Latest
This commit is contained in:
parent
e5824b0b48
commit
31ec9798a6
4 changed files with 107 additions and 35 deletions
|
@ -27,25 +27,33 @@ if command -v cloudflared > /dev/null; then
|
||||||
else
|
else
|
||||||
logg success "Skipping deletion of $TUNNEL_ID credentials since it is in use"
|
logg success "Skipping deletion of $TUNNEL_ID credentials since it is in use"
|
||||||
fi
|
fi
|
||||||
done< <(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//')
|
done< <(sudo cloudflared tunnel list | grep "host-$(hostname -s)" | sed 's/ .*//')
|
||||||
|
|
||||||
### Register tunnel (if not already registered)
|
### Register tunnel (if not already registered)
|
||||||
logg info "Creating CloudFlared tunnel named host-$HOSTNAME"
|
logg info "Creating CloudFlared tunnel named host-$(hostname -s)"
|
||||||
sudo cloudflared tunnel create "host-$HOSTNAME"
|
sudo cloudflared tunnel create "host-$(hostname -s)"
|
||||||
|
|
||||||
### Acquire TUNNEL_ID and symlink credentials.json
|
### Acquire TUNNEL_ID and symlink credentials.json
|
||||||
TUNNEL_ID="$(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//')"
|
TUNNEL_ID="$(sudo cloudflared tunnel list | grep "host-$(hostname -s)" | sed 's/ .*//')"
|
||||||
logg info "Tunnel ID: $TUNNEL_ID"
|
logg info "Tunnel ID: $TUNNEL_ID"
|
||||||
logg info "Symlinking /usr/local/etc/cloudflared/$TUNNEL_ID.json to /usr/local/etc/cloudflared/credentials.json"
|
logg info "Symlinking /usr/local/etc/cloudflared/$TUNNEL_ID.json to /usr/local/etc/cloudflared/credentials.json"
|
||||||
sudo rm -f /usr/local/etc/cloudflared/credentials.json
|
sudo rm -f /usr/local/etc/cloudflared/credentials.json
|
||||||
sudo ln -s /usr/local/etc/cloudflared/$TUNNEL_ID.json /usr/local/etc/cloudflared/credentials.json
|
sudo ln -s /usr/local/etc/cloudflared/$TUNNEL_ID.json /usr/local/etc/cloudflared/credentials.json
|
||||||
|
|
||||||
|
### Symlink /usr/local/etc/cloudflared to /etc/cloudflared
|
||||||
|
if [ ! -d /etc/cloudflared ]; then
|
||||||
|
logg info 'Symlinking /usr/local/etc/cloudflared to /etc/cloudflared'
|
||||||
|
sudo ln -s /usr/local/etc/cloudflared /etc/cloudflared
|
||||||
|
else
|
||||||
|
logg warn '/etc/cloudflared is present but files are being modified in /usr/local/etc/cloudflared'
|
||||||
|
fi
|
||||||
|
|
||||||
### Configure DNS
|
### Configure DNS
|
||||||
# Must be deleted manually if no longer used
|
# Must be deleted manually if no longer used
|
||||||
logg info 'Setting up DNS records for CloudFlare Argo tunnels'
|
logg info 'Setting up DNS records for CloudFlare Argo tunnels'
|
||||||
while read DOMAIN; do
|
while read DOMAIN; do
|
||||||
logg info "Setting up $DOMAIN for access through cloudflared"
|
logg info "Setting up $DOMAIN for access through cloudflared"
|
||||||
sudo cloudflared tunnel route dns "$TUNNEL_ID" "$DOMAIN" && logg success "Successfully routed $DOMAIN to this machine's cloudflared Argo tunnel"
|
sudo cloudflared tunnel route dns -f "$TUNNEL_ID" "$DOMAIN" && logg success "Successfully routed $DOMAIN to this machine's cloudflared Argo tunnel"
|
||||||
done< <(yq '.ingress[].hostname' config.yml)
|
done< <(yq '.ingress[].hostname' config.yml)
|
||||||
|
|
||||||
### Set up service
|
### Set up service
|
||||||
|
|
|
@ -1,47 +1,44 @@
|
||||||
{{- $baseDomain := printf "%s%s%s" .host.hostname "." .host.domain -}}
|
|
||||||
{{- if eq .host.qubes true -}}
|
|
||||||
{{- $baseDomain := printf "%s%s%s" .host.hostname "-qube." .host.domain -}}
|
|
||||||
{{- end -}}
|
|
||||||
---
|
---
|
||||||
tunnel: {{ if eq .host.qubes true }}qube{{ else }}host{{ end }}-{{ .host.hostname }}
|
tunnel: {{ if eq .host.qubes true }}qube{{ else }}host{{ end }}-{{ .host.hostname }}
|
||||||
credentials-file: /usr/local/etc/cloudflared/credentials.json
|
credentials-file: /usr/local/etc/cloudflared/credentials.json
|
||||||
|
|
||||||
warp-routing:
|
warp-routing:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
- hostname: {{ $baseDomain }}
|
- hostname: test-{{ .host.hostname }}.{{ .host.domain }}
|
||||||
service: https://localhost:8014
|
|
||||||
- hostname: test.{{ $baseDomain }}
|
|
||||||
service: hello_world
|
service: hello_world
|
||||||
- hostname: ssh.{{ $baseDomain }}
|
- hostname: ssh-{{ .host.hostname }}.{{ .host.domain }}
|
||||||
service: ssh://localhost:{{ .host.ssh.port }}
|
service: ssh://localhost:{{ .host.ssh.port }}
|
||||||
- hostname: rdp.{{ $baseDomain }}
|
- hostname: netdata-{{ .host.hostname }}.{{ .host.domain }}
|
||||||
service: rdp://localhost:3389
|
|
||||||
- hostname: samba.{{ $baseDomain }}
|
|
||||||
service: tcp://localhost:8445
|
|
||||||
- hostname: sftp.{{ $baseDomain }}
|
|
||||||
service: tcp://localhost:2022
|
|
||||||
- hostname: sftpgo.{{ $baseDomain }}
|
|
||||||
service: tcp://localhost:11101
|
|
||||||
- hostname: vnc.{{ $baseDomain }}
|
|
||||||
service: tcp://localhost:5901
|
|
||||||
- hostname: dagu.{{ $baseDomain }}
|
|
||||||
service: tcp://localhost:8321
|
|
||||||
- hostname: rsyslog.{{ $baseDomain }}
|
|
||||||
service: tcp://localhost:514
|
|
||||||
- hostname: netdata.{{ $baseDomain }}
|
|
||||||
service: http://localhost:19999
|
service: http://localhost:19999
|
||||||
- hostname: rundeck.{{ $baseDomain }}
|
- service: http_status:404
|
||||||
service: https://localhost:4440
|
# - hostname: {{ .host.domain }}
|
||||||
- hostname: portainer.{{ .host.domain }}
|
# service: https://localhost:8014
|
||||||
service: https://localhost:9439
|
# - hostname: rdp-{{ .host.hostname }}.{{ .host.domain }}
|
||||||
|
# service: rdp://localhost:3389
|
||||||
|
# - hostname: samba.{{ .host.domain }}
|
||||||
|
# service: tcp://localhost:8445
|
||||||
|
# - hostname: sftp.{{ .host.domain }}
|
||||||
|
# service: tcp://localhost:2022
|
||||||
|
# - hostname: sftpgo.{{ .host.domain }}
|
||||||
|
# service: tcp://localhost:11101
|
||||||
|
# - hostname: vnc.{{ .host.domain }}
|
||||||
|
# service: tcp://localhost:5901
|
||||||
|
# - hostname: dagu.{{ .host.domain }}
|
||||||
|
# service: tcp://localhost:8321
|
||||||
|
# - hostname: rsyslog.{{ .host.domain }}
|
||||||
|
# service: tcp://localhost:514
|
||||||
|
# - hostname: rundeck.{{ .host.domain }}
|
||||||
|
# service: https://localhost:4440
|
||||||
|
# - hostname: portainer.{{ .host.domain }}
|
||||||
|
# service: https://localhost:9439
|
||||||
{{- if eq .host.softwareGroup "Kubernetes" }}
|
{{- if eq .host.softwareGroup "Kubernetes" }}
|
||||||
- hostname: k8s.{{ .host.domain }}
|
- hostname: k8s.{{ .host.domain }}
|
||||||
service: bastion
|
service: bastion
|
||||||
{{- end }}
|
{{- end }}
|
||||||
# Example of an HTTP request over a Unix socket:
|
# Example of an HTTP request over a Unix socket:
|
||||||
# - hostname: {{ $baseDomain }}
|
# - hostname: {{ .host.domain }}
|
||||||
# service: unix:/home/production/echo.sock
|
# service: unix:/home/production/echo.sock
|
||||||
# Tunnel the baked-in Hello World test app for testing purposes
|
# Tunnel the baked-in Hello World test app for testing purposes
|
||||||
# Rules can match the request's path to a regular expression:
|
# Rules can match the request's path to a regular expression:
|
||||||
|
@ -51,4 +48,3 @@ ingress:
|
||||||
# Rules can match the request's hostname to a wildcard character:
|
# Rules can match the request's hostname to a wildcard character:
|
||||||
# - hostname: "*.example.com"
|
# - hostname: "*.example.com"
|
||||||
# service: https://localhost:8002
|
# service: https://localhost:8002
|
||||||
- service: http_status:404
|
|
56
home/dot_local/etc/nginx/sites-available/netdata.conf
Normal file
56
home/dot_local/etc/nginx/sites-available/netdata.conf
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
upstream api {
|
||||||
|
server 127.0.0.1:50001;
|
||||||
|
}
|
||||||
|
|
||||||
|
upstream leaf {
|
||||||
|
server 127.0.0.1:50002;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen [::]:80;
|
||||||
|
listen 80;
|
||||||
|
|
||||||
|
server_name xmr.megabyte.space;
|
||||||
|
|
||||||
|
root /var/www/html;
|
||||||
|
|
||||||
|
location /.well-known/acme-challenge/ { allow all; }
|
||||||
|
location / { return 301 https://$host$request_uri; }
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
listen 443 ssl http2;
|
||||||
|
|
||||||
|
server_name xmr.megabyte.space;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/xmr.megabyte.space/fullchain.pem;
|
||||||
|
ssl_trusted_certificate /etc/letsencrypt/live/xmr.megabyte.space/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/xmr.megabyte.space/privkey.pem;
|
||||||
|
|
||||||
|
include snippets/ssl.conf;
|
||||||
|
#include snippets/security.conf;
|
||||||
|
#include snippets/edge.conf;
|
||||||
|
#include snippets/cache.conf;
|
||||||
|
#include snippets/nosniff.conf;
|
||||||
|
|
||||||
|
charset utf-8;
|
||||||
|
error_page 404 /404.html;
|
||||||
|
|
||||||
|
index index.html;
|
||||||
|
root /var/www/html;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /api/ {
|
||||||
|
proxy_pass http://api/;
|
||||||
|
include snippets/proxy.conf;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /leaf {
|
||||||
|
proxy_pass http://leaf;
|
||||||
|
include snippets/proxy.conf;
|
||||||
|
}
|
||||||
|
}
|
12
software.yml
12
software.yml
|
@ -1373,9 +1373,20 @@ softwarePackages:
|
||||||
go: github.com/charmbracelet/charm@main
|
go: github.com/charmbracelet/charm@main
|
||||||
nix-env: nixpkgs.charm
|
nix-env: nixpkgs.charm
|
||||||
pacman: charm
|
pacman: charm
|
||||||
|
chatgpt:
|
||||||
|
_app: ChatGPT.app
|
||||||
|
_bin: chatgpt
|
||||||
|
_desc: Official ChatGPT application for desktop for macOS and fallbacks for ChatGPT desktop on other platforms
|
||||||
|
_home: https://chatgpt.com/
|
||||||
|
_github: false
|
||||||
|
_name: ChatGPT Official Desktop Application
|
||||||
|
cask: chatgpt
|
||||||
|
choco: chatgpt
|
||||||
|
snap: chatgpt-desktop
|
||||||
chatgpt-menubar:
|
chatgpt-menubar:
|
||||||
_app: Chatgpt.app
|
_app: Chatgpt.app
|
||||||
_bin: null
|
_bin: null
|
||||||
|
_deprecated: Deprecated in favor of the official ChatGPT application
|
||||||
_desc: ChatGPT for Mac, living in your menubar.
|
_desc: ChatGPT for Mac, living in your menubar.
|
||||||
_docs: https://github.com/vincelwt/chatgpt-mac
|
_docs: https://github.com/vincelwt/chatgpt-mac
|
||||||
_github: https://github.com/vincelwt/chatgpt-mac
|
_github: https://github.com/vincelwt/chatgpt-mac
|
||||||
|
@ -1386,6 +1397,7 @@ softwarePackages:
|
||||||
chatgpt-nofwl:
|
chatgpt-nofwl:
|
||||||
_app: NoFWL.app
|
_app: NoFWL.app
|
||||||
_bin: nofwl
|
_bin: nofwl
|
||||||
|
_deprecated: Deprecated in favor of the official ChatGPT application
|
||||||
_desc: ChatGPT desktop application (Mac, Windows and Linux)
|
_desc: ChatGPT desktop application (Mac, Windows and Linux)
|
||||||
_docs: https://app.nofwl.com/docs/chatgpt/config
|
_docs: https://app.nofwl.com/docs/chatgpt/config
|
||||||
_github: https://github.com/lencx/nofwl
|
_github: https://github.com/lencx/nofwl
|
||||||
|
|
Loading…
Reference in a new issue