feat: move cloudflare tunnel config to network.nix

2025-04-04 20:15:09 -03:00
parent a2f074a3b5
commit 5db75d337f
3 changed files with 24 additions and 22 deletions
--- a/capytal/cloudflare.nix
+++ b/capytal/cloudflare.nix
@@ -1,21 +0,0 @@
-{config, ...}: let
-  secrets = config.spacestation-secrets.lesser;
-in {
-  imports = [];
-
-  virtualisation.oci-containers.containers.cloudflare-funnel = {
-    image = "cloudflare/cloudflared:latest";
-    autoStart = true;
-    extraOptions = [
-      "--network=host"
-    ];
-    cmd = [
-      "tunnel"
-      "--no-autoupdate"
-      "run"
-      "--token"
-      secrets.capytal.cloudflare-funnel
-    ];
-    environment = {};
-  };
-}
--- a/capytal/default.nix
+++ b/capytal/default.nix
@@ -1,8 +1,9 @@
 {inputs, ...}: {
  imports = [
-    ./caddy.nix
    ./cloudflare.nix
+    ./network.nix
    ./websites.nix
+
    ./forgejo
    ./garage.nix
    ./sqld.nix
--- a/capytal/network.nix
+++ b/capytal/network.nix
@@ -17,4 +17,26 @@
      '';
    };
  };
+  virtualisation.oci-containers.containers.cloudflare-funnel = let
+    secrets = config.spacestation-secrets.lesser;
+  in {
+    image = "cloudflare/cloudflared:latest";
+    autoStart = true;
+    extraOptions = [
+      "--network=host"
+    ];
+    cmd = [
+      "tunnel"
+      "--no-autoupdate"
+      "run"
+      "--token"
+      secrets.capytal.cloudflare-funnel
+    ];
+    environment = {};
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    433
+  ];
 }