aboutsummaryrefslogtreecommitdiff
path: root/nix/machines
diff options
context:
space:
mode:
Diffstat (limited to 'nix/machines')
-rw-r--r--nix/machines/vm-synology/default.nix7
-rw-r--r--nix/machines/vm-synology/ingress.nix16
2 files changed, 23 insertions, 0 deletions
diff --git a/nix/machines/vm-synology/default.nix b/nix/machines/vm-synology/default.nix
index dd004f6..8f3b725 100644
--- a/nix/machines/vm-synology/default.nix
+++ b/nix/machines/vm-synology/default.nix
@@ -8,6 +8,12 @@
restic_password = {
file = ../../../secrets/restic_password.age;
};
+ cloudflared-tunnel = {
+ file = ../../../secrets/cloudflared_cragmont.age;
+ };
+ cloudflared-cert = {
+ file = ../../../secrets/cloudflared_cert.age;
+ };
};
};
@@ -15,6 +21,7 @@
./backups.nix
./git.nix
./hardware.nix
+ ./ingress.nix
];
# Use the systemd-boot EFI boot loader.
diff --git a/nix/machines/vm-synology/ingress.nix b/nix/machines/vm-synology/ingress.nix
new file mode 100644
index 0000000..b6ae596
--- /dev/null
+++ b/nix/machines/vm-synology/ingress.nix
@@ -0,0 +1,16 @@
+{ config, ... }:
+{
+ services.cloudflared = {
+ enable = true;
+ certificateFile = config.age.secrets.cloudflared-cert.path;
+ tunnels = {
+ "cragmont" = {
+ credentialsFile = config.age.secrets.cloudflared-tunnel.path;
+ default = "http_status:404";
+ ingress = {
+ "git.fcuny.net".service = "ssh://127.0.0.1:22";
+ };
+ };
+ };
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-07 10:54:06 +0000