ryan.freumh.org / eilean-nix
Self-host your own digital island
fork atom
eilean-nix / modules / headscale.nix
at 1adabcca1858ebb85bb6049e70e7faf85f7c524c 1.8 kB view raw
1{ pkgs, config, lib, ... }: 2 3with lib; 4let cfg = config.eilean; 5in { 6 options.eilean.headscale = with lib; { 7 enable = mkEnableOption "headscale"; 8 zone = mkOption { 9 type = types.str; 10 default = config.networking.domain; 11 defaultText = "config.networking.domain"; 12 }; 13 domain = mkOption { 14 type = types.str; 15 default = "headscale.${config.networking.domain}"; 16 defaultText = "headscale.$\${config.networking.domain}"; 17 }; 18 }; 19 20 config = mkIf cfg.headscale.enable { 21 # To set up: 22 # `headscale namespaces create <namespace_name>` 23 # To add a node: 24 # `headscale --namespace <namespace_name> nodes register --key <machine_key>` 25 services.headscale = { 26 enable = true; 27 # address = "127.0.0.1"; 28 port = 10000; 29 settings = { 30 server_url = "https://${cfg.headscale.domain}"; 31 logtail.enabled = false; 32 ip_prefixes = [ "100.64.0.0/10" "fd7a:115c:a1e0::/48" ]; 33 dns_config = { 34 # magicDns = true; 35 nameservers = config.networking.nameservers; 36 base_domain = "${cfg.headscale.zone}"; 37 }; 38 }; 39 }; 40 41 services.nginx = { 42 enable = true; 43 virtualHosts.${cfg.headscale.domain} = { 44 forceSSL = true; 45 enableACME = true; 46 locations."/" = { 47 proxyPass = with config.services.headscale; 48 "http://${address}:${toString port}"; 49 proxyWebsockets = true; 50 }; 51 }; 52 }; 53 54 environment.systemPackages = [ config.services.headscale.package ]; 55 56 eilean.dns.enable = true; 57 eilean.services.dns.zones.${cfg.headscale.zone}.records = [{ 58 name = "${cfg.headscale.domain}."; 59 type = "CNAME"; 60 data = cfg.domainName; 61 }]; 62 }; 63}