summaryrefslogtreecommitdiff
path: root/chaski
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--chaski/configuration.nix2
-rw-r--r--chaski/services/headscale.nix40
2 files changed, 41 insertions, 1 deletions
diff --git a/chaski/configuration.nix b/chaski/configuration.nix
index da8fdaf..0271e0f 100644
--- a/chaski/configuration.nix
+++ b/chaski/configuration.nix
@@ -12,13 +12,13 @@
./services/chat.nix
./services/bahnhof-name.nix
./services/conduit.nix
+ ./services/headscale.nix
];
sops.defaultSopsFile = ../secrets/chaski.yaml;
# This will automatically import SSH keys as age keys
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
- environment.noXlibs = true;
services.nginx.enable = true;
services.nginx.package = pkgs.nginx.override { gd = null; };
diff --git a/chaski/services/headscale.nix b/chaski/services/headscale.nix
new file mode 100644
index 0000000..8240d93
--- /dev/null
+++ b/chaski/services/headscale.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+{
+ services.headscale = {
+ enable = true;
+ settings = {
+ server_url = "https://headscale.noms.ing";
+ listen_addr = "127.0.0.1:8323";
+
+ # oidc = {
+ # only_start_if_oidc_is_available = true;
+ # issuer = "https://idm.cuties.network/oauth2/openid/headscale";
+ # client_id = "headscale";
+ # client_secret_path = "/run/secrets/headscale_oidc_secret";
+ # strip_email_domain = true;
+ # };
+
+ dns_config.magic_dns = true;
+ dns_config.domains = [ "nodes.headscale.noms.ing" ];
+ # dns_config.base_domain = "ts.cuties.network";
+ };
+ };
+
+ users.users.headscale.extraGroups = [ config.users.groups.keys.name ];
+ # sops.secrets.headscale_oidc_secret = {
+ # owner = config.users.users.headscale.name;
+ # sopsFile = ./headscale.sops.yaml;
+ # };
+
+ services.nginx.virtualHosts."headscale.noms.ing" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://localhost:8323";
+ proxyWebsockets = true;
+ };
+ };
+
+ services.tailscale.enable = true;
+}