diff options
Diffstat (limited to '')
| -rw-r--r-- | chaski/services/headscale.nix | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/chaski/services/headscale.nix b/chaski/services/headscale.nix new file mode 100644 index 0000000..8240d93 --- /dev/null +++ b/chaski/services/headscale.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +{ + services.headscale = { + enable = true; + settings = { + server_url = "https://headscale.noms.ing"; + listen_addr = "127.0.0.1:8323"; + + # oidc = { + # only_start_if_oidc_is_available = true; + # issuer = "https://idm.cuties.network/oauth2/openid/headscale"; + # client_id = "headscale"; + # client_secret_path = "/run/secrets/headscale_oidc_secret"; + # strip_email_domain = true; + # }; + + dns_config.magic_dns = true; + dns_config.domains = [ "nodes.headscale.noms.ing" ]; + # dns_config.base_domain = "ts.cuties.network"; + }; + }; + + users.users.headscale.extraGroups = [ config.users.groups.keys.name ]; + # sops.secrets.headscale_oidc_secret = { + # owner = config.users.users.headscale.name; + # sopsFile = ./headscale.sops.yaml; + # }; + + services.nginx.virtualHosts."headscale.noms.ing" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:8323"; + proxyWebsockets = true; + }; + }; + + services.tailscale.enable = true; +} |