Latest

2024-05-18 03:53:05 +00:00 · 2024-05-18 03:53:05 +00:00 · 31ec9798a6
commit 31ec9798a6
parent e5824b0b48
4 changed files with 107 additions and 35 deletions
--- a/home/dot_local/bin/post-installx/executable_post-cloudflared.sh
+++ b/home/dot_local/bin/post-installx/executable_post-cloudflared.sh
@ -27,25 +27,33 @@ if command -v cloudflared > /dev/null; then
    else
      logg success "Skipping deletion of $TUNNEL_ID credentials since it is in use"
    fi
-  done< <(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//')
+  done< <(sudo cloudflared tunnel list | grep "host-$(hostname -s)" | sed 's/ .*//')

  ### Register tunnel (if not already registered)
-  logg info "Creating CloudFlared tunnel named host-$HOSTNAME"
-  sudo cloudflared tunnel create "host-$HOSTNAME"
+  logg info "Creating CloudFlared tunnel named host-$(hostname -s)"
+  sudo cloudflared tunnel create "host-$(hostname -s)"

  ### Acquire TUNNEL_ID and symlink credentials.json
-  TUNNEL_ID="$(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//')"
+  TUNNEL_ID="$(sudo cloudflared tunnel list | grep "host-$(hostname -s)" | sed 's/ .*//')"
  logg info "Tunnel ID: $TUNNEL_ID"
  logg info "Symlinking /usr/local/etc/cloudflared/$TUNNEL_ID.json to /usr/local/etc/cloudflared/credentials.json"
  sudo rm -f /usr/local/etc/cloudflared/credentials.json
  sudo ln -s /usr/local/etc/cloudflared/$TUNNEL_ID.json /usr/local/etc/cloudflared/credentials.json

+  ### Symlink /usr/local/etc/cloudflared to /etc/cloudflared
+  if [ ! -d /etc/cloudflared ]; then
+    logg info 'Symlinking /usr/local/etc/cloudflared to /etc/cloudflared'
+    sudo ln -s /usr/local/etc/cloudflared /etc/cloudflared
+  else
+    logg warn '/etc/cloudflared is present but files are being modified in /usr/local/etc/cloudflared'
+  fi
+
  ### Configure DNS
  # Must be deleted manually if no longer used
  logg info 'Setting up DNS records for CloudFlare Argo tunnels'
  while read DOMAIN; do
    logg info "Setting up $DOMAIN for access through cloudflared"
-    sudo cloudflared tunnel route dns "$TUNNEL_ID" "$DOMAIN" && logg success "Successfully routed $DOMAIN to this machine's cloudflared Argo tunnel"
+    sudo cloudflared tunnel route dns -f "$TUNNEL_ID" "$DOMAIN" && logg success "Successfully routed $DOMAIN to this machine's cloudflared Argo tunnel"
  done< <(yq '.ingress[].hostname' config.yml)

  ### Set up service
--- a/home/dot_local/etc/cloudflared/config.yml.tmpl
+++ b/home/dot_local/etc/cloudflared/config.yml.tmpl
@ -1,7 +1,3 @@
-{{- $baseDomain := printf "%s%s%s" .host.hostname "." .host.domain -}}
-{{- if eq .host.qubes true -}}
-{{-   $baseDomain := printf "%s%s%s" .host.hostname "-qube." .host.domain -}}
-{{- end -}}
 ---
 tunnel: {{ if eq .host.qubes true }}qube{{ else }}host{{ end }}-{{ .host.hostname }}
 credentials-file: /usr/local/etc/cloudflared/credentials.json
@ -10,38 +6,39 @@ warp-routing:
  enabled: true

 ingress:
-  - hostname: {{ $baseDomain }}
-    service: https://localhost:8014
-  - hostname: test.{{ $baseDomain }}
+  - hostname: test-{{ .host.hostname }}.{{ .host.domain }}
    service: hello_world
-  - hostname: ssh.{{ $baseDomain }}
+  - hostname: ssh-{{ .host.hostname }}.{{ .host.domain }}
    service: ssh://localhost:{{ .host.ssh.port }}
-  - hostname: rdp.{{ $baseDomain }}
-    service: rdp://localhost:3389
-  - hostname: samba.{{ $baseDomain }}
-    service: tcp://localhost:8445
-  - hostname: sftp.{{ $baseDomain }}
-    service: tcp://localhost:2022
-  - hostname: sftpgo.{{ $baseDomain }}
-    service: tcp://localhost:11101
-  - hostname: vnc.{{ $baseDomain }}
-    service: tcp://localhost:5901
-  - hostname: dagu.{{ $baseDomain }}
-    service: tcp://localhost:8321
-  - hostname: rsyslog.{{ $baseDomain }}
-    service: tcp://localhost:514
-  - hostname: netdata.{{ $baseDomain }}
+  - hostname: netdata-{{ .host.hostname }}.{{ .host.domain }}
    service: http://localhost:19999
-  - hostname: rundeck.{{ $baseDomain }}
-    service: https://localhost:4440
-  - hostname: portainer.{{ .host.domain }}
-    service: https://localhost:9439
+  - service: http_status:404
+  # - hostname: {{ .host.domain }}
+  #   service: https://localhost:8014
+  # - hostname: rdp-{{ .host.hostname }}.{{ .host.domain }}
+  #   service: rdp://localhost:3389
+  # - hostname: samba.{{ .host.domain }}
+  #   service: tcp://localhost:8445
+  # - hostname: sftp.{{ .host.domain }}
+  #   service: tcp://localhost:2022
+  # - hostname: sftpgo.{{ .host.domain }}
+  #   service: tcp://localhost:11101
+  # - hostname: vnc.{{ .host.domain }}
+  #   service: tcp://localhost:5901
+  # - hostname: dagu.{{ .host.domain }}
+  #   service: tcp://localhost:8321
+  # - hostname: rsyslog.{{ .host.domain }}
+  #   service: tcp://localhost:514
+  # - hostname: rundeck.{{ .host.domain }}
+  #   service: https://localhost:4440
+  # - hostname: portainer.{{ .host.domain }}
+  #   service: https://localhost:9439
 {{- if eq .host.softwareGroup "Kubernetes" }}
  - hostname: k8s.{{ .host.domain }}
    service: bastion
 {{- end }}
  # Example of an HTTP request over a Unix socket:
-  # - hostname: {{ $baseDomain }}
+  # - hostname: {{ .host.domain }}
  #   service: unix:/home/production/echo.sock
  # Tunnel the baked-in Hello World test app for testing purposes
  # Rules can match the request's path to a regular expression:
@ -51,4 +48,3 @@ ingress:
  # Rules can match the request's hostname to a wildcard character:
  # - hostname: "*.example.com"
  #   service: https://localhost:8002
-  - service: http_status:404
--- a/home/dot_local/etc/nginx/sites-available/netdata.conf
+++ b/home/dot_local/etc/nginx/sites-available/netdata.conf
@ -0,0 +1,56 @@
+upstream api {
+    server 127.0.0.1:50001;
+}
+
+upstream leaf {
+    server 127.0.0.1:50002;
+}
+
+server {
+    listen [::]:80;
+    listen 80;
+
+    server_name xmr.megabyte.space;
+
+    root /var/www/html;
+
+    location /.well-known/acme-challenge/ { allow all; }
+    location / { return 301 https://$host$request_uri; }
+}
+
+server {
+    listen [::]:443 ssl http2;
+    listen 443 ssl http2;
+    
+    server_name xmr.megabyte.space;
+
+    ssl_certificate /etc/letsencrypt/live/xmr.megabyte.space/fullchain.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/xmr.megabyte.space/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/xmr.megabyte.space/privkey.pem;
+    
+    include snippets/ssl.conf;
+    #include snippets/security.conf;
+    #include snippets/edge.conf;
+    #include snippets/cache.conf;
+    #include snippets/nosniff.conf;
+    
+    charset utf-8;
+    error_page 404 /404.html;
+    
+    index index.html;
+    root /var/www/html;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    location /api/ {
+        proxy_pass http://api/;
+        include snippets/proxy.conf;
+    }
+
+    location /leaf {
+        proxy_pass http://leaf;
+        include snippets/proxy.conf;
+    }
+}
--- a/software.yml
+++ b/software.yml
@ -1373,9 +1373,20 @@ softwarePackages:
    go: github.com/charmbracelet/charm@main
    nix-env: nixpkgs.charm
    pacman: charm
+  chatgpt:
+    _app: ChatGPT.app
+    _bin: chatgpt
+    _desc: Official ChatGPT application for desktop for macOS and fallbacks for ChatGPT desktop on other platforms
+    _home: https://chatgpt.com/
+    _github: false
+    _name: ChatGPT Official Desktop Application
+    cask: chatgpt
+    choco: chatgpt
+    snap: chatgpt-desktop
  chatgpt-menubar:
    _app: Chatgpt.app
    _bin: null
+    _deprecated: Deprecated in favor of the official ChatGPT application
    _desc: ChatGPT for Mac, living in your menubar.
    _docs: https://github.com/vincelwt/chatgpt-mac
    _github: https://github.com/vincelwt/chatgpt-mac
@ -1386,6 +1397,7 @@ softwarePackages:
  chatgpt-nofwl:
    _app: NoFWL.app
    _bin: nofwl
+    _deprecated: Deprecated in favor of the official ChatGPT application
    _desc: ChatGPT desktop application (Mac, Windows and Linux)
    _docs: https://app.nofwl.com/docs/chatgpt/config
    _github: https://github.com/lencx/nofwl