diff --git a/flake.nix b/flake.nix
index 2d924dc..f09d4d8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -222,6 +222,7 @@
};
nixosModules = {
+ cloudflared-caddy = ./modules/cloudflared-caddy.nix;
neovim = inputs.neovim.nixosModules.default;
playit = ./modules/playit.nix;
services = {
diff --git a/modules/cloudflared-caddy.nix b/modules/cloudflared-caddy.nix
new file mode 100644
index 0000000..e120b0d
--- /dev/null
+++ b/modules/cloudflared-caddy.nix
@@ -0,0 +1,45 @@
+{
+ config,
+ lib,
+ ...
+}:
+with lib; {
+ options.services.cloudflared = {
+ tunnels = mkOption {
+ type = with types;
+ attrsOf (submodule
+ ({...}: {
+ options.caddy-domain = mkOption {
+ type = nullOr str;
+ default = null;
+ };
+ }));
+ apply = tunnels:
+ mapAttrs (n: v: let
+ domain = v.caddy-domain;
+ in
+ if isNull domain
+ then v
+ else
+ v
+ // {
+ ingress =
+ (pipe config.services.caddy.virtualHosts [
+ (mapAttrs' (n: v: let
+ domainPort = splitString ":" n;
+ domain = elemAt domainPort 0;
+ port =
+ if (length domainPort) > 1
+ then elemAt domainPort 1
+ else null;
+ in
+ nameValuePair domain port))
+ (filterAttrs (n: v: !(isNull v) && hasSuffix domain n))
+ (mapAttrs (n: v: {service = "http://localhost:${v}";}))
+ ])
+ // v.ingress;
+ })
+ tunnels;
+ };
+ };
+}
diff --git a/services/cloudflared.nix b/services/cloudflared.nix
index 617f6dc..f358e8d 100644
--- a/services/cloudflared.nix
+++ b/services/cloudflared.nix
@@ -1,13 +1,24 @@
-{config, ...}: {
+{
+ config,
+ self,
+ ...
+}: {
+ imports = [
+ self.nixosModules.cloudflared-caddy
+ ];
+
services.cloudflared.enable = true;
services.cloudflared.tunnels = {
"9ed8b48f-9585-4a67-9895-114b162172fb" = {
certificateFile = config.sops.secrets."services/cloudflared/guzone-cert".path;
credentialsFile = config.sops.secrets."services/cloudflared/guzone-cred".path;
+ caddy-domain = "guz.one";
default = "http_status:404";
};
};
+ services.caddy.enable = true;
+
sops.secrets = {
"services/cloudflared/guzone-cert" = {};
"services/cloudflared/guzone-cred" = {};
diff --git a/services/minecraft-servers.nix b/services/minecraft-servers.nix
index de47e5e..353b08b 100644
--- a/services/minecraft-servers.nix
+++ b/services/minecraft-servers.nix
@@ -143,6 +143,7 @@ in {
jre_headless = pkgs.jdk25_headless;
loaderVersion = fabricVersion;
};
+ managementSystem.systemd-socket.enable = true;
symlinks =
collectFilesAt modpack "mods"
// {
@@ -240,6 +241,7 @@ in {
FABRIC_PROXY_SECRET_FILE = config.sops.secrets."services/minecraft/proxy-secret".path;
};
serverProperties = {
+ allow-flight = true;
broadcast-console-to-opts = true;
difficulty = "normal";
enforce-whitelist = true;
@@ -257,15 +259,22 @@ in {
};
};
- services.cloudflared.tunnels."9ed8b48f-9585-4a67-9895-114b162172fb" = let
+ services.caddy.virtualHosts."favelasmp.guz.one:80" = let
meshLib = cfg.servers."favelasmp".files."config/mesh-lib/main.json".value;
in {
- ingress = {
- "favelasmp.guz.one" = {
- service = "http://localhost:${toString meshLib.httpPort}";
- path = "^/git-pack-manager.*$";
- };
- };
+ extraConfig = ''
+ header Content-Type text/html
+ respond <
+ FavelaSMP
+ Hello, FavelaSMP
+
+ HTML 200
+
+ handle /git-pack-manager* {
+ reverse_proxy http://localhost:${toString meshLib.httpPort}
+ }
+ '';
};
environment.persistence."/persist".directories = [