OK so I installed the cloudflared package but I don’t see any options for configuring it 
Does anybody have a handy guide I could use? I just want to get cloudflared working with Zero Trust Dashboard, hoping not to do any config in the CLI or anything like that.
FWIW I was able to login using cloudflared tunnel list but I don’t know how to run cloudflared as a daemon on NixOS.
We have a nix module in the works. I don’t know how the dashboard work yet, but I can take a look.
There’s a token if you check the instructions for docker. I’m guessing you should be able to run the tunnel with:
cloudflared tunnel --no-autoupdate run --token <token>
If it works, you could use something like this in your config:
{
users.users.cloudflared = {
group = "cloudflared";
isSystemUser = true;
};
users.groups.cloudflared = { };
systemd.services.my_tunnel = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token=<token>";
Restart = "always";
User = "cloudflared";
Group = "cloudflared";
};
};
}
Note that ideally, --credentials-file should be used instead of --token since that token is sensitive.
I’ll take a look to see how it could work with the WIP nixos module.
@bbigras OK I spoke little too soon.
Tunnel works great when started up manually from command line. But it doesn’t start correctly when the machine boots:
May 12 07:42:50 nixos systemd[1]: Started cloudflared.service.
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z INF Starting tunnel tunnelID=*****
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z INF Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~>
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z INF Version 2022.5.0
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z INF GOOS: linux, GOVersion: go1.17.9, GoArch: amd64
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z INF Settings: map[no-autoupdate:true token:*****]
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z INF Generated Connector ID: *****
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z INF Will be fetching remotely managed configuration from Cloudflare API. Defaulting to protocol: quic
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z INF Initial protocol quic
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z ERR update check failed error="Get \"https://update.argotunnel.com?arch=amd64&clientVersion=2022.5.0&o>
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z ERR Error looking up Cloudflare edge IPs: the DNS query failed error="lookup _origintunneld._tcp.argot>
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z ERR Please try the following things to diagnose this issue:
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z ERR 1. ensure that argotunnel.com is returning "origintunneld" service records.
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z ERR Run your system's equivalent of: dig srv _origintunneld._tcp.argotunnel.com
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z ERR 2. ensure that your DNS resolver is not returning compressed SRV records.
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z ERR See GitHub issue https://github.com/golang/go/issues/27546
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z ERR For example, you could use Cloudflare's 1.1.1.1 as your resolver:
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z ERR https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z INF Tunnel server stopped
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z ERR Initiating shutdown error="Could not lookup srv records on _origintunneld._tcp.argotunnel.com: loo>
May 12 07:42:50 nixos cloudflared[726]: 2022-05-12T11:42:50Z INF Starting metrics server on 127.0.0.1:35203/metrics
May 12 07:42:51 nixos cloudflared[726]: 2022-05-12T11:42:51Z INF Metrics server stopped
May 12 07:42:51 nixos cloudflared[726]: Could not lookup srv records on _origintunneld._tcp.argotunnel.com: lookup _origintunneld._tcp.argotunnel.com on [::1]:53: >
May 12 07:42:51 nixos systemd[1]: cloudflared.service: Main process exited, code=exited, status=1/FAILURE
May 12 07:42:51 nixos systemd[1]: cloudflared.service: Failed with result 'exit-code'.
May 12 07:42:51 nixos systemd[1]: cloudflared.service: Consumed 52ms CPU time, received 0B IP traffic, sent 160B IP traffic.
May 12 07:42:51 nixos systemd[1]: cloudflared.service: Scheduled restart job, restart counter is at 5.
May 12 07:42:51 nixos systemd[1]: Stopped cloudflared.service.
May 12 07:42:51 nixos systemd[1]: cloudflared.service: Consumed 52ms CPU time, received 0B IP traffic, sent 160B IP traffic.
May 12 07:42:51 nixos systemd[1]: cloudflared.service: Start request repeated too quickly.
May 12 07:42:51 nixos systemd[1]: cloudflared.service: Failed with result 'exit-code'.
May 12 07:42:51 nixos systemd[1]: Failed to start cloudflared.service.
Seems like DNS resolver isn’t accepting queries when cloudflared service tries to start?
maybe try with:
after = [ "network-online.target" "systemd-resolved.service" ];
That did the trick. Thanks again!
@bbigras hey there just checking in, is the solution above still the preferred way to use cloudflared tunnels?
You might want to try nixos/cloudflared: init by bbigras · Pull Request #171875 · NixOS/nixpkgs · GitHub which was recently merged.