Mac mini server intial commit

cloudflared/.gitignore

@@ -0,0 +1,20 @@
+# Ignore sensitive files
+cloudflared/*.json
+# Ignore all JSON files-> ignores <tunnel_id>.json
+cert.pem
+config.yml
+.env
+
+# Ignore docker-compose override files (local configurations)
+docker-compose.override.yml
+
+# Ignore log files
+*.log
+
+# Ignore backup or swap files created by editors
+*.bak
+*.swp
+
+# Ignore any temporary files or directories created during runtime
+tmp/
+*.pid

cloudflared/README.md

@@ -0,0 +1,42 @@
+# Cloudflare Tunnel Info
+
+## Instructions:
+- Make sure config.yml is updated with changes from config.git.yml
+
+## Contents:
+**`cloudflared`**  
+│   ├── **`<tunnel_id>.json`**  
+│   ├── **`cert.pem`**  
+│   ├── **`config.git.yml`**  
+│   ├── **`config.yml`**  
+│   ├── **`docker-compose.yml`**  
+│   ├── **`.env`**  
+│   ├── **`.gitignore`**  
+│   └── **`README.md`**
+
+### File Descriptions:
+- **`<tunnel_id>.json`**: Cloudflare tunnel credentials file
+- **`cert.pem`**: Cloudflare certificate file
+- **`config.git.yml`**: Version-controlled template for `config.yml`
+- **`config.yml`**: Configuration file for Cloudflare tunnel ingress methods
+- **`docker-compose.yml`**: Docker Compose file for running the Cloudflare tunnel
+- **`.env`**: Environment variables, including the tunnel ID
+- **`.gitignore`**: Git ignore file
+- **`README.md`**: Documentation
+
+### Environment Variables:
+- **`tunnel_id`**: Cloudflare tunnel ID (stored in `.env`).
+
+### Ignored Files:
+- **`<tunnel_id>.json`**: Sensitive file containing the Cloudflare tunnel credentials
+- **`cert.pem`**: Cloudflare certificate file
+- **`config.yml`**: Configuration file with sensitive data
+- **`.env`**: Environment file containing sensitive data
+
+### Current Ingress Methods:
+- **szumko.net** --> dashy dashboard
+- **cloud.szumko.net** --> nextcloud
+- **git.szumko.net** --> Gitea
+- **ha.szumko.net** --> Home Assistant
+- **pihole.szumko.net** --> Pihole Admin
+- **lib.szumko.net** --> Calibre

cloudflared/config.git.yml

@@ -0,0 +1,17 @@
+tunnel: <tunnel_id>  # your tunnel ID
+credentials-file: /etc/cloudflared/<tunnel_id>.json
+
+ingress:
+  - hostname: szumko.net
+    service: http://nginx-app-1:80
+  - hostname: pihole.szumko.net
+    service: http://nginx-app-1:80
+  - hostname: git.szumko.net
+    service: http://nginx-app-1:80
+  - hostname: cloud.szumko.net
+    service: http://nginx-app-1:80
+  - hostname: ha.szumko.net
+    service: http://nginx-app-1:80
+  - hostname: lib.szumko.net
+    service: http://nginx-app-1:80
+  - service: http_status:404

cloudflared/docker-compose.yml

@@ -0,0 +1,19 @@
+services:
+  cloudflared:
+    container_name: 'Cloudflared'
+    image: cloudflare/cloudflared:latest
+    restart: unless-stopped
+    user: '1000:1000'
+    networks:
+      - 'default'
+      - 'tunnel'
+    volumes:
+      - ./config.yml:/etc/cloudflared/config.yml
+      - ./${TUNNEL_ID}.json:/etc/cloudflared/${TUNNEL_ID}.json   # Use environment variable for tunnel ID
+    command: tunnel --no-autoupdate --config /etc/cloudflared/config.yml run
+    env_file:
+      - .env  # Reference the .env file to inject environment variables
+
+networks:
+  tunnel:
+    external: true