From 7758750cc864af76620c93931ce96089c2ed8ae6 Mon Sep 17 00:00:00 2001 From: stuebinm Date: Mon, 28 Oct 2024 13:15:22 +0100 Subject: chaski: a little headscale to play around with --- chaski/configuration.nix | 1 + chaski/services/headscale.nix | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 chaski/services/headscale.nix (limited to 'chaski') diff --git a/chaski/configuration.nix b/chaski/configuration.nix index da8fdaf..6339d32 100644 --- a/chaski/configuration.nix +++ b/chaski/configuration.nix @@ -12,6 +12,7 @@ ./services/chat.nix ./services/bahnhof-name.nix ./services/conduit.nix + ./services/headscale.nix ]; sops.defaultSopsFile = ../secrets/chaski.yaml; diff --git a/chaski/services/headscale.nix b/chaski/services/headscale.nix new file mode 100644 index 0000000..8240d93 --- /dev/null +++ b/chaski/services/headscale.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +{ + services.headscale = { + enable = true; + settings = { + server_url = "https://headscale.noms.ing"; + listen_addr = "127.0.0.1:8323"; + + # oidc = { + # only_start_if_oidc_is_available = true; + # issuer = "https://idm.cuties.network/oauth2/openid/headscale"; + # client_id = "headscale"; + # client_secret_path = "/run/secrets/headscale_oidc_secret"; + # strip_email_domain = true; + # }; + + dns_config.magic_dns = true; + dns_config.domains = [ "nodes.headscale.noms.ing" ]; + # dns_config.base_domain = "ts.cuties.network"; + }; + }; + + users.users.headscale.extraGroups = [ config.users.groups.keys.name ]; + # sops.secrets.headscale_oidc_secret = { + # owner = config.users.users.headscale.name; + # sopsFile = ./headscale.sops.yaml; + # }; + + services.nginx.virtualHosts."headscale.noms.ing" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:8323"; + proxyWebsockets = true; + }; + }; + + services.tailscale.enable = true; +} -- cgit v1.2.3