{{- $baseDomain := (join (join .host.hostname ".") .host.domain) -}} {{- if eq .host.qubes true -}} {{- $baseDomain := (join (join .host.hostname "-qube.") .host.domain) -}} {{- end -}} --- tunnel: {{ if eq .host.qubes true }}qube{{ else }}host{{ end }}-{{ .host.hostname }} credentials-file: /usr/local/etc/cloudflared/credentials.json warp-routing: enabled: true ingress: - hostname: {{ $baseDomain }} service: https://localhost:8014 - hostname: test.{{ $baseDomain }} service: hello_world - hostname: ssh.{{ $baseDomain }} service: ssh://localhost:{{ .host.ssh.port }} - hostname: rdp.{{ $baseDomain }} service: rdp://localhost:3389 - hostname: samba.{{ $baseDomain }} service: localhost:8445 - hostname: sftp.{{ $baseDomain }} service: tcp://localhost:2022 - hostname: vnc.{{ $baseDomain }} service: tcp://localhost:5901 - hostname: dagu.{{ $baseDomain }} service: tcp://localhost:8321 - hostname: rsyslog.{{ $baseDomain }} service: tcp://localhost:514 {{- if eq .host.softwareGroup "Kubernetes" }} - hostname: k8s.{{ .host.domain }} service: bastion {{- end }} # Example of an HTTP request over a Unix socket: # - hostname: {{ $baseDomain }} # service: unix:/home/production/echo.sock # Tunnel the baked-in Hello World test app for testing purposes # Rules can match the request's path to a regular expression: # - hostname: static.example.com # path: \.(jpg|png|css|js)$ # service: https://localhost:8001 # Rules can match the request's hostname to a wildcard character: # - hostname: "*.example.com" # service: https://localhost:8002 - service: http_status:404