diff options
Diffstat (limited to '')
| -rw-r--r-- | chaski/configuration.nix | 2 | ||||
| -rw-r--r-- | chaski/services/chat.nix | 2 | ||||
| -rw-r--r-- | chaski/services/headscale.nix | 40 |
3 files changed, 42 insertions, 2 deletions
diff --git a/chaski/configuration.nix b/chaski/configuration.nix index da8fdaf..0271e0f 100644 --- a/chaski/configuration.nix +++ b/chaski/configuration.nix @@ -12,13 +12,13 @@ ./services/chat.nix ./services/bahnhof-name.nix ./services/conduit.nix + ./services/headscale.nix ]; sops.defaultSopsFile = ../secrets/chaski.yaml; # This will automatically import SSH keys as age keys sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - environment.noXlibs = true; services.nginx.enable = true; services.nginx.package = pkgs.nginx.override { gd = null; }; diff --git a/chaski/services/chat.nix b/chaski/services/chat.nix index 6d26ada..484a3b9 100644 --- a/chaski/services/chat.nix +++ b/chaski/services/chat.nix @@ -4,7 +4,7 @@ # (and not deal with having an irc relay) { - imports = [ inputs.home-manager.nixosModule ]; + imports = [ inputs.home-manager.nixosModules.default ]; programs.mosh.enable = true; programs.fish.enable = true; diff --git a/chaski/services/headscale.nix b/chaski/services/headscale.nix new file mode 100644 index 0000000..80153e4 --- /dev/null +++ b/chaski/services/headscale.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +{ + # services.headscale = { + # enable = true; + # settings = { + # server_url = "https://headscale.noms.ing"; + # listen_addr = "127.0.0.1:8323"; + + # # oidc = { + # # only_start_if_oidc_is_available = true; + # # issuer = "https://idm.cuties.network/oauth2/openid/headscale"; + # # client_id = "headscale"; + # # client_secret_path = "/run/secrets/headscale_oidc_secret"; + # # strip_email_domain = true; + # # }; + + # # dns_config.magic_dns = true; + # # dns_config.domains = [ "nodes.headscale.noms.ing" ]; + # # dns_config.base_domain = "ts.cuties.network"; + # }; + # }; + + # users.users.headscale.extraGroups = [ config.users.groups.keys.name ]; + # sops.secrets.headscale_oidc_secret = { + # owner = config.users.users.headscale.name; + # sopsFile = ./headscale.sops.yaml; + # }; + + services.nginx.virtualHosts."headscale.noms.ing" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:8323"; + proxyWebsockets = true; + }; + }; + + # services.tailscale.enable = true; +} |