modules/headscale.nix at 5621ee50786a96acd2a3561ce23febe4b5893a2b · ryan.freumh.org/eilean-nix

Self-host your own digital island

eilean-nix / modules / headscale.nix

at 5621ee50786a96acd2a3561ce23febe4b5893a2b 1.6 kB view raw

 1{ pkgs, config, lib, ... }:
 2
 3let
 4  cfg = config.eilean;
 5in {
 6  options.eilean.headscale = with lib; {
 7    enable = mkEnableOption "headscale";
 8    zone = mkOption {
 9      type = types.str;
10      default = "${config.networking.domain}";
11    };
12    domain = mkOption {
13      type = types.str;
14      default = "headscale.${config.networking.domain}";
15    };
16  };
17
18  config = lib.mkIf cfg.headscale.enable {
19    # To set up:
20    #   `headscale namespaces create <namespace_name>`
21    # To add a node:
22    #   `headscale --namespace <namespace_name> nodes register --key <machine_key>`
23    services.headscale = {
24      enable = true;
25      # address = "127.0.0.1";
26      port = 10000;
27      settings = {
28        server_url = "https://${cfg.headscale.domain}";
29        logtail.enabled = false;
30        ip_prefixes = [ "100.64.0.0/10" ];
31        dns_config = {
32          # magicDns = true;
33          nameservers = config.networking.nameservers;
34          base_domain = "${cfg.headscale.zone}";
35        };
36      };
37    };
38
39    services.nginx.enable = true;  
40    services.nginx.virtualHosts.${cfg.headscale.domain} = {
41      forceSSL = true;
42      enableACME = true;
43      locations."/" = {
44        proxyPass = with config.services.headscale;
45          "http://${address}:${toString port}";
46        proxyWebsockets = true;
47      };
48    };
49
50    environment.systemPackages = [ config.services.headscale.package ];
51
52    eilean.dns.enable = true;
53    eilean.services.dns.zones.${cfg.headscale.zone}.records = [
54      {
55        name = "${cfg.headscale.domain}.";
56        type = "CNAME";
57        data = "vps";
58      }
59    ];
60  };
61}