2 files changed, 31 insertions, 21 deletions

diff --git a/modules/nixos/server/mixins/acme.nix b/modules/nixos/server/mixins/acme.nix
index 60703e6..0e4a6d6 100644
--- a/modules/nixos/server/mixins/acme.nix
+++ b/modules/nixos/server/mixins/acme.nix
@@ -23,23 +23,26 @@ in {
       {
         security.acme = {
           acceptTerms = true;
-          defaults =
-            {
-              email = "[email protected]";
-            }
-            // lib.optionalAttrs cfg.useDns {
-              dnsProvider = "cloudflare";
-            }
-            // lib.optionalAttrs cfg.manageSecrets {
-              credentialsFile = config.age.secrets.cloudflareApiKey.path;
-            };
+          defaults = {
+            email = "[email protected]";
+          };
         };
       }
 
+      (lib.mkIf cfg.useDns {
+        security.acme.defaults = {
+          dnsProvider = "cloudflare";
+        };
+      })
+
       (lib.mkIf cfg.manageSecrets {
         age.secrets = {
           cloudflareApiKey.file = secretsDir + "/cloudflareApiKey.age";
         };
+
+        security.acme.defaults = {
+          credentialsFile = config.age.secrets.cloudflareApiKey.path;
+        };
       })
     ]
   );
diff --git a/modules/nixos/server/mixins/cloudflared.nix b/modules/nixos/server/mixins/cloudflared.nix
index 5f75a35..26c0714 100644
--- a/modules/nixos/server/mixins/cloudflared.nix
+++ b/modules/nixos/server/mixins/cloudflared.nix
@@ -9,6 +9,15 @@
 in {
   options.server.mixins.cloudflared = {
     enable = lib.mkEnableOption "cloudflared mixin";
+    tunnelName = lib.mkOption {
+      type = lib.types.str;
+      default = "${config.networking.hostName}-nginx";
+      example = lib.literalExpression "my-tunnel";
+      description = lib.mdDoc ''
+        Name of the default tunnel being created
+      '';
+    };
+
     manageSecrets =
       lib.mkEnableOption "automatic secrets management"
       // {
@@ -21,18 +30,12 @@ in {
       {
         services.cloudflared = {
           enable = true;
-          tunnels = {
-            "${config.networking.hostName}-nginx" =
-              {
-                default = "http_status:404";
+          tunnels.${cfg.tunnelName} = {
+            default = "http_status:404";
 
-                ingress = lib.genAttrs (builtins.attrNames nginx.virtualHosts) (
-                  _: {service = "http://localhost:${toString nginx.defaultHTTPListenPort}";}
-                );
-              }
-              // lib.optionalAttrs cfg.manageSecrets {
-                credentialsFile = config.age.secrets.cloudflaredCreds.path;
-              };
+            ingress = lib.genAttrs (builtins.attrNames nginx.virtualHosts) (
+              _: {service = "http://localhost:${toString nginx.defaultHTTPListenPort}";}
+            );
           };
         };
       }
@@ -44,6 +47,10 @@ in {
           owner = "cloudflared";
           group = "cloudflared";
         };
+
+        services.cloudflared.tunnels.${cfg.tunnelName} = {
+          credentialsFile = config.age.secrets.cloudflaredCreds.path;
+        };
       })
     ]
   );