feat: move cloudflare tunnel config to network.nix

capytal/cloudflare.nix

@@ -1,21 +0,0 @@
-{config, ...}: let
-  secrets = config.spacestation-secrets.lesser;
-in {
-  imports = [];
-
-  virtualisation.oci-containers.containers.cloudflare-funnel = {
-    image = "cloudflare/cloudflared:latest";
-    autoStart = true;
-    extraOptions = [
-      "--network=host"
-    ];
-    cmd = [
-      "tunnel"
-      "--no-autoupdate"
-      "run"
-      "--token"
-      secrets.capytal.cloudflare-funnel
-    ];
-    environment = {};
-  };
-}

capytal/default.nix

@@ -1,8 +1,9 @@
 {inputs, ...}: {
   imports = [
-    ./caddy.nix
     ./cloudflare.nix
+    ./network.nix
     ./websites.nix
+
     ./forgejo
     ./garage.nix
     ./sqld.nix

capytal/network.nix

@@ -17,4 +17,26 @@
       '';
     };
   };
+  virtualisation.oci-containers.containers.cloudflare-funnel = let
+    secrets = config.spacestation-secrets.lesser;
+  in {
+    image = "cloudflare/cloudflared:latest";
+    autoStart = true;
+    extraOptions = [
+      "--network=host"
+    ];
+    cmd = [
+      "tunnel"
+      "--no-autoupdate"
+      "run"
+      "--token"
+      secrets.capytal.cloudflare-funnel
+    ];
+    environment = {};
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    433
+  ];
 }