comparing c35a71a431d37fef9928a7686bdcf76084eb6703 and main on dunkirk.sh/dots

-1

README.md

···

       18
       18
        
       ├── machines

     

       19
       19
        
       │   ├── atalanta # my macOS M4 machine

     

       20
       20
        
       │   ├── ember # my dell r210 server (in my basement)

     

       21
       21
       -
       │   ├── john # shared server for cedarville

     

       22
       21
        
       │   ├── moonlark # my framework 13 <dead>

     

       23
       22
        
       │   ├── nest # shared tilde server through hc

     

       24
       23
        
       │   ├── prattle # oracle cloud x86_64 server

+28 -28

flake.lock

···

       209
       209
        
               ]

     

       210
       210
        
             },

     

       211
       211
        
             "locked": {

     

       212
       212
       -
               "lastModified": 1764627417,

     

       213
       213
       -
               "narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=",

     

       212
       212
       +
               "lastModified": 1765326679,

     

       213
       213
       +
               "narHash": "sha256-fTLX9kDwLr9Y0rH/nG+h1XG5UU+jBcy0PFYn5eneRX8=",

     

       214
       214
        
               "owner": "nix-community",

     

       215
       215
        
               "repo": "disko",

     

       216
       216
       -
               "rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3",

     

       216
       216
       +
               "rev": "d64e5cdca35b5fad7c504f615357a7afe6d9c49e",

     

       217
       217
        
               "type": "github"

     

       218
       218
        
             },

     

       219
       219
        
             "original": {

     
···

       608
       608
        
               ]

     

       609
       609
        
             },

     

       610
       610
        
             "locked": {

     

       611
       611
       -
               "lastModified": 1765170903,

     

       612
       612
       -
               "narHash": "sha256-O8VTGey1xxiRW+Fpb+Ps9zU7ShmxUA1a7cMTcENCVNg=",

     

       611
       611
       +
               "lastModified": 1765384171,

     

       612
       612
       +
               "narHash": "sha256-FuFtkJrW1Z7u+3lhzPRau69E0CNjADku1mLQQflUORo=",

     

       613
       613
        
               "owner": "nix-community",

     

       614
       614
        
               "repo": "home-manager",

     

       615
       615
       -
               "rev": "20561be440a11ec57a89715480717baf19fe6343",

     

       615
       615
       +
               "rev": "44777152652bc9eacf8876976fa72cc77ca8b9d8",

     

       616
       616
        
               "type": "github"

     

       617
       617
        
             },

     

       618
       618
        
             "original": {

     
···

       813
       813
        
               "nixpkgs": "nixpkgs_3"

     

       814
       814
        
             },

     

       815
       815
        
             "locked": {

     

       816
       816
       -
               "lastModified": 1765159287,

     

       817
       817
       -
               "narHash": "sha256-C+dVEekU31QPaPShMaUbs3LqOVVqzq0b4gKC1jX8Mlk=",

     

       816
       816
       +
               "lastModified": 1765418662,

     

       817
       817
       +
               "narHash": "sha256-8SSYagIUn+m9CKUYddq3DN1xkh04KCO0itB/LMgEgpc=",

     

       818
       818
        
               "owner": "nix-community",

     

       819
       819
        
               "repo": "nix-vscode-extensions",

     

       820
       820
       -
               "rev": "dccd0cc3693bff67e4856b5a22445223aabc4d4b",

     

       820
       820
       +
               "rev": "0f6679daa3f5bc2b09827b67f49caf0ac8e3a4c8",

     

       821
       821
        
               "type": "github"

     

       822
       822
        
             },

     

       823
       823
        
             "original": {

     
···

       828
       828
        
           },

     

       829
       829
        
           "nixos-facter-modules": {

     

       830
       830
        
             "locked": {

     

       831
       831
       -
               "lastModified": 1764252389,

     

       832
       832
       -
               "narHash": "sha256-3bbuneTKZBkYXlm0bE36kUjiDsasoIC1GWBw/UEJ9T4=",

     

       831
       831
       +
               "lastModified": 1765442039,

     

       832
       832
       +
               "narHash": "sha256-k3lYQ+A1F7aTz8HnlU++bd9t/x/NP2A4v9+x6opcVg0=",

     

       833
       833
        
               "owner": "numtide",

     

       834
       834
        
               "repo": "nixos-facter-modules",

     

       835
       835
       -
               "rev": "5ea68886d95218646d11d3551a476d458df00778",

     

       835
       835
       +
               "rev": "9dd775ee92de63f14edd021d59416e18ac2c00f1",

     

       836
       836
        
               "type": "github"

     

       837
       837
        
             },

     

       838
       838
        
             "original": {

     
···

       874
       874
        
           },

     

       875
       875
        
           "nixpkgs-unstable": {

     

       876
       876
        
             "locked": {

     

       877
       877
       -
               "lastModified": 1764950072,

     

       878
       878
       -
               "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=",

     

       877
       877
       +
               "lastModified": 1765186076,

     

       878
       878
       +
               "narHash": "sha256-hM20uyap1a0M9d344I692r+ik4gTMyj60cQWO+hAYP8=",

     

       879
       879
        
               "owner": "nixos",

     

       880
       880
        
               "repo": "nixpkgs",

     

       881
       881
       -
               "rev": "f61125a668a320878494449750330ca58b78c557",

     

       881
       881
       +
               "rev": "addf7cf5f383a3101ecfba091b98d0a1263dc9b8",

     

       882
       882
        
               "type": "github"

     

       883
       883
        
             },

     

       884
       884
        
             "original": {

     
···

       922
       922
        
           },

     

       923
       923
        
           "nixpkgs_4": {

     

       924
       924
        
             "locked": {

     

       925
       925
       -
               "lastModified": 1764983851,

     

       926
       926
       -
               "narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=",

     

       925
       925
       +
               "lastModified": 1765311797,

     

       926
       926
       +
               "narHash": "sha256-mSD5Ob7a+T2RNjvPvOA1dkJHGVrNVl8ZOrAwBjKBDQo=",

     

       927
       927
        
               "owner": "nixos",

     

       928
       928
        
               "repo": "nixpkgs",

     

       929
       929
       -
               "rev": "d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454",

     

       929
       929
       +
               "rev": "09eb77e94fa25202af8f3e81ddc7353d9970ac1b",

     

       930
       930
        
               "type": "github"

     

       931
       931
        
             },

     

       932
       932
        
             "original": {

     
···

       1048
       1048
        
               ]

     

       1049
       1049
        
             },

     

       1050
       1050
        
             "locked": {

     

       1051
       1051
       -
               "lastModified": 1765213466,

     

       1052
       1052
       -
               "narHash": "sha256-JdQa7m3a/oWun8TGJ+jamAdxn820RFjqDLNnl4d8a+0=",

     

       1051
       1051
       +
               "lastModified": 1765470296,

     

       1052
       1052
       +
               "narHash": "sha256-bURojPUn8jloR046JNZf6qrYNmEPfFEoDaLTKoP9pg4=",

     

       1053
       1053
        
               "owner": "nix-community",

     

       1054
       1054
        
               "repo": "NUR",

     

       1055
       1055
       -
               "rev": "0c5cabc4f46e5ce7e45827c22b21173a887acff2",

     

       1055
       1055
       +
               "rev": "441a70568483c0c48b338cca2030e3d9c7aef3ba",

     

       1056
       1056
        
               "type": "github"

     

       1057
       1057
        
             },

     

       1058
       1058
        
             "original": {

     
···

       1379
       1379
        
               "sqlite-lib-src": "sqlite-lib-src"

     

       1380
       1380
        
             },

     

       1381
       1381
        
             "locked": {

     

       1382
       1382
       -
               "lastModified": 1765171220,

     

       1383
       1383
       -
               "narHash": "sha256-K+Cs6k0nQYRwW+RwlKCZabLBOVel84C2wPEZjYOH6JA=",

     

       1382
       1382
       +
               "lastModified": 1765368304,

     

       1383
       1383
       +
               "narHash": "sha256-Q3JC5+FYtsKJU70WIhGhsAYWzu0CvUmmbdYhcFe46Pg=",

     

       1384
       1384
        
               "ref": "refs/heads/master",

     

       1385
       1385
       -
               "rev": "ca8217e99806280fa77316b46b0b243647ed491c",

     

       1386
       1386
       -
               "revCount": 1722,

     

       1385
       1385
       +
               "rev": "a53d124ea4746109c1933f7adc72f0bde1309890",

     

       1386
       1386
       +
               "revCount": 1731,

     

       1387
       1387
        
               "type": "git",

     

       1388
       1388
        
               "url": "https://tangled.org/tangled.org/core"

     

       1389
       1389
        
             },

     
···

       1476
       1476
        
               "zig2nix": "zig2nix"

     

       1477
       1477
        
             },

     

       1478
       1478
        
             "locked": {

     

       1479
       1479
       -
               "lastModified": 1765255474,

     

       1480
       1480
       -
               "narHash": "sha256-Bs/wb2EIDe1QHsmHHQ34L0se4eANdGsQpxAsc+gDCrU=",

     

       1479
       1479
       +
               "lastModified": 1765397837,

     

       1480
       1480
       +
               "narHash": "sha256-nMlS9SA8MLJHJ0X/zEg3eG18mLw5vvZpZBbTbVcGFTI=",

     

       1481
       1481
        
               "owner": "neurosnap",

     

       1482
       1482
        
               "repo": "zmx",

     

       1483
       1483
       -
               "rev": "b5b525c333f086798e319b1a27f2bc0119ebca5c",

     

       1483
       1483
       +
               "rev": "a22dba538a31480ed450b389f397e15880a1c53a",

     

       1484
       1484
        
               "type": "github"

     

       1485
       1485
        
             },

     

       1486
       1486
        
             "original": {

+8 -1

machines/atalanta/home/default.nix

···

       45
       45
        
             

     

       46
       46
        
             zmx = {

     

       47
       47
        
               enable = true;

     

       48
       48
       -
               hosts = [ "t.*" "p.*" "e.*" ];

     

       48
       48
       +
               hosts = [ "t.*" "p.*" "e.*" "j.*" ];

     

       49
       49
        
             };

     

       50
       50
        
       

     

       51
       51
        
             hosts = {

     
···

       62
       62
        
                 hostname = "192.168.0.94";  # ember

     

       63
       63
        
               };

     

       64
       64
        
       

     

       65
       65
       +
               "j.*" = {

     

       66
       66
       +
                 hostname = "john.cedarville.edu";

     

       67
       67
       +
                 user = "klukas";

     

       68
       68
       +
               };

     

       69
       69
       +
       

     

       65
       70
        
               # Regular hosts

     

       66
       71
        
               john = {

     

       72
       72
       +
                 hostname = "john.cedarville.edu";

     

       67
       73
        
                 user = "klukas";

     

       74
       74
       +
                 zmx = true;

     

       68
       75
        
               };

     

       69
       76
        
       

     

       70
       77
        
               bandit = {

-36

machines/john/default.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         inputs,

     

       3
       3
       -
         pkgs,

     

       4
       4
       -
         ...

     

       5
       5
       -
       }:

     

       6
       6
       -
       {

     

       7
       7
       -
         imports = [

     

       8
       8
       -
           (inputs.import-tree ../../modules/home)

     

       9
       9
       -
           ../../modules/home/system/nixpkgs.nix.disabled

     

       10
       10
       -
         ];

     

       11
       11
       -
       

     

       12
       12
       -
         nixpkgs.enable = true;

     

       13
       13
       -
       

     

       14
       14
       -
         home = {

     

       15
       15
       -
           username = "klukas";

     

       16
       16
       -
           homeDirectory = "/home/students/2029/klukas";

     

       17
       17
       -
       

     

       18
       18
       -
           packages = with pkgs; [ ];

     

       19
       19
       -
         };

     

       20
       20
       -
       

     

       21
       21
       -
         atelier = {

     

       22
       22
       -
           shell.enable = true;

     

       23
       23
       -
         };

     

       24
       24
       -
       

     

       25
       25
       -
         # Enable home-manager

     

       26
       26
       -
         programs.home-manager.enable = true;

     

       27
       27
       -
       

     

       28
       28
       -
         # keep hm in .local/state since we are using nix-portable

     

       29
       29
       -
         xdg.enable = true;

     

       30
       30
       -
       

     

       31
       31
       -
         # Nicely reload system units when changing configs

     

       32
       32
       -
         systemd.user.startServices = "sd-switch";

     

       33
       33
       -
       

     

       34
       34
       -
         # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion

     

       35
       35
       -
         home.stateVersion = "23.05";

     

       36
       36
       -
       }

+28 -4

modules/home/apps/bore/bore.1.md

···

       8
       8
        
       

     

       9
       9
        
       # SYNOPSIS

     

       10
       10
        
       

     

       11
       11
       -
       **bore** [*SUBDOMAIN*] [*PORT*] [**--label** *LABEL*] [**--save**]

     

       11
       11
       +
       **bore** [*SUBDOMAIN*] [*PORT*] [**--protocol** *PROTOCOL*] [**--label** *LABEL*] [**--save**]

     

       12
       12
        
       

     

       13
       13
        
       **bore** **--list** | **-l**

     

       14
       14
        
       

     
···

       16
       16
        
       

     

       17
       17
        
       # DESCRIPTION

     

       18
       18
        
       

     

       19
       19
       -
       **bore** is a tunneling service that uses frp (fast reverse proxy) to expose local services to the internet via bore.dunkirk.sh. It provides a simple CLI for creating and managing HTTP tunnels with optional labels and persistent configuration.

     

       19
       19
       +
       **bore** is a tunneling service that uses frp (fast reverse proxy) to expose local services to the internet via bore.dunkirk.sh. It provides a simple CLI for creating and managing HTTP, TCP, and UDP tunnels with optional labels and persistent configuration.

     

       20
       20
        
       

     

       21
       21
        
       # OPTIONS

     

       22
       22
        
       

     
···

       25
       25
        
       

     

       26
       26
        
       **-s**, **--saved**

     

       27
       27
        
       : List all saved tunnel configurations from bore.toml in the current directory.

     

       28
       28
       +
       

     

       29
       29
       +
       **-p**, **--protocol** *PROTOCOL*

     

       30
       30
       +
       : Specify the protocol to use for the tunnel: **http** (default), **tcp**, or **udp**.

     

       28
       31
        
       

     

       29
       32
        
       **--label** *LABEL*

     

       30
       33
        
       : Assign a label/tag to the tunnel for organization and identification.

     
···

       52
       55
        
       

     

       53
       56
        
       [api]

     

       54
       57
        
       port = 3000

     

       58
       58
       +
       protocol = "http"

     

       55
       59
        
       label = "dev"

     

       60
       60
       +
       

     

       61
       61
       +
       [database]

     

       62
       62
       +
       port = 5432

     

       63
       63
       +
       protocol = "tcp"

     

       64
       64
       +
       label = "postgres"

     

       65
       65
       +
       

     

       66
       66
       +
       [game-server]

     

       67
       67
       +
       port = 27015

     

       68
       68
       +
       protocol = "udp"

     

       69
       69
       +
       label = "game"

     

       56
       70
        
       ```

     

       57
       71
        
       

     

       58
       72
        
       When running **bore** without arguments in a directory with bore.toml, you'll be prompted to choose between creating a new tunnel or using a saved configuration.

     

       59
       73
        
       

     

       60
       74
        
       # EXAMPLES

     

       61
       75
        
       

     

       62
       62
       -
       Create a simple tunnel:

     

       76
       76
       +
       Create a simple HTTP tunnel:

     

       63
       77
        
       ```

     

       64
       78
        
       $ bore myapp 8000

     

       65
       79
        
       ```

     

       66
       80
        
       

     

       67
       67
       -
       Create a tunnel with a label:

     

       81
       81
       +
       Create an HTTP tunnel with a label:

     

       68
       82
        
       ```

     

       69
       83
        
       $ bore api 3000 --label dev

     

       84
       84
       +
       ```

     

       85
       85
       +
       

     

       86
       86
       +
       Create a TCP tunnel for a database:

     

       87
       87
       +
       ```

     

       88
       88
       +
       $ bore database 5432 --protocol tcp --label postgres

     

       89
       89
       +
       ```

     

       90
       90
       +
       

     

       91
       91
       +
       Create a UDP tunnel for a game server:

     

       92
       92
       +
       ```

     

       93
       93
       +
       $ bore game-server 27015 --protocol udp --label game

     

       70
       94
        
       ```

     

       71
       95
        
       

     

       72
       96
        
       Save a tunnel configuration:

+7 -1

modules/home/apps/bore/completions/bore.bash

···

       5
       5
        
           COMPREPLY=()

     

       6
       6
        
           cur="${COMP_WORDS[COMP_CWORD]}"

     

       7
       7
        
           prev="${COMP_WORDS[COMP_CWORD-1]}"

     

       8
       8
       -
           opts="--list --saved --label --save -l -s"

     

       8
       8
       +
           opts="--list --saved --protocol --label --save -l -s -p"

     

       9
       9
        
       

     

       10
       10
        
           # Complete flags

     

       11
       11
        
           if [[ ${cur} == -* ]]; then

     

       12
       12
        
               COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )

     

       13
       13
       +
               return 0

     

       14
       14
       +
           fi

     

       15
       15
       +
       

     

       16
       16
       +
           # Complete protocol values after --protocol or -p

     

       17
       17
       +
           if [[ ${prev} == "--protocol" ]] || [[ ${prev} == "-p" ]]; then

     

       18
       18
       +
               COMPREPLY=( $(compgen -W "http tcp udp" -- ${cur}) )

     

       13
       19
        
               return 0

     

       14
       20
        
           fi

     

       15
       21

modules/home/apps/bore/completions/bore.fish

···

       10
       10
        
       # Complete flags

     

       11
       11
        
       complete -c bore -s l -l list -d 'List active tunnels'

     

       12
       12
        
       complete -c bore -s s -l saved -d 'List saved tunnels from bore.toml'

     

       13
       13
       +
       complete -c bore -s p -l protocol -d 'Specify protocol' -xa 'http tcp udp'

     

       13
       14
        
       complete -c bore -l label -d 'Assign a label to the tunnel' -r

     

       14
       15
        
       complete -c bore -l save -d 'Save tunnel configuration to bore.toml'

     

       15
       16

modules/home/apps/bore/completions/bore.zsh

···

       17
       17
        
               '-l[List active tunnels]' \

     

       18
       18
        
               '--saved[List saved tunnels from bore.toml]' \

     

       19
       19
        
               '-s[List saved tunnels from bore.toml]' \

     

       20
       20
       +
               '--protocol[Specify protocol]:protocol:(http tcp udp)' \

     

       21
       21
       +
               '-p[Specify protocol]:protocol:(http tcp udp)' \

     

       20
       22
        
               '--label[Assign a label to the tunnel]:label:' \

     

       21
       23
        
               '--save[Save tunnel configuration to bore.toml]' \

     

       22
       24
        
               && return 0

+174 -39

modules/home/apps/bore/default.nix

···

       23
       23
        
             fi

     

       24
       24
        
             

     

       25
       25
        
             # Filter only online tunnels with valid conf

     

       26
       26
       -
             echo "$tunnels" | ${pkgs.jq}/bin/jq -r '.proxies[] | select(.status == "online" and .conf != null) | "\(.name) → https://\(.conf.subdomain).${cfg.domain}"' | while read -r line; do

     

       26
       26
       +
             echo "$tunnels" | ${pkgs.jq}/bin/jq -r '.proxies[] | select(.status == "online" and .conf != null) | if .type == "http" then "\(.name) → https://\(.conf.subdomain).${cfg.domain} [http]" elif .type == "tcp" then "\(.name) → tcp://\(.conf.remotePort) → localhost:\(.conf.localPort) [tcp]" elif .type == "udp" then "\(.name) → udp://\(.conf.remotePort) → localhost:\(.conf.localPort) [udp]" else "\(.name) [\(.type)]" end' | while read -r line; do

     

       27
       27
        
               ${pkgs.gum}/bin/gum style --foreground 35 "✓ $line"

     

       28
       28
        
             done

     

       29
       29
        
             exit 0

     
···

       44
       44
        
                 current_tunnel="''${BASH_REMATCH[1]}"

     

       45
       45
        
               elif [[ "$line" =~ ^port[[:space:]]*=[[:space:]]*([0-9]+) ]]; then

     

       46
       46
        
                 port="''${BASH_REMATCH[1]}"

     

       47
       47
       +
               elif [[ "$line" =~ ^protocol[[:space:]]*=[[:space:]]*\"([^\"]+)\" ]]; then

     

       48
       48
       +
                 protocol="''${BASH_REMATCH[1]}"

     

       47
       49
        
               elif [[ "$line" =~ ^label[[:space:]]*=[[:space:]]*\"([^\"]+)\" ]]; then

     

       48
       50
        
                 label="''${BASH_REMATCH[1]}"

     

       49
       49
       -
                 ${pkgs.gum}/bin/gum style --foreground 35 "✓ $current_tunnel → localhost:$port [$label]"

     

       51
       51
       +
                 proto_display="''${protocol:-http}"

     

       52
       52
       +
                 ${pkgs.gum}/bin/gum style --foreground 35 "✓ $current_tunnel → localhost:$port [$proto_display] [$label]"

     

       50
       53
        
                 label=""

     

       54
       54
       +
                 protocol=""

     

       51
       55
        
               elif [[ -z "$line" ]] && [[ -n "$current_tunnel" ]] && [[ -n "$port" ]]; then

     

       52
       52
       -
                 ${pkgs.gum}/bin/gum style --foreground 35 "✓ $current_tunnel → localhost:$port"

     

       56
       56
       +
                 proto_display="''${protocol:-http}"

     

       57
       57
       +
                 ${pkgs.gum}/bin/gum style --foreground 35 "✓ $current_tunnel → localhost:$port [$proto_display]"

     

       53
       58
        
                 current_tunnel=""

     

       54
       59
        
                 port=""

     

       60
       60
       +
                 protocol=""

     

       55
       61
        
               fi

     

       56
       62
        
             done < "$CONFIG_FILE"

     

       57
       63
        
             

     

       58
       64
        
             # Handle last entry if file doesn't end with blank line

     

       59
       65
        
             if [[ -n "$current_tunnel" ]] && [[ -n "$port" ]]; then

     

       66
       66
       +
               proto_display="''${protocol:-http}"

     

       60
       67
        
               if [[ -n "$label" ]]; then

     

       61
       61
       -
                 ${pkgs.gum}/bin/gum style --foreground 35 "✓ $current_tunnel → localhost:$port [$label]"

     

       68
       68
       +
                 ${pkgs.gum}/bin/gum style --foreground 35 "✓ $current_tunnel → localhost:$port [$proto_display] [$label]"

     

       62
       69
        
               else

     

       63
       63
       -
                 ${pkgs.gum}/bin/gum style --foreground 35 "✓ $current_tunnel → localhost:$port"

     

       70
       70
       +
                 ${pkgs.gum}/bin/gum style --foreground 35 "✓ $current_tunnel → localhost:$port [$proto_display]"

     

       64
       71
        
               fi

     

       65
       72
        
             fi

     

       66
       73
        
             exit 0

     

       67
       74
        
           fi

     

       68
       75
        
       

     

       69
       69
       -
           # Get subdomain

     

       76
       76
       +
           # Get tunnel name/subdomain

     

       70
       77
        
           if [ -n "$1" ]; then

     

       71
       71
       -
             subdomain="$1"

     

       78
       78
       +
             tunnel_name="$1"

     

       72
       79
        
           else

     

       73
       80
        
             # Check if we have a bore.toml in current directory

     

       74
       81
        
             if [ -f "$CONFIG_FILE" ]; then

     
···

       85
       92
        
                 if [ "$choice" = "Use saved tunnel" ]; then

     

       86
       93
        
                   # Extract tunnel names from TOML

     

       87
       94
        
                   saved_names=$(${pkgs.gnugrep}/bin/grep '^\[' "$CONFIG_FILE" | ${pkgs.gnused}/bin/sed 's/^\[\(.*\)\]$/\1/')

     

       88
       88
       -
                   subdomain=$(echo "$saved_names" | ${pkgs.gum}/bin/gum choose)

     

       95
       95
       +
                   tunnel_name=$(echo "$saved_names" | ${pkgs.gum}/bin/gum choose)

     

       89
       96
        
                   

     

       90
       90
       -
                   if [ -z "$subdomain" ]; then

     

       97
       97
       +
                   if [ -z "$tunnel_name" ]; then

     

       91
       98
        
                     ${pkgs.gum}/bin/gum style --foreground 196 "No tunnel selected"

     

       92
       99
        
                     exit 1

     

       93
       100
        
                   fi

     
···

       96
       103
        
                   in_section=false

     

       97
       104
        
                   while IFS= read -r line; do

     

       98
       105
        
                     if [[ "$line" =~ ^\[([^]]+)\] ]]; then

     

       99
       99
       -
                       if [[ "''${BASH_REMATCH[1]}" = "$subdomain" ]]; then

     

       106
       106
       +
                       if [[ "''${BASH_REMATCH[1]}" = "$tunnel_name" ]]; then

     

       100
       107
        
                         in_section=true

     

       101
       108
        
                       else

     

       102
       109
        
                         in_section=false

     
···

       104
       111
        
                     elif [[ "$in_section" = true ]]; then

     

       105
       112
        
                       if [[ "$line" =~ ^port[[:space:]]*=[[:space:]]*([0-9]+) ]]; then

     

       106
       113
        
                         port="''${BASH_REMATCH[1]}"

     

       114
       114
       +
                       elif [[ "$line" =~ ^protocol[[:space:]]*=[[:space:]]*\"([^\"]+)\" ]]; then

     

       115
       115
       +
                         protocol="''${BASH_REMATCH[1]}"

     

       107
       116
        
                       elif [[ "$line" =~ ^label[[:space:]]*=[[:space:]]*\"([^\"]+)\" ]]; then

     

       108
       117
        
                         label="''${BASH_REMATCH[1]}"

     

       109
       118
        
                       fi

     

       110
       119
        
                     fi

     

       111
       120
        
                   done < "$CONFIG_FILE"

     

       112
       121
        
                   

     

       113
       113
       -
                   ${pkgs.gum}/bin/gum style --foreground 35 "✓ Loaded from bore.toml: $subdomain → localhost:$port''${label:+ [$label]}"

     

       122
       122
       +
                   proto_display="''${protocol:-http}"

     

       123
       123
       +
                   ${pkgs.gum}/bin/gum style --foreground 35 "✓ Loaded from bore.toml: $tunnel_name → localhost:$port [$proto_display]''${label:+ [$label]}"

     

       114
       124
        
                 else

     

       115
       115
       -
                   # New tunnel

     

       116
       116
       -
                   subdomain=$(${pkgs.gum}/bin/gum input --placeholder "myapp" --prompt "Subdomain: ")

     

       117
       117
       -
                   if [ -z "$subdomain" ]; then

     

       118
       118
       -
                     ${pkgs.gum}/bin/gum style --foreground 196 "No subdomain provided"

     

       125
       125
       +
                   # New tunnel - prompt for protocol first to determine what to ask for

     

       126
       126
       +
                   protocol=$(${pkgs.gum}/bin/gum choose --header "Protocol:" "http" "tcp" "udp")

     

       127
       127
       +
                   if [ -z "$protocol" ]; then

     

       128
       128
       +
                     protocol="http"

     

       129
       129
       +
                   fi

     

       130
       130
       +
                   

     

       131
       131
       +
                   if [ "$protocol" = "http" ]; then

     

       132
       132
       +
                     tunnel_name=$(${pkgs.gum}/bin/gum input --placeholder "myapp" --prompt "Subdomain: ")

     

       133
       133
       +
                   else

     

       134
       134
       +
                     tunnel_name=$(${pkgs.gum}/bin/gum input --placeholder "my-tunnel" --prompt "Tunnel name: ")

     

       135
       135
       +
                   fi

     

       136
       136
       +
                   

     

       137
       137
       +
                   if [ -z "$tunnel_name" ]; then

     

       138
       138
       +
                     ${pkgs.gum}/bin/gum style --foreground 196 "No name provided"

     

       119
       139
        
                     exit 1

     

       120
       140
        
                   fi

     

       121
       141
        
                 fi

     

       122
       142
        
               else

     

       123
       143
        
                 ${pkgs.gum}/bin/gum style --bold --foreground 212 "Creating bore tunnel"

     

       124
       144
        
                 echo

     

       125
       125
       -
                 subdomain=$(${pkgs.gum}/bin/gum input --placeholder "myapp" --prompt "Subdomain: ")

     

       126
       126
       -
                 if [ -z "$subdomain" ]; then

     

       127
       127
       -
                   ${pkgs.gum}/bin/gum style --foreground 196 "No subdomain provided"

     

       145
       145
       +
                 # Prompt for protocol first

     

       146
       146
       +
                 protocol=$(${pkgs.gum}/bin/gum choose --header "Protocol:" "http" "tcp" "udp")

     

       147
       147
       +
                 if [ -z "$protocol" ]; then

     

       148
       148
       +
                   protocol="http"

     

       149
       149
       +
                 fi

     

       150
       150
       +
                 

     

       151
       151
       +
                 if [ "$protocol" = "http" ]; then

     

       152
       152
       +
                   tunnel_name=$(${pkgs.gum}/bin/gum input --placeholder "myapp" --prompt "Subdomain: ")

     

       153
       153
       +
                 else

     

       154
       154
       +
                   tunnel_name=$(${pkgs.gum}/bin/gum input --placeholder "my-tunnel" --prompt "Tunnel name: ")

     

       155
       155
       +
                 fi

     

       156
       156
       +
                 

     

       157
       157
       +
                 if [ -z "$tunnel_name" ]; then

     

       158
       158
       +
                   ${pkgs.gum}/bin/gum style --foreground 196 "No name provided"

     

       128
       159
        
                   exit 1

     

       129
       160
        
                 fi

     

       130
       161
        
               fi

     

       131
       162
        
             else

     

       132
       163
        
               ${pkgs.gum}/bin/gum style --bold --foreground 212 "Creating bore tunnel"

     

       133
       164
        
               echo

     

       134
       134
       -
               subdomain=$(${pkgs.gum}/bin/gum input --placeholder "myapp" --prompt "Subdomain: ")

     

       135
       135
       -
               if [ -z "$subdomain" ]; then

     

       136
       136
       -
                 ${pkgs.gum}/bin/gum style --foreground 196 "No subdomain provided"

     

       165
       165
       +
               # Prompt for protocol first

     

       166
       166
       +
               protocol=$(${pkgs.gum}/bin/gum choose --header "Protocol:" "http" "tcp" "udp")

     

       167
       167
       +
               if [ -z "$protocol" ]; then

     

       168
       168
       +
                 protocol="http"

     

       169
       169
       +
               fi

     

       170
       170
       +
               

     

       171
       171
       +
               if [ "$protocol" = "http" ]; then

     

       172
       172
       +
                 tunnel_name=$(${pkgs.gum}/bin/gum input --placeholder "myapp" --prompt "Subdomain: ")

     

       173
       173
       +
               else

     

       174
       174
       +
                 tunnel_name=$(${pkgs.gum}/bin/gum input --placeholder "my-tunnel" --prompt "Tunnel name: ")

     

       175
       175
       +
               fi

     

       176
       176
       +
               

     

       177
       177
       +
               if [ -z "$tunnel_name" ]; then

     

       178
       178
       +
                 ${pkgs.gum}/bin/gum style --foreground 196 "No name provided"

     

       137
       179
        
                 exit 1

     

       138
       180
        
               fi

     

       139
       181
        
             fi

     

       140
       182
        
           fi

     

       141
       183
        
       

     

       142
       142
       -
           # Validate subdomain

     

       143
       143
       -
           if ! echo "$subdomain" | ${pkgs.gnugrep}/bin/grep -qE '^[a-z0-9-]+$'; then

     

       144
       144
       -
             ${pkgs.gum}/bin/gum style --foreground 196 "Invalid subdomain (use only lowercase letters, numbers, and hyphens)"

     

       145
       145
       -
             exit 1

     

       184
       184
       +
           # Validate tunnel name (only for http subdomains)

     

       185
       185
       +
           if [ "$protocol" = "http" ]; then

     

       186
       186
       +
             if ! echo "$tunnel_name" | ${pkgs.gnugrep}/bin/grep -qE '^[a-z0-9-]+$'; then

     

       187
       187
       +
               ${pkgs.gum}/bin/gum style --foreground 196 "Invalid subdomain (use only lowercase letters, numbers, and hyphens)"

     

       188
       188
       +
               exit 1

     

       189
       189
       +
             fi

     

       146
       190
        
           fi

     

       147
       191
        
       

     

       148
       192
        
           # Get port (skip if loaded from saved config)

     
···

       164
       208
        
             exit 1

     

       165
       209
        
           fi

     

       166
       210
        
       

     

       167
       167
       -
           # Get optional label and save flag (skip if loaded from saved config)

     

       211
       211
       +
           # Get optional protocol, label and save flag (skip if loaded from saved config)

     

       168
       212
        
           save_config=false

     

       169
       213
        
           if [ -z "$label" ]; then

     

       170
       214
        
             shift 2 2>/dev/null || true

     

       171
       215
        
             while [[ $# -gt 0 ]]; do

     

       172
       216
        
               case "$1" in

     

       217
       217
       +
                 --protocol|-p)

     

       218
       218
       +
                   protocol="$2"

     

       219
       219
       +
                   shift 2

     

       220
       220
       +
                   ;;

     

       173
       221
        
                 --label|-l)

     

       174
       222
        
                   label="$2"

     

       175
       223
        
                   shift 2

     
···

       184
       232
        
               esac

     

       185
       233
        
             done

     

       186
       234
        
             

     

       235
       235
       +
             # Prompt for protocol if not provided via flag and not loaded from saved config and not already set

     

       236
       236
       +
             if [ -z "$protocol" ]; then

     

       237
       237
       +
               protocol=$(${pkgs.gum}/bin/gum choose --header "Protocol:" "http" "tcp" "udp")

     

       238
       238
       +
               if [ -z "$protocol" ]; then

     

       239
       239
       +
                 protocol="http"

     

       240
       240
       +
               fi

     

       241
       241
       +
             fi

     

       242
       242
       +
             

     

       187
       243
        
             # Prompt for label if not provided via flag and not loaded from saved config

     

       188
       244
        
             if [ -z "$label" ]; then

     

       189
       189
       -
               echo

     

       190
       245
        
               # Allow multiple labels selection

     

       191
       246
        
               labels=$(${pkgs.gum}/bin/gum choose --no-limit --header "Labels (select multiple):" "dev" "prod" "custom")

     

       192
       247
        
               

     
···

       205
       260
        
                 label=$(echo "$labels" | ${pkgs.coreutils}/bin/tr '\n' ',' | ${pkgs.gnused}/bin/sed 's/,$//')

     

       206
       261
        
               fi

     

       207
       262
        
             fi

     

       263
       263
       +
           fi

     

       264
       264
       +
           

     

       265
       265
       +
           # Default protocol to http if still not set

     

       266
       266
       +
           if [ -z "$protocol" ]; then

     

       267
       267
       +
             protocol="http"

     

       208
       268
        
           fi

     

       209
       269
        
       

     

       210
       270
        
           # Check if local port is accessible

     
···

       215
       275
        
           # Save configuration if requested

     

       216
       276
        
           if [ "$save_config" = true ]; then

     

       217
       277
        
             # Check if tunnel already exists in TOML

     

       218
       218
       -
             if [ -f "$CONFIG_FILE" ] && ${pkgs.gnugrep}/bin/grep -q "^\[$subdomain\]" "$CONFIG_FILE"; then

     

       278
       278
       +
             if [ -f "$CONFIG_FILE" ] && ${pkgs.gnugrep}/bin/grep -q "^\[$tunnel_name\]" "$CONFIG_FILE"; then

     

       219
       279
        
               # Update existing entry

     

       220
       220
       -
               ${pkgs.gnused}/bin/sed -i "/^\[$subdomain\]/,/^\[/{ 

     

       280
       280
       +
               ${pkgs.gnused}/bin/sed -i "/^\[$tunnel_name\]/,/^\[/{ 

     

       221
       281
        
                 s/^port[[:space:]]*=.*/port = $port/

     

       282
       282
       +
                 s/^protocol[[:space:]]*=.*/protocol = \"$protocol\"/

     

       222
       283
        
                 ''${label:+s/^label[[:space:]]*=.*/label = \"$label\"/}

     

       223
       284
        
               }" "$CONFIG_FILE"

     

       224
       285
        
             else

     

       225
       286
        
               # Append new entry

     

       226
       287
        
               {

     

       227
       288
        
                 echo ""

     

       228
       228
       -
                 echo "[$subdomain]"

     

       289
       289
       +
                 echo "[$tunnel_name]"

     

       229
       290
        
                 echo "port = $port"

     

       291
       291
       +
                 if [ "$protocol" != "http" ]; then

     

       292
       292
       +
                   echo "protocol = \"$protocol\""

     

       293
       293
       +
                 fi

     

       230
       294
        
                 if [ -n "$label" ]; then

     

       231
       295
        
                   echo "label = \"$label\""

     

       232
       296
        
                 fi

     
···

       241
       305
        
           config_file=$(${pkgs.coreutils}/bin/mktemp)

     

       242
       306
        
           trap "${pkgs.coreutils}/bin/rm -f $config_file" EXIT

     

       243
       307
        
       

     

       244
       244
       -
           # Encode label into proxy name if provided (format: subdomain[label1,label2])

     

       245
       245
       -
           proxy_name="$subdomain"

     

       308
       308
       +
           # Encode label into proxy name if provided (format: tunnel_name[label1,label2])

     

       309
       309
       +
           proxy_name="$tunnel_name"

     

       246
       310
        
           if [ -n "$label" ]; then

     

       247
       247
       -
             proxy_name="''${subdomain}[''${label}]"

     

       311
       311
       +
             proxy_name="''${tunnel_name}[''${label}]"

     

       248
       312
        
           fi

     

       249
       313
        
       

     

       250
       250
       -
           ${pkgs.coreutils}/bin/cat > $config_file <<EOF

     

       314
       314
       +
           # Build proxy configuration based on protocol

     

       315
       315
       +
           if [ "$protocol" = "http" ]; then

     

       316
       316
       +
             ${pkgs.coreutils}/bin/cat > $config_file <<EOF

     

       251
       317
        
           serverAddr = "${cfg.serverAddr}"

     

       252
       318
        
           serverPort = ${toString cfg.serverPort}

     

       253
       319
        
       

     
···

       260
       326
        
           type = "http"

     

       261
       327
        
           localIP = "127.0.0.1"

     

       262
       328
        
           localPort = $port

     

       263
       263
       -
           subdomain = "$subdomain"

     

       329
       329
       +
           subdomain = "$tunnel_name"

     

       264
       330
        
           EOF

     

       331
       331
       +
           elif [ "$protocol" = "tcp" ] || [ "$protocol" = "udp" ]; then

     

       332
       332
       +
             # For TCP/UDP, enable admin API to query allocated port

     

       333
       333
       +
             # Use Python to find a free port (cross-platform and guaranteed to work)

     

       334
       334
       +
             admin_port=$(${pkgs.python3}/bin/python3 -c 'import socket; s=socket.socket(); s.bind(("", 0)); print(s.getsockname()[1]); s.close()')

     

       335
       335
       +
             

     

       336
       336
       +
             ${pkgs.coreutils}/bin/cat > $config_file <<EOF

     

       337
       337
       +
           serverAddr = "${cfg.serverAddr}"

     

       338
       338
       +
           serverPort = ${toString cfg.serverPort}

     

       339
       339
       +
       

     

       340
       340
       +
           auth.method = "token"

     

       341
       341
       +
           auth.tokenSource.type = "file"

     

       342
       342
       +
           auth.tokenSource.file.path = "${cfg.authTokenFile}"

     

       343
       343
       +
           

     

       344
       344
       +
           webServer.addr = "127.0.0.1"

     

       345
       345
       +
           webServer.port = $admin_port

     

       346
       346
       +
       

     

       347
       347
       +
           [[proxies]]

     

       348
       348
       +
           name = "$proxy_name"

     

       349
       349
       +
           type = "$protocol"

     

       350
       350
       +
           localIP = "127.0.0.1"

     

       351
       351
       +
           localPort = $port

     

       352
       352
       +
           remotePort = 0

     

       353
       353
       +
           EOF

     

       354
       354
       +
           else

     

       355
       355
       +
             ${pkgs.gum}/bin/gum style --foreground 196 "Invalid protocol: $protocol (must be http, tcp, or udp)"

     

       356
       356
       +
             exit 1

     

       357
       357
       +
           fi

     

       265
       358
        
       

     

       266
       359
        
           # Start tunnel

     

       267
       267
       -
           public_url="https://$subdomain.${cfg.domain}"

     

       268
       360
        
           echo

     

       269
       361
        
           ${pkgs.gum}/bin/gum style --foreground 35 "✓ Tunnel configured"

     

       270
       270
       -
           ${pkgs.gum}/bin/gum style --foreground 117 "  Local:  localhost:$port"

     

       271
       271
       -
           ${pkgs.gum}/bin/gum style --foreground 117 "  Public: $public_url"

     

       362
       362
       +
           ${pkgs.gum}/bin/gum style --foreground 117 "  Local:    localhost:$port"

     

       363
       363
       +
           if [ "$protocol" = "http" ]; then

     

       364
       364
       +
             public_url="https://$tunnel_name.${cfg.domain}"

     

       365
       365
       +
             ${pkgs.gum}/bin/gum style --foreground 117 "  Public:   $public_url"

     

       366
       366
       +
           else

     

       367
       367
       +
             ${pkgs.gum}/bin/gum style --foreground 117 "  Protocol: $protocol"

     

       368
       368
       +
             ${pkgs.gum}/bin/gum style --foreground 214 "  Waiting for server to allocate port..."

     

       369
       369
       +
           fi

     

       272
       370
        
           echo

     

       273
       371
        
           ${pkgs.gum}/bin/gum style --foreground 214 "Connecting to ${cfg.serverAddr}:${toString cfg.serverPort}..."

     

       372
       372
       +
           echo

     

       274
       373
        
       

     

       275
       275
       -
           exec ${pkgs.frp}/bin/frpc -c $config_file

     

       374
       374
       +
           # For TCP/UDP, capture output to parse allocated port

     

       375
       375
       +
           if [ "$protocol" = "tcp" ] || [ "$protocol" = "udp" ]; then

     

       376
       376
       +
             # Start frpc in background and capture its PID

     

       377
       377
       +
             ${pkgs.frp}/bin/frpc -c $config_file 2>&1 | while IFS= read -r line; do

     

       378
       378
       +
               echo "$line"

     

       379
       379
       +
               

     

       380
       380
       +
               # Look for successful proxy start

     

       381
       381
       +
               if echo "$line" | ${pkgs.gnugrep}/bin/grep -q "start proxy success"; then

     

       382
       382
       +
                 # Wait a moment for the proxy to fully initialize

     

       383
       383
       +
                 sleep 1

     

       384
       384
       +
                 

     

       385
       385
       +
                 # Query the frpc admin API for proxy status

     

       386
       386
       +
                 proxy_status=$(${pkgs.curl}/bin/curl -s http://127.0.0.1:$admin_port/api/status 2>/dev/null || echo "{}")

     

       387
       387
       +
                 

     

       388
       388
       +
                 # Try to extract remote port from JSON response

     

       389
       389
       +
                 # Format: "remote_addr":"bore.dunkirk.sh:20097"

     

       390
       390
       +
                 remote_addr=$(echo "$proxy_status" | ${pkgs.jq}/bin/jq -r ".tcp[]? | select(.name == \"$proxy_name\") | .remote_addr" 2>/dev/null)

     

       391
       391
       +
                 if [ -z "$remote_addr" ] || [ "$remote_addr" = "null" ]; then

     

       392
       392
       +
                   remote_addr=$(echo "$proxy_status" | ${pkgs.jq}/bin/jq -r ".udp[]? | select(.name == \"$proxy_name\") | .remote_addr" 2>/dev/null)

     

       393
       393
       +
                 fi

     

       394
       394
       +
                 

     

       395
       395
       +
                 # Extract just the port number

     

       396
       396
       +
                 remote_port=$(echo "$remote_addr" | ${pkgs.gnugrep}/bin/grep -oP ':\K[0-9]+$')

     

       397
       397
       +
                 

     

       398
       398
       +
                 if [ -n "$remote_port" ] && [ "$remote_port" != "null" ]; then

     

       399
       399
       +
                   echo

     

       400
       400
       +
                   ${pkgs.gum}/bin/gum style --foreground 35 "✓ Tunnel established"

     

       401
       401
       +
                   ${pkgs.gum}/bin/gum style --foreground 117 "  Local:  localhost:$port"

     

       402
       402
       +
                   ${pkgs.gum}/bin/gum style --foreground 117 "  Remote: ${cfg.serverAddr}:$remote_port"

     

       403
       403
       +
                   ${pkgs.gum}/bin/gum style --foreground 117 "  Type:   $protocol"

     

       404
       404
       +
                   echo

     

       405
       405
       +
                 fi

     

       406
       406
       +
               fi

     

       407
       407
       +
             done

     

       408
       408
       +
           else

     

       409
       409
       +
             exec ${pkgs.frp}/bin/frpc -c $config_file

     

       410
       410
       +
           fi

     

       276
       411
        
         '';

     

       277
       412
        
       

     

       278
       413
        
         bore = pkgs.stdenv.mkDerivation {

+48

modules/nixos/services/bore/README.md

···

       1
       1
       +
       # Bore

     

       2
       2
       +
       

     

       3
       3
       +
       ![screenshot](https://hc-cdn.hel1.your-objectstorage.com/s/v3/7652f29dacb8f76d_screenshot_2025-12-09_at_16.57.47.png)

     

       4
       4
       +
       

     

       5
       5
       +
       Bore is a lightweight wrapper around `frp` which provides a dashboard and a nice `gum` based cli. It supports HTTP, TCP, and UDP tunneling. If you would like to run this in your own nix flake then simplify vendor this folder and `./modules/home/bore` and import the folders into the appropriate home manager and nixos configurations.

     

       6
       6
       +
       

     

       7
       7
       +
       ## Client Configuration

     

       8
       8
       +
       

     

       9
       9
       +
       ```nix

     

       10
       10
       +
       atelier = {

     

       11
       11
       +
           bore = {

     

       12
       12
       +
               enable = true;

     

       13
       13
       +
               authTokenFile = osConfig.age.secrets.bore.path

     

       14
       14
       +
           };

     

       15
       15
       +
       }

     

       16
       16
       +
       ```

     

       17
       17
       +
       

     

       18
       18
       +
       and be sure to have a definition for your agenix secret in the osConfig as well:

     

       19
       19
       +
       

     

       20
       20
       +
       ```nix

     

       21
       21
       +
       age = {

     

       22
       22
       +
           identityPaths = [

     

       23
       23
       +
               "path/to/ssh/key"

     

       24
       24
       +
           ];

     

       25
       25
       +
           secrets = {

     

       26
       26
       +
               bore = {

     

       27
       27
       +
                   file = ./path/to/bore.age;

     

       28
       28
       +
                   owner = "username";

     

       29
       29
       +
               };

     

       30
       30
       +
           };

     

       31
       31
       +
       }

     

       32
       32
       +
       ```

     

       33
       33
       +
       

     

       34
       34
       +
       ## Server Configuration

     

       35
       35
       +
       

     

       36
       36
       +
       For TCP and UDP tunneling support, configure the server with allowed port ranges:

     

       37
       37
       +
       

     

       38
       38
       +
       ```nix

     

       39
       39
       +
       atelier.services.frps = {

     

       40
       40
       +
           enable = true;

     

       41
       41
       +
           domain = "bore.dunkirk.sh";

     

       42
       42
       +
           authTokenFile = config.age.secrets.bore.path;

     

       43
       43
       +
           allowedTCPPorts = [ 20000 20001 20002 20003 20004 ];

     

       44
       44
       +
           allowedUDPPorts = [ 20000 20001 20002 20003 20004 ];

     

       45
       45
       +
       };

     

       46
       46
       +
       ```

     

       47
       47
       +
       

     

       48
       48
       +
       The secret file is just a oneline file with the key in it. If you do end up deploying this feel free to email me and let me know! I would love to hear about your setup!

+23 -2

modules/nixos/services/bore/bore.nix

···

       29
       29
        
             description = "Port for HTTP virtual host traffic";

     

       30
       30
        
           };

     

       31
       31
        
       

     

       32
       32
       +
           allowedTCPPorts = lib.mkOption {

     

       33
       33
       +
             type = lib.types.listOf lib.types.port;

     

       34
       34
       +
             default = lib.lists.range 20000 20099;

     

       35
       35
       +
             example = [ 20000 20001 20002 20003 20004 ];

     

       36
       36
       +
             description = "TCP port range to allow for TCP tunnels (default: 20000-20099)";

     

       37
       37
       +
           };

     

       38
       38
       +
       

     

       39
       39
       +
           allowedUDPPorts = lib.mkOption {

     

       40
       40
       +
             type = lib.types.listOf lib.types.port;

     

       41
       41
       +
             default = lib.lists.range 20000 20099;

     

       42
       42
       +
             example = [ 20000 20001 20002 20003 20004 ];

     

       43
       43
       +
             description = "UDP port range to allow for UDP tunnels (default: 20000-20099)";

     

       44
       44
       +
           };

     

       45
       45
       +
       

     

       32
       46
        
           authToken = lib.mkOption {

     

       33
       47
        
             type = lib.types.nullOr lib.types.str;

     

       34
       48
        
             default = null;

     
···

       62
       76
        
             }

     

       63
       77
        
           ];

     

       64
       78
        
       

     

       65
       65
       -
           # Open firewall port for frp control connection

     

       66
       66
       -
           networking.firewall.allowedTCPPorts = [ cfg.bindPort ];

     

       79
       79
       +
           # Open firewall ports for frp control connection and TCP/UDP tunnels

     

       80
       80
       +
           networking.firewall.allowedTCPPorts = [ cfg.bindPort ] ++ cfg.allowedTCPPorts;

     

       81
       81
       +
           networking.firewall.allowedUDPPorts = cfg.allowedUDPPorts;

     

       67
       82
        
       

     

       68
       83
        
           # frp server service

     

       69
       84
        
           systemd.services.frps =

     
···

       93
       108
        
       

     

       94
       109
        
                 # Subdomain support for *.${cfg.domain}

     

       95
       110
        
                 subDomainHost = "${cfg.domain}"

     

       111
       111
       +
                 

     

       112
       112
       +
                 # Allow port ranges for TCP/UDP tunnels

     

       113
       113
       +
                 # Format: [[{"start": 20000, "end": 20099}]]

     

       114
       114
       +
                 allowPorts = [

     

       115
       115
       +
                   { start = 20000, end = 20099 }

     

       116
       116
       +
                 ]

     

       96
       117
        
       

     

       97
       118
        
                 # Custom 404 page

     

       98
       119
        
                 custom404Page = "${./404.html}"

+11

modules/nixos/services/bore/bore.toml.example

···

       6
       6
        
       

     

       7
       7
        
       [api]

     

       8
       8
        
       port = 3000

     

       9
       9
       +
       protocol = "http"

     

       9
       10
        
       label = "dev"

     

       10
       11
        
       

     

       11
       12
        
       [frontend]

     

       12
       13
        
       port = 5173

     

       13
       14
        
       label = "local"

     

       15
       15
       +
       

     

       16
       16
       +
       [database]

     

       17
       17
       +
       port = 5432

     

       18
       18
       +
       protocol = "tcp"

     

       19
       19
       +
       label = "postgres"

     

       20
       20
       +
       

     

       21
       21
       +
       [game-server]

     

       22
       22
       +
       port = 27015

     

       23
       23
       +
       protocol = "udp"

     

       24
       24
       +
       label = "game"

Compare changes