Cloudflared: Difference between revisions
basic stub with untested config |
described how to get credentialsFile |
||
| (One intermediate revision by one other user not shown) | |||
| Line 1: | Line 1: | ||
[https://github.com/cloudflare/cloudflared Cloudflared] is a command line client for a network tunnel from the cloudflare network to a server. | |||
Introduced in https://github.com/NixOS/nixpkgs/pull/171875 | Introduced in https://github.com/NixOS/nixpkgs/pull/171875 | ||
== Example == | == Example == | ||
To get credentialsFile (e.g. tunnel-ID.json) do: | |||
<syntaxhighlight lang="sh"> | |||
cloudflared tunnel login <the-token-you-see-in-dashboard> | |||
cloudflared tunnel create ConvenientTunnelName | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="nix"> | |||
{ | |||
services.cloudflared = { | |||
enable = true; | |||
tunnels = { | |||
"00000000-0000-0000-0000-000000000000" = { | |||
credentialsFile = "${config.sops.secrets.cloudflared-creds.path}"; | |||
default = "http_status:404"; | |||
}; | |||
}; | |||
}; | |||
} | |||
</syntaxhighlight> | |||
Then you can use dashboard to add your public hosts (will need to convert the new tunnel to dashboard-managed). | |||
Alternatively, save the <code>cert.pem</code> to cloudflared user's %home%/.cloudflared/cert.pem, and instead of using dashboard specify ingress rules in your configuration.nix like this: | |||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
| Line 24: | Line 49: | ||
}; | }; | ||
} | } | ||
</syntaxhighlight> | |||
[[Category:Networking]] | |||