This commit is contained in:
Brian Zalewski 2024-05-18 03:53:05 +00:00
parent e5824b0b48
commit 31ec9798a6
4 changed files with 107 additions and 35 deletions

View file

@ -27,25 +27,33 @@ if command -v cloudflared > /dev/null; then
else else
logg success "Skipping deletion of $TUNNEL_ID credentials since it is in use" logg success "Skipping deletion of $TUNNEL_ID credentials since it is in use"
fi fi
done< <(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//') done< <(sudo cloudflared tunnel list | grep "host-$(hostname -s)" | sed 's/ .*//')
### Register tunnel (if not already registered) ### Register tunnel (if not already registered)
logg info "Creating CloudFlared tunnel named host-$HOSTNAME" logg info "Creating CloudFlared tunnel named host-$(hostname -s)"
sudo cloudflared tunnel create "host-$HOSTNAME" sudo cloudflared tunnel create "host-$(hostname -s)"
### Acquire TUNNEL_ID and symlink credentials.json ### Acquire TUNNEL_ID and symlink credentials.json
TUNNEL_ID="$(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//')" TUNNEL_ID="$(sudo cloudflared tunnel list | grep "host-$(hostname -s)" | sed 's/ .*//')"
logg info "Tunnel ID: $TUNNEL_ID" logg info "Tunnel ID: $TUNNEL_ID"
logg info "Symlinking /usr/local/etc/cloudflared/$TUNNEL_ID.json to /usr/local/etc/cloudflared/credentials.json" logg info "Symlinking /usr/local/etc/cloudflared/$TUNNEL_ID.json to /usr/local/etc/cloudflared/credentials.json"
sudo rm -f /usr/local/etc/cloudflared/credentials.json sudo rm -f /usr/local/etc/cloudflared/credentials.json
sudo ln -s /usr/local/etc/cloudflared/$TUNNEL_ID.json /usr/local/etc/cloudflared/credentials.json sudo ln -s /usr/local/etc/cloudflared/$TUNNEL_ID.json /usr/local/etc/cloudflared/credentials.json
### Symlink /usr/local/etc/cloudflared to /etc/cloudflared
if [ ! -d /etc/cloudflared ]; then
logg info 'Symlinking /usr/local/etc/cloudflared to /etc/cloudflared'
sudo ln -s /usr/local/etc/cloudflared /etc/cloudflared
else
logg warn '/etc/cloudflared is present but files are being modified in /usr/local/etc/cloudflared'
fi
### Configure DNS ### Configure DNS
# Must be deleted manually if no longer used # Must be deleted manually if no longer used
logg info 'Setting up DNS records for CloudFlare Argo tunnels' logg info 'Setting up DNS records for CloudFlare Argo tunnels'
while read DOMAIN; do while read DOMAIN; do
logg info "Setting up $DOMAIN for access through cloudflared" logg info "Setting up $DOMAIN for access through cloudflared"
sudo cloudflared tunnel route dns "$TUNNEL_ID" "$DOMAIN" && logg success "Successfully routed $DOMAIN to this machine's cloudflared Argo tunnel" sudo cloudflared tunnel route dns -f "$TUNNEL_ID" "$DOMAIN" && logg success "Successfully routed $DOMAIN to this machine's cloudflared Argo tunnel"
done< <(yq '.ingress[].hostname' config.yml) done< <(yq '.ingress[].hostname' config.yml)
### Set up service ### Set up service

View file

@ -1,47 +1,44 @@
{{- $baseDomain := printf "%s%s%s" .host.hostname "." .host.domain -}}
{{- if eq .host.qubes true -}}
{{- $baseDomain := printf "%s%s%s" .host.hostname "-qube." .host.domain -}}
{{- end -}}
--- ---
tunnel: {{ if eq .host.qubes true }}qube{{ else }}host{{ end }}-{{ .host.hostname }} tunnel: {{ if eq .host.qubes true }}qube{{ else }}host{{ end }}-{{ .host.hostname }}
credentials-file: /usr/local/etc/cloudflared/credentials.json credentials-file: /usr/local/etc/cloudflared/credentials.json
warp-routing: warp-routing:
enabled: true enabled: true
ingress: ingress:
- hostname: {{ $baseDomain }} - hostname: test-{{ .host.hostname }}.{{ .host.domain }}
service: https://localhost:8014
- hostname: test.{{ $baseDomain }}
service: hello_world service: hello_world
- hostname: ssh.{{ $baseDomain }} - hostname: ssh-{{ .host.hostname }}.{{ .host.domain }}
service: ssh://localhost:{{ .host.ssh.port }} service: ssh://localhost:{{ .host.ssh.port }}
- hostname: rdp.{{ $baseDomain }} - hostname: netdata-{{ .host.hostname }}.{{ .host.domain }}
service: rdp://localhost:3389
- hostname: samba.{{ $baseDomain }}
service: tcp://localhost:8445
- hostname: sftp.{{ $baseDomain }}
service: tcp://localhost:2022
- hostname: sftpgo.{{ $baseDomain }}
service: tcp://localhost:11101
- hostname: vnc.{{ $baseDomain }}
service: tcp://localhost:5901
- hostname: dagu.{{ $baseDomain }}
service: tcp://localhost:8321
- hostname: rsyslog.{{ $baseDomain }}
service: tcp://localhost:514
- hostname: netdata.{{ $baseDomain }}
service: http://localhost:19999 service: http://localhost:19999
- hostname: rundeck.{{ $baseDomain }} - service: http_status:404
service: https://localhost:4440 # - hostname: {{ .host.domain }}
- hostname: portainer.{{ .host.domain }} # service: https://localhost:8014
service: https://localhost:9439 # - hostname: rdp-{{ .host.hostname }}.{{ .host.domain }}
# service: rdp://localhost:3389
# - hostname: samba.{{ .host.domain }}
# service: tcp://localhost:8445
# - hostname: sftp.{{ .host.domain }}
# service: tcp://localhost:2022
# - hostname: sftpgo.{{ .host.domain }}
# service: tcp://localhost:11101
# - hostname: vnc.{{ .host.domain }}
# service: tcp://localhost:5901
# - hostname: dagu.{{ .host.domain }}
# service: tcp://localhost:8321
# - hostname: rsyslog.{{ .host.domain }}
# service: tcp://localhost:514
# - hostname: rundeck.{{ .host.domain }}
# service: https://localhost:4440
# - hostname: portainer.{{ .host.domain }}
# service: https://localhost:9439
{{- if eq .host.softwareGroup "Kubernetes" }} {{- if eq .host.softwareGroup "Kubernetes" }}
- hostname: k8s.{{ .host.domain }} - hostname: k8s.{{ .host.domain }}
service: bastion service: bastion
{{- end }} {{- end }}
# Example of an HTTP request over a Unix socket: # Example of an HTTP request over a Unix socket:
# - hostname: {{ $baseDomain }} # - hostname: {{ .host.domain }}
# service: unix:/home/production/echo.sock # service: unix:/home/production/echo.sock
# Tunnel the baked-in Hello World test app for testing purposes # Tunnel the baked-in Hello World test app for testing purposes
# Rules can match the request's path to a regular expression: # Rules can match the request's path to a regular expression:
@ -51,4 +48,3 @@ ingress:
# Rules can match the request's hostname to a wildcard character: # Rules can match the request's hostname to a wildcard character:
# - hostname: "*.example.com" # - hostname: "*.example.com"
# service: https://localhost:8002 # service: https://localhost:8002
- service: http_status:404

View file

@ -0,0 +1,56 @@
upstream api {
server 127.0.0.1:50001;
}
upstream leaf {
server 127.0.0.1:50002;
}
server {
listen [::]:80;
listen 80;
server_name xmr.megabyte.space;
root /var/www/html;
location /.well-known/acme-challenge/ { allow all; }
location / { return 301 https://$host$request_uri; }
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name xmr.megabyte.space;
ssl_certificate /etc/letsencrypt/live/xmr.megabyte.space/fullchain.pem;
ssl_trusted_certificate /etc/letsencrypt/live/xmr.megabyte.space/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xmr.megabyte.space/privkey.pem;
include snippets/ssl.conf;
#include snippets/security.conf;
#include snippets/edge.conf;
#include snippets/cache.conf;
#include snippets/nosniff.conf;
charset utf-8;
error_page 404 /404.html;
index index.html;
root /var/www/html;
location / {
try_files $uri $uri/ =404;
}
location /api/ {
proxy_pass http://api/;
include snippets/proxy.conf;
}
location /leaf {
proxy_pass http://leaf;
include snippets/proxy.conf;
}
}

View file

@ -1373,9 +1373,20 @@ softwarePackages:
go: github.com/charmbracelet/charm@main go: github.com/charmbracelet/charm@main
nix-env: nixpkgs.charm nix-env: nixpkgs.charm
pacman: charm pacman: charm
chatgpt:
_app: ChatGPT.app
_bin: chatgpt
_desc: Official ChatGPT application for desktop for macOS and fallbacks for ChatGPT desktop on other platforms
_home: https://chatgpt.com/
_github: false
_name: ChatGPT Official Desktop Application
cask: chatgpt
choco: chatgpt
snap: chatgpt-desktop
chatgpt-menubar: chatgpt-menubar:
_app: Chatgpt.app _app: Chatgpt.app
_bin: null _bin: null
_deprecated: Deprecated in favor of the official ChatGPT application
_desc: ChatGPT for Mac, living in your menubar. _desc: ChatGPT for Mac, living in your menubar.
_docs: https://github.com/vincelwt/chatgpt-mac _docs: https://github.com/vincelwt/chatgpt-mac
_github: https://github.com/vincelwt/chatgpt-mac _github: https://github.com/vincelwt/chatgpt-mac
@ -1386,6 +1397,7 @@ softwarePackages:
chatgpt-nofwl: chatgpt-nofwl:
_app: NoFWL.app _app: NoFWL.app
_bin: nofwl _bin: nofwl
_deprecated: Deprecated in favor of the official ChatGPT application
_desc: ChatGPT desktop application (Mac, Windows and Linux) _desc: ChatGPT desktop application (Mac, Windows and Linux)
_docs: https://app.nofwl.com/docs/chatgpt/config _docs: https://app.nofwl.com/docs/chatgpt/config
_github: https://github.com/lencx/nofwl _github: https://github.com/lencx/nofwl