diff options
author | stuebinm | 2024-10-28 13:15:22 +0100 |
---|---|---|
committer | stuebinm | 2024-10-28 13:15:22 +0100 |
commit | 7758750cc864af76620c93931ce96089c2ed8ae6 (patch) | |
tree | fd561ebdf96a39bb46d11ec39772e7332eb0beab | |
parent | e56a4d64a9bdba7f706c893f894492b2eea949a5 (diff) |
chaski: a little headscale to play around with
-rw-r--r-- | chaski/configuration.nix | 1 | ||||
-rw-r--r-- | chaski/services/headscale.nix | 40 |
2 files changed, 41 insertions, 0 deletions
diff --git a/chaski/configuration.nix b/chaski/configuration.nix index da8fdaf..6339d32 100644 --- a/chaski/configuration.nix +++ b/chaski/configuration.nix @@ -12,6 +12,7 @@ ./services/chat.nix ./services/bahnhof-name.nix ./services/conduit.nix + ./services/headscale.nix ]; sops.defaultSopsFile = ../secrets/chaski.yaml; diff --git a/chaski/services/headscale.nix b/chaski/services/headscale.nix new file mode 100644 index 0000000..8240d93 --- /dev/null +++ b/chaski/services/headscale.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +{ + services.headscale = { + enable = true; + settings = { + server_url = "https://headscale.noms.ing"; + listen_addr = "127.0.0.1:8323"; + + # oidc = { + # only_start_if_oidc_is_available = true; + # issuer = "https://idm.cuties.network/oauth2/openid/headscale"; + # client_id = "headscale"; + # client_secret_path = "/run/secrets/headscale_oidc_secret"; + # strip_email_domain = true; + # }; + + dns_config.magic_dns = true; + dns_config.domains = [ "nodes.headscale.noms.ing" ]; + # dns_config.base_domain = "ts.cuties.network"; + }; + }; + + users.users.headscale.extraGroups = [ config.users.groups.keys.name ]; + # sops.secrets.headscale_oidc_secret = { + # owner = config.users.users.headscale.name; + # sopsFile = ./headscale.sops.yaml; + # }; + + services.nginx.virtualHosts."headscale.noms.ing" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:8323"; + proxyWebsockets = true; + }; + }; + + services.tailscale.enable = true; +} |