{ pkgs, config, lib, ... }: with lib; let cfg = config.eboskma.headscale; in { options.eboskma.headscale = { enable = mkEnableOption "headscale"; serverUrl = mkOption { description = "Server URL"; type = types.str; }; baseDomain = mkOption { description = "Tailscale MagicDNS base domain"; type = types.str; default = null; }; }; config = mkIf cfg.enable { services.headscale = { enable = true; settings = { acl_policy_path = "/var/lib/headscale/acls.yml"; dns_config = { override_local_dns = true; base_domain = cfg.baseDomain; nameservers = [ "1.1.1.1" ]; }; server_url = cfg.serverUrl; ip_prefixes = [ "fd7a:115c:a1e0::/48" "100.64.0.0/10" ]; }; }; services.caddy = { enable = true; email = "erwin@datarift.nl"; virtualHosts = { "${cfg.serverUrl}" = { extraConfig = '' reverse_proxy localhost:8080 ''; }; }; }; security.acme.acceptTerms = true; networking.firewall.allowedTCPPorts = [ 80 443 ]; environment.systemPackages = [ pkgs.headscale ]; users.users.${config.eboskma.var.mainUser}.extraGroups = [ "headscale" ]; }; }