summaryrefslogtreecommitdiff
path: root/chaski/services/headscale.nix
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--chaski/services/headscale.nix40
1 files changed, 40 insertions, 0 deletions
diff --git a/chaski/services/headscale.nix b/chaski/services/headscale.nix
new file mode 100644
index 0000000..8240d93
--- /dev/null
+++ b/chaski/services/headscale.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+{
+ services.headscale = {
+ enable = true;
+ settings = {
+ server_url = "https://headscale.noms.ing";
+ listen_addr = "127.0.0.1:8323";
+
+ # oidc = {
+ # only_start_if_oidc_is_available = true;
+ # issuer = "https://idm.cuties.network/oauth2/openid/headscale";
+ # client_id = "headscale";
+ # client_secret_path = "/run/secrets/headscale_oidc_secret";
+ # strip_email_domain = true;
+ # };
+
+ dns_config.magic_dns = true;
+ dns_config.domains = [ "nodes.headscale.noms.ing" ];
+ # dns_config.base_domain = "ts.cuties.network";
+ };
+ };
+
+ users.users.headscale.extraGroups = [ config.users.groups.keys.name ];
+ # sops.secrets.headscale_oidc_secret = {
+ # owner = config.users.users.headscale.name;
+ # sopsFile = ./headscale.sops.yaml;
+ # };
+
+ services.nginx.virtualHosts."headscale.noms.ing" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://localhost:8323";
+ proxyWebsockets = true;
+ };
+ };
+
+ services.tailscale.enable = true;
+}