nixos-config/modules/headscale/default.nix

{
  pkgs,
  config,
  lib,
  ...
}:
with lib;
let
  cfg = config.eboskma.headscale;
in
{
  options.eboskma.headscale = {
    enable = mkEnableOption "headscale";
    serverUrl = mkOption {
      description = "Server URL";
      type = types.str;
    };
    baseDomain = mkOption {
      description = "Tailscale MagicDNS base domain";
      type = types.str;
      default = null;
    };
  };

  config = mkIf cfg.enable {
    services.headscale = {
      enable = true;
      settings = {
        acl_policy_path = "/var/lib/headscale/acls.hujson";
        dns_config = {
          override_local_dns = true;
          base_domain = cfg.baseDomain;
          nameservers = [
            "10.0.0.254" # Home
            "192.168.4.1" # Horus
            "1.1.1.1"
          ];
          extra_records = [
            {
              name = "frigate.datarift.nl";
              type = "A";
              value = "10.0.0.251";
            }
            {
              name = "pve.datarift.nl";
              type = "A";
              value = "10.0.0.252";
            }
          ];
        };

        server_url = cfg.serverUrl;

        ip_prefixes = [
          "fd7a:115c:a1e0::/48"
          "100.64.0.0/10"
        ];
      };
    };

    services.caddy = {
      enable = true;

      email = "erwin@datarift.nl";

      virtualHosts = {
        "${cfg.serverUrl}" = {
          extraConfig = ''
            reverse_proxy localhost:8080
          '';
        };
      };
    };

    security.acme.acceptTerms = true;

    networking.firewall.allowedTCPPorts = [
      80
      443
    ];

    environment.systemPackages = [ pkgs.headscale ];

    systemd.services.headscale.environment.HEADSCALE_EXPERIMENTAL_FEATURE_SSH = "1";

    users.users.${config.eboskma.var.mainUser}.extraGroups = [ "headscale" ];
  };
}
Run nixfmt 2024-02-05 11:46:52 +01:00			`{`
			`pkgs,`
			`config,`
			`lib,`
			`...`
			`}:`
Heimdall is now a VM on Hetzner Cloud running headscale 2023-04-09 22:01:32 +02:00			`with lib;`
			`let`
			`cfg = config.eboskma.headscale;`
			`in`
			`{`
			`options.eboskma.headscale = {`
			`enable = mkEnableOption "headscale";`
			`serverUrl = mkOption {`
			`description = "Server URL";`
			`type = types.str;`
			`};`
			`baseDomain = mkOption {`
			`description = "Tailscale MagicDNS base domain";`
			`type = types.str;`
			`default = null;`
			`};`
			`};`

			`config = mkIf cfg.enable {`
			`services.headscale = {`
			`enable = true;`
			`settings = {`
headscale: Change ACL config to HuJSON 2023-04-13 08:40:05 +02:00			`acl_policy_path = "/var/lib/headscale/acls.hujson";`
Heimdall is now a VM on Hetzner Cloud running headscale 2023-04-09 22:01:32 +02:00			`dns_config = {`
			`override_local_dns = true;`
			`base_domain = cfg.baseDomain;`
			`nameservers = [`
headscale: DNS tweaks 2023-05-05 19:47:12 +02:00			`"10.0.0.254" # Home`
			`"192.168.4.1" # Horus`
Heimdall is now a VM on Hetzner Cloud running headscale 2023-04-09 22:01:32 +02:00			`"1.1.1.1"`
			`];`
headscale: DNS tweaks 2023-05-05 19:47:12 +02:00			`extra_records = [`
			`{`
			`name = "frigate.datarift.nl";`
			`type = "A";`
			`value = "10.0.0.251";`
			`}`
			`{`
			`name = "pve.datarift.nl";`
			`type = "A";`
			`value = "10.0.0.252";`
			`}`
			`];`
Heimdall is now a VM on Hetzner Cloud running headscale 2023-04-09 22:01:32 +02:00			`};`

			`server_url = cfg.serverUrl;`

			`ip_prefixes = [`
			`"fd7a:115c:a1e0::/48"`
			`"100.64.0.0/10"`
			`];`
			`};`
			`};`

			`services.caddy = {`
			`enable = true;`

			`email = "erwin@datarift.nl";`

			`virtualHosts = {`
			`"${cfg.serverUrl}" = {`
			`extraConfig = ''`
			`reverse_proxy localhost:8080`
			`'';`
			`};`
			`};`
			`};`

			`security.acme.acceptTerms = true;`

Run nixfmt 2024-02-05 11:46:52 +01:00			`networking.firewall.allowedTCPPorts = [`
			`80`
			`443`
			`];`
Heimdall is now a VM on Hetzner Cloud running headscale 2023-04-09 22:01:32 +02:00
			`environment.systemPackages = [ pkgs.headscale ];`

headscale: DNS tweaks 2023-05-05 19:47:12 +02:00			`systemd.services.headscale.environment.HEADSCALE_EXPERIMENTAL_FEATURE_SSH = "1";`

Heimdall is now a VM on Hetzner Cloud running headscale 2023-04-09 22:01:32 +02:00			`users.users.${config.eboskma.var.mainUser}.extraGroups = [ "headscale" ];`
			`};`
			`}`