From 4c4e250fa14ca3d004b4f41b4508d1f030939eb4 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Wed, 5 Jul 2023 14:18:59 -0600
Subject: [PATCH] add cloudflare tunnel to tempest

---
 hosts/tempest/default.nix       |  8 ++++++++
 private/cloudflared-tempest.age | 15 +++++++++++++++
 2 files changed, 23 insertions(+)
 create mode 100644 private/cloudflared-tempest.age

diff --git a/hosts/tempest/default.nix b/hosts/tempest/default.nix
index fd00134..a6a4f33 100644
--- a/hosts/tempest/default.nix
+++ b/hosts/tempest/default.nix
@@ -92,6 +92,14 @@ inputs.nixpkgs.lib.nixosSystem {
         ryujinx.enable = true;
       };
 
+      cloudflareTunnel = {
+        enable = true;
+        id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
+        credentialsFile = ../../private/cloudflared-tempest.age;
+        ca =
+          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
+      };
+
     }
   ];
 }
diff --git a/private/cloudflared-tempest.age b/private/cloudflared-tempest.age
new file mode 100644
index 0000000..8e9f6de
--- /dev/null
+++ b/private/cloudflared-tempest.age
@@ -0,0 +1,15 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyB1VnBt
+RTV5eWc3RDNUR2lOWFRaMlgzREQyMlcvUFNxV0N2Vm9lVVZKOUZ3ClJjaWtYZjR5
+ZTB4L2M4MFB0UThaMzlRT3JkUEE1N3RrSUlpZnRFbmFDdWcKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIE5iTUs1ak9VZjRIRGpLMWtDcVB0RjVFRW8vOENQZlkzeGhsYmFB
+QzJ6Z00KZmcvZ0hYMjN1bGZwY3NvMjlCbnpHUWVjdVU4cnBGcDQxTU8wZ0EyQXdU
+MAotPiBzc2gtZWQyNTUxOSBuanZYNUEgazRzK2ZnSUZNWURoKzZMZmM4VTlDbVBh
+WGc4MlE5TGFiN1MzV01FT1oyQQppRUhUNjdlQURNQm8rR0JOOUJFNm9vaXhPTXFW
+U2lJU09jWVA0TDRrVHY4Ci0tLSBudWJTclRTek1RWHYzYzA4aTduODB0NUNWbVVP
+cUIyVzJncWhDS053d25nCneJhp1QT1v+dAguW9wAKDgWST59KNBgbY01jkf1IqXc
+FbmkctPIMggim3uCBqjzBboYvf+dtt0Fcu9aiB+4YmGUeQNb+9mdPweXoHmVrego
+XygVsbuSP4xKWtIJhBJ/3/jEK9LqBtv+owdUIxbw5Ci6A0JvSu+tnUj5oAgMyT2z
+YrGRK9plQZteeUkMcd6+anSEUpP45lzfz/T7loD9ViCbPHRuUFgwkwUcRGjQStm3
+pnx9bi8N4ac599f4KqInm5gd
+-----END AGE ENCRYPTED FILE-----