summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorstuebinm2024-10-28 13:15:22 +0100
committerstuebinm2024-10-28 13:15:22 +0100
commit7758750cc864af76620c93931ce96089c2ed8ae6 (patch)
treefd561ebdf96a39bb46d11ec39772e7332eb0beab
parente56a4d64a9bdba7f706c893f894492b2eea949a5 (diff)
chaski: a little headscale to play around with
-rw-r--r--chaski/configuration.nix1
-rw-r--r--chaski/services/headscale.nix40
2 files changed, 41 insertions, 0 deletions
diff --git a/chaski/configuration.nix b/chaski/configuration.nix
index da8fdaf..6339d32 100644
--- a/chaski/configuration.nix
+++ b/chaski/configuration.nix
@@ -12,6 +12,7 @@
./services/chat.nix
./services/bahnhof-name.nix
./services/conduit.nix
+ ./services/headscale.nix
];
sops.defaultSopsFile = ../secrets/chaski.yaml;
diff --git a/chaski/services/headscale.nix b/chaski/services/headscale.nix
new file mode 100644
index 0000000..8240d93
--- /dev/null
+++ b/chaski/services/headscale.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+{
+ services.headscale = {
+ enable = true;
+ settings = {
+ server_url = "https://headscale.noms.ing";
+ listen_addr = "127.0.0.1:8323";
+
+ # oidc = {
+ # only_start_if_oidc_is_available = true;
+ # issuer = "https://idm.cuties.network/oauth2/openid/headscale";
+ # client_id = "headscale";
+ # client_secret_path = "/run/secrets/headscale_oidc_secret";
+ # strip_email_domain = true;
+ # };
+
+ dns_config.magic_dns = true;
+ dns_config.domains = [ "nodes.headscale.noms.ing" ];
+ # dns_config.base_domain = "ts.cuties.network";
+ };
+ };
+
+ users.users.headscale.extraGroups = [ config.users.groups.keys.name ];
+ # sops.secrets.headscale_oidc_secret = {
+ # owner = config.users.users.headscale.name;
+ # sopsFile = ./headscale.sops.yaml;
+ # };
+
+ services.nginx.virtualHosts."headscale.noms.ing" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://localhost:8323";
+ proxyWebsockets = true;
+ };
+ };
+
+ services.tailscale.enable = true;
+}