diff --git a/home/dot_local/bin/post-installx/executable_post-cloudflared.sh b/home/dot_local/bin/post-installx/executable_post-cloudflared.sh index 97368d60..84262bab 100644 --- a/home/dot_local/bin/post-installx/executable_post-cloudflared.sh +++ b/home/dot_local/bin/post-installx/executable_post-cloudflared.sh @@ -27,25 +27,33 @@ if command -v cloudflared > /dev/null; then else logg success "Skipping deletion of $TUNNEL_ID credentials since it is in use" fi - done< <(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//') + done< <(sudo cloudflared tunnel list | grep "host-$(hostname -s)" | sed 's/ .*//') ### Register tunnel (if not already registered) - logg info "Creating CloudFlared tunnel named host-$HOSTNAME" - sudo cloudflared tunnel create "host-$HOSTNAME" + logg info "Creating CloudFlared tunnel named host-$(hostname -s)" + sudo cloudflared tunnel create "host-$(hostname -s)" ### Acquire TUNNEL_ID and symlink credentials.json - TUNNEL_ID="$(sudo cloudflared tunnel list | grep "host-$HOSTNAME" | sed 's/ .*//')" + TUNNEL_ID="$(sudo cloudflared tunnel list | grep "host-$(hostname -s)" | sed 's/ .*//')" logg info "Tunnel ID: $TUNNEL_ID" logg info "Symlinking /usr/local/etc/cloudflared/$TUNNEL_ID.json to /usr/local/etc/cloudflared/credentials.json" sudo rm -f /usr/local/etc/cloudflared/credentials.json sudo ln -s /usr/local/etc/cloudflared/$TUNNEL_ID.json /usr/local/etc/cloudflared/credentials.json + ### Symlink /usr/local/etc/cloudflared to /etc/cloudflared + if [ ! -d /etc/cloudflared ]; then + logg info 'Symlinking /usr/local/etc/cloudflared to /etc/cloudflared' + sudo ln -s /usr/local/etc/cloudflared /etc/cloudflared + else + logg warn '/etc/cloudflared is present but files are being modified in /usr/local/etc/cloudflared' + fi + ### Configure DNS # Must be deleted manually if no longer used logg info 'Setting up DNS records for CloudFlare Argo tunnels' while read DOMAIN; do logg info "Setting up $DOMAIN for access through cloudflared" - sudo cloudflared tunnel route dns "$TUNNEL_ID" "$DOMAIN" && logg success "Successfully routed $DOMAIN to this machine's cloudflared Argo tunnel" + sudo cloudflared tunnel route dns -f "$TUNNEL_ID" "$DOMAIN" && logg success "Successfully routed $DOMAIN to this machine's cloudflared Argo tunnel" done< <(yq '.ingress[].hostname' config.yml) ### Set up service diff --git a/home/dot_local/etc/cloudflared/config.yml.tmpl b/home/dot_local/etc/cloudflared/config.yml.tmpl index ea0d1c6c..922b17cd 100644 --- a/home/dot_local/etc/cloudflared/config.yml.tmpl +++ b/home/dot_local/etc/cloudflared/config.yml.tmpl @@ -1,47 +1,44 @@ -{{- $baseDomain := printf "%s%s%s" .host.hostname "." .host.domain -}} -{{- if eq .host.qubes true -}} -{{- $baseDomain := printf "%s%s%s" .host.hostname "-qube." .host.domain -}} -{{- end -}} --- tunnel: {{ if eq .host.qubes true }}qube{{ else }}host{{ end }}-{{ .host.hostname }} credentials-file: /usr/local/etc/cloudflared/credentials.json warp-routing: - enabled: true + enabled: true ingress: - - hostname: {{ $baseDomain }} - service: https://localhost:8014 - - hostname: test.{{ $baseDomain }} + - hostname: test-{{ .host.hostname }}.{{ .host.domain }} service: hello_world - - hostname: ssh.{{ $baseDomain }} + - hostname: ssh-{{ .host.hostname }}.{{ .host.domain }} service: ssh://localhost:{{ .host.ssh.port }} - - hostname: rdp.{{ $baseDomain }} - service: rdp://localhost:3389 - - hostname: samba.{{ $baseDomain }} - service: tcp://localhost:8445 - - hostname: sftp.{{ $baseDomain }} - service: tcp://localhost:2022 - - hostname: sftpgo.{{ $baseDomain }} - service: tcp://localhost:11101 - - hostname: vnc.{{ $baseDomain }} - service: tcp://localhost:5901 - - hostname: dagu.{{ $baseDomain }} - service: tcp://localhost:8321 - - hostname: rsyslog.{{ $baseDomain }} - service: tcp://localhost:514 - - hostname: netdata.{{ $baseDomain }} + - hostname: netdata-{{ .host.hostname }}.{{ .host.domain }} service: http://localhost:19999 - - hostname: rundeck.{{ $baseDomain }} - service: https://localhost:4440 - - hostname: portainer.{{ .host.domain }} - service: https://localhost:9439 + - service: http_status:404 + # - hostname: {{ .host.domain }} + # service: https://localhost:8014 + # - hostname: rdp-{{ .host.hostname }}.{{ .host.domain }} + # service: rdp://localhost:3389 + # - hostname: samba.{{ .host.domain }} + # service: tcp://localhost:8445 + # - hostname: sftp.{{ .host.domain }} + # service: tcp://localhost:2022 + # - hostname: sftpgo.{{ .host.domain }} + # service: tcp://localhost:11101 + # - hostname: vnc.{{ .host.domain }} + # service: tcp://localhost:5901 + # - hostname: dagu.{{ .host.domain }} + # service: tcp://localhost:8321 + # - hostname: rsyslog.{{ .host.domain }} + # service: tcp://localhost:514 + # - hostname: rundeck.{{ .host.domain }} + # service: https://localhost:4440 + # - hostname: portainer.{{ .host.domain }} + # service: https://localhost:9439 {{- if eq .host.softwareGroup "Kubernetes" }} - hostname: k8s.{{ .host.domain }} service: bastion {{- end }} # Example of an HTTP request over a Unix socket: - # - hostname: {{ $baseDomain }} + # - hostname: {{ .host.domain }} # service: unix:/home/production/echo.sock # Tunnel the baked-in Hello World test app for testing purposes # Rules can match the request's path to a regular expression: @@ -51,4 +48,3 @@ ingress: # Rules can match the request's hostname to a wildcard character: # - hostname: "*.example.com" # service: https://localhost:8002 - - service: http_status:404 \ No newline at end of file diff --git a/home/dot_local/etc/nginx/sites-available/netdata.conf b/home/dot_local/etc/nginx/sites-available/netdata.conf new file mode 100644 index 00000000..bc3297c4 --- /dev/null +++ b/home/dot_local/etc/nginx/sites-available/netdata.conf @@ -0,0 +1,56 @@ +upstream api { + server 127.0.0.1:50001; +} + +upstream leaf { + server 127.0.0.1:50002; +} + +server { + listen [::]:80; + listen 80; + + server_name xmr.megabyte.space; + + root /var/www/html; + + location /.well-known/acme-challenge/ { allow all; } + location / { return 301 https://$host$request_uri; } +} + +server { + listen [::]:443 ssl http2; + listen 443 ssl http2; + + server_name xmr.megabyte.space; + + ssl_certificate /etc/letsencrypt/live/xmr.megabyte.space/fullchain.pem; + ssl_trusted_certificate /etc/letsencrypt/live/xmr.megabyte.space/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/xmr.megabyte.space/privkey.pem; + + include snippets/ssl.conf; + #include snippets/security.conf; + #include snippets/edge.conf; + #include snippets/cache.conf; + #include snippets/nosniff.conf; + + charset utf-8; + error_page 404 /404.html; + + index index.html; + root /var/www/html; + + location / { + try_files $uri $uri/ =404; + } + + location /api/ { + proxy_pass http://api/; + include snippets/proxy.conf; + } + + location /leaf { + proxy_pass http://leaf; + include snippets/proxy.conf; + } +} diff --git a/software.yml b/software.yml index 542d60ff..eb8e688d 100644 --- a/software.yml +++ b/software.yml @@ -1373,9 +1373,20 @@ softwarePackages: go: github.com/charmbracelet/charm@main nix-env: nixpkgs.charm pacman: charm + chatgpt: + _app: ChatGPT.app + _bin: chatgpt + _desc: Official ChatGPT application for desktop for macOS and fallbacks for ChatGPT desktop on other platforms + _home: https://chatgpt.com/ + _github: false + _name: ChatGPT Official Desktop Application + cask: chatgpt + choco: chatgpt + snap: chatgpt-desktop chatgpt-menubar: _app: Chatgpt.app _bin: null + _deprecated: Deprecated in favor of the official ChatGPT application _desc: ChatGPT for Mac, living in your menubar. _docs: https://github.com/vincelwt/chatgpt-mac _github: https://github.com/vincelwt/chatgpt-mac @@ -1386,6 +1397,7 @@ softwarePackages: chatgpt-nofwl: _app: NoFWL.app _bin: nofwl + _deprecated: Deprecated in favor of the official ChatGPT application _desc: ChatGPT desktop application (Mac, Windows and Linux) _docs: https://app.nofwl.com/docs/chatgpt/config _github: https://github.com/lencx/nofwl