ID="$(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//')"
|
||||
TUNNEL_ID="$(sudo cloudflared tunnel list | grep "host-$(hostname -s)" | sed 's/ .*//')"
|
||||
logg info "Tunnel ID: $TUNNEL_ID"
|
||||
logg info "Symlinking /usr/local/etc/cloudflared/$TUNNEL_ID.json to /usr/local/etc/cloudflared/credentials.json"
|
||||
sudo rm -f /usr/local/etc/cloudflared/credentials.json
|
||||
sudo ln -s /usr/local/etc/cloudflared/$TUNNEL_ID.json /usr/local/etc/cloudflared/credentials.json
|
||||
|
||||
### Symlink /usr/local/etc/cloudflared to /etc/cloudflared
|
||||
if [ ! -d /etc/cloudflared ]; then
|
||||
logg info 'Symlinking /usr/local/etc/cloudflared to /etc/cloudflared'
|
||||
sudo ln -s /usr/local/etc/cloudflared /etc/cloudflared
|
||||
else
|
||||
logg warn '/etc/cloudflared is present but files are being modified in /usr/local/etc/cloudflared'
|
||||
fi
|
||||
|
||||
### Configure DNS
|
||||
# Must be deleted manually if no longer used
|
||||
logg info 'Setting up DNS records for CloudFlare Argo tunnels'
|
||||
while read DOMAIN; do
|
||||
logg info "Setting up $DOMAIN for access through cloudflared"
|
||||
sudo cloudflared tunnel route dns "$TUNNEL_ID" "$DOMAIN" && logg success "Successfully routed $DOMAIN to this machine's cloudflared Argo tunnel"
|
||||
sudo cloudflared tunnel route dns -f "$TUNNEL_ID" "$DOMAIN" && logg success "Successfully routed $DOMAIN to this machine's cloudflared Argo tunnel"
|
||||
done< <(yq '.ingress[].hostname' config.yml)
|
||||
|
||||
### Set up service
|
||||
|
|
|
@ -1,47 +1,44 @@
|
|||
{{- $baseDomain := printf "%s%s%s" .host.hostname "." .host.domain -}}
|
||||
{{- if eq .host.qubes true -}}
|
||||
{{- $baseDomain := printf "%s%s%s" .host.hostname "-qube." .host.domain -}}
|
||||
{{- end -}}
|
||||
---
|
||||
tunnel: {{ if eq .host.qubes true }}qube{{ else }}host{{ end }}-{{ .host.hostname }}
|
||||
credentials-file: /usr/local/etc/cloudflared/credentials.json
|
||||
|
||||
warp-routing:
|
||||
enabled: true
|
||||
enabled: true
|
||||
|
||||
ingress:
|
||||
- hostname: {{ $baseDomain }}
|
||||
service: https://localhost:8014
|
||||
- hostname: test.{{ $baseDomain }}
|
||||
- hostname: test-{{ .host.hostname }}.{{ .host.domain }}
|
||||
service: hello_world
|
||||
- hostname: ssh.{{ $baseDomain }}
|
||||
- hostname: ssh-{{ .host.hostname }}.{{ .host.domain }}
|
||||
service: ssh://localhost:{{ .host.ssh.port }}
|
||||
- hostname: rdp.{{ $baseDomain }}
|
||||
service: rdp://localhost:3389
|
||||
- hostname: samba.{{ $baseDomain }}
|
||||
service: tcp://localhost:8445
|
||||
- hostname: sftp.{{ $baseDomain }}
|
||||
service: tcp://localhost:2022
|
||||
- hostname: sftpgo.{{ $baseDomain }}
|
||||
service: tcp://localhost:11101
|
||||
- hostname: vnc.{{ $baseDomain }}
|
||||
service: tcp://localhost:5901
|
||||
- hostname: dagu.{{ $baseDomain }}
|
||||
service: tcp://localhost:8321
|
||||
- hostname: rsyslog.{{ $baseDomain }}
|
||||
service: tcp://localhost:514
|
||||
- hostname: netdata.{{ $baseDomain }}
|
||||
- hostname: netdata-{{ .host.hostname }}.{{ .host.domain }}
|
||||
service: http://localhost:19999
|
||||
- hostname: rundeck.{{ $baseDomain }}
|
||||
service: https://localhost:4440
|
||||
- hostname: portainer.{{ .host.domain }}
|
||||
service: https://localhost:9439
|
||||
- service: http_status:404
|
||||
# - hostname: {{ .host.domain }}
|
||||
# service: https://localhost:8014
|
||||
# - hostname: rdp-{{ .host.hostname }}.{{ .host.domain }}
|
||||
# service: rdp://localhost:3389
|
||||
# - hostname: samba.{{ .host.domain }}
|
||||
# service: tcp://localhost:8445
|
||||
# - hostname: sftp.{{ .host.domain }}
|
||||
# service: tcp://localhost:2022
|
||||
# - hostname: sftpgo.{{ .host.domain }}
|
||||
# service: tcp://localhost:11101
|
||||
# - hostname: vnc.{{ .host.domain }}
|
||||
# service: tcp://localhost:5901
|
||||
# - hostname: dagu.{{ .host.domain }}
|
||||
# service: tcp://localhost:8321
|
||||
# - hostname: rsyslog.{{ .host.domain }}
|
||||
# service: tcp://localhost:514
|
||||
# - hostname: rundeck.{{ .host.domain }}
|
||||
# service: https://localhost:4440
|
||||
# - hostname: portainer.{{ .host.domain }}
|
||||
# service: https://localhost:9439
|
||||
{{- if eq .host.softwareGroup "Kubernetes" }}
|
||||
- hostname: k8s.{{ .host.domain }}
|
||||
service: bastion
|
||||
{{- end }}
|
||||
# Example of an HTTP request over a Unix socket:
|
||||
# - hostname: {{ $baseDomain }}
|
||||
# - hostname: {{ .host.domain }}
|
||||
# service: unix:/home/production/echo.sock
|
||||
# Tunnel the baked-in Hello World test app for testing purposes
|
||||
# Rules can match the request's path to a regular expression:
|
||||
|
@ -51,4 +48,3 @@ ingress:
|
|||
# Rules can match the request's hostname to a wildcard character:
|
||||
# - hostname: "*.example.com"
|
||||
# service: https://localhost:8002
|
||||
- service: http_status:404
|
56
home/dot_local/etc/nginx/sites-available/netdata.conf
Normal file
56
home/dot_local/etc/nginx/sites-available/netdata.conf
Normal file
|
@ -0,0 +1,56 @@
|
|||
upstream api {
|
||||
server 127.0.0.1:50001;
|
||||
}
|
||||
|
||||
upstream leaf {
|
||||
server 127.0.0.1:50002;
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::]:80;
|
||||
listen 80;
|
||||
|
||||
server_name xmr.megabyte.space;
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
location /.well-known/acme-challenge/ { allow all; }
|
||||
location / { return 301 https://$host$request_uri; }
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl http2;
|
||||
|
||||
server_name xmr.megabyte.space;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/xmr.megabyte.space/fullchain.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/xmr.megabyte.space/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/xmr.megabyte.space/privkey.pem;
|
||||
|
||||
include snippets/ssl.conf;
|
||||
#include snippets/security.conf;
|
||||
#include snippets/edge.conf;
|
||||
#include snippets/cache.conf;
|
||||
#include snippets/nosniff.conf;
|
||||
|
||||
charset utf-8;
|
||||
error_page 404 /404.html;
|
||||
|
||||
index index.html;
|
||||
root /var/www/html;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location /api/ {
|
||||
proxy_pass http://api/;
|
||||
include snippets/proxy.conf;
|
||||
}
|
||||
|
||||
location /leaf {
|
||||
proxy_pass http://leaf;
|
||||
include snippets/proxy.conf;
|
||||
}
|
||||
}
|
12
software.yml
12
software.yml
|
@ -1373,9 +1373,20 @@ softwarePackages:
|
|||
go: github.com/charmbracelet/charm@main
|
||||
nix-env: nixpkgs.charm
|
||||
pacman: charm
|
||||
chatgpt:
|
||||
_app: ChatGPT.app
|
||||
_bin: chatgpt
|
||||
_desc: Official ChatGPT application for desktop for macOS and fallbacks for ChatGPT desktop on other platforms
|
||||
_home: https://chatgpt.com/
|
||||
_github: false
|
||||
_name: ChatGPT Official Desktop Application
|
||||
cask: chatgpt
|
||||
choco: chatgpt
|
||||
snap: chatgpt-desktop
|
||||
chatgpt-menubar:
|
||||
_app: Chatgpt.app
|
||||
_bin: null
|
||||
_deprecated: Deprecated in favor of the official ChatGPT application
|
||||
_desc: ChatGPT for Mac, living in your menubar.
|
||||
_docs: https://github.com/vincelwt/chatgpt-mac
|
||||
_github: https://github.com/vincelwt/chatgpt-mac
|
||||
|
@ -1386,6 +1397,7 @@ softwarePackages:
|
|||
chatgpt-nofwl:
|
||||
_app: NoFWL.app
|
||||
_bin: nofwl
|
||||
_deprecated: Deprecated in favor of the official ChatGPT application
|
||||
_desc: ChatGPT desktop application (Mac, Windows and Linux)
|
||||
_docs: https://app.nofwl.com/docs/chatgpt/config
|
||||
_github: https://github.com/lencx/nofwl
|
||||
|
|
Loading…
Reference in a new issue