feat(y2q): add cloudflared

- Add cloudflared runit service
- Serve opengist via Cloudflare tunnel

home/modules/runit/default.nix

@@ -18,6 +18,16 @@
             description = "Shell commands executed as the service's main process";
           };
           log.enable = lib.mkEnableOption "Enable logging";
+          environment = lib.mkOption {
+            type = lib.types.attrsOf lib.types.str;
+            default = {};
+            description = "Environment variables passed to the service's processes";
+          };
+          environmentFile = lib.mkOption {
+            type = lib.types.nullOr lib.types.path;
+            default = null;
+            description = "Environment file passed to the service";
+          };
         };
       }));
     };
@@ -28,21 +38,45 @@
   config = {
     home.file = lib.mkMerge (
       lib.mapAttrsToList (serviceName: sCfg:
-        {
+        let
-          # run script
+          envExports = lib.concatStringsSep "\n" (
-          "runit/services/${serviceName}/run" = {
+            lib.mapAttrsToList (k: v: "export ${k}='${v}'") sCfg.environment
-            text = sCfg.script;
+          );
-            executable = true;
+          envFile = lib.mkIf (sCfg.environmentFile != null) {
+            "runit/services/${serviceName}/.env" = {
+              source = sCfg.environmentFile;
+            };
           };
-          
+          envFileSetup = if sCfg.environmentFile != null then ''
-          # logging
+            set -a
-          "runit/services/${serviceName}/log/run" = lib.mkIf sCfg.log.enable {
+            source .env
-            text = ''
+            set +a
-              #!/bin/sh
+          '' else "";
-              exec svlogd -t ./main
+        in
-            '';
+        lib.mkMerge [
-          };
+          {
-        }
+            # run script
+            "runit/services/${serviceName}/run" = {
+              text = ''
+                #!/usr/bin/env bash
+                ${envExports}
+                ${envFileSetup}
+                ${sCfg.script}
+              '';
+              executable = true;
+            };
+
+            # logging
+            "runit/services/${serviceName}/log/run" = lib.mkIf sCfg.log.enable {
+              text = ''
+                #!/bin/sh
+                exec svlogd -t ./main
+              '';
+              executable = true;
+            };
+          }
+          envFile
+        ]
       ) config.runit.services
     );
   };

home/modules/runit/services/cloudflared.nix

@@ -0,0 +1,25 @@
+{ pkgs, config, rootPath, ... }:
+
+let
+  tunnel = "cb0d9c2c-48f9-4bca-9e81-ef92423c5afa";
+in
+{
+  home.file.".cloudflared/${tunnel}.json".source = rootPath + /secrets/gitcrypt/cloudflared/${tunnel}.json;
+  home.file.".cloudflared/cert.pem".source = rootPath + /secrets/gitcrypt/cloudflared/cert.pem;
+  home.file.".cloudflared/config.yml".text = ''
+    tunnel: ${tunnel}
+    credentials-file: ${config.home.homeDirectory}/.cloudflared/${tunnel}.json
+
+    ingress:
+      - hostname: gist.toast.name
+        service: http://${config.runit.services.opengist.environment.OG_HTTP_HOST}:${config.runit.services.opengist.environment.OG_HTTP_PORT}
+      - service: http_status:404
+  '';
+
+  runit.services.cloudflared = {
+    script = ''
+      exec ${pkgs.cloudflared}/bin/cloudflared tunnel run
+    '';
+    log.enable = true;
+  };
+}

home/modules/runit/services/glances.nix

@@ -3,8 +3,7 @@
 {
   runit.services.glances = {
     script = ''
-      #!/bin/bash
+      exec ${pkgs.glances}/bin/glances -w
-      ${pkgs.glances}/bin/glances -w
     '';
   };
 }

home/modules/runit/services/opengist.nix

@@ -0,0 +1,20 @@
+{ pkgs, rootPath, ... }:
+
+{
+  runit.services.opengist = {
+    script = ''
+      exec ${pkgs.opengist}/bin/opengist start
+    '';
+    
+    environment = {
+      OG_HTTP_HOST = "127.0.0.1";
+      OG_HTTP_PORT = "6157";
+      OG_SSH_HOST = "127.0.0.1";
+      OG_SSH_PORT = "6522";
+    };
+
+    environmentFile = rootPath + /secrets/gitcrypt/opengist.env;
+
+    log.enable = true;
+  };
+}