modules/headscale.nix at adc7853f774398838c6f898a94a9b518839b11e3 · ryan.freumh.org/eilean-nix

Self-host your own digital island

eilean-nix / modules / headscale.nix

at adc7853f774398838c6f898a94a9b518839b11e3 1.6 kB view raw

 1{ pkgs, config, lib, ... }:
 2
 3let
 4  cfg = config.eilean;
 5in {
 6  options.eilean.headscale = with lib; {
 7    enable = mkEnableOption "headscale";
 8    zone = mkOption {
 9      type = types.str;
10      default = "${config.networking.domain}";
11    };
12    domain = mkOption {
13      type = types.str;
14      default = "headscale.${config.networking.domain}";
15    };
16  };
17
18  config = lib.mkIf cfg.headscale.enable {
19    # To set up:
20    #   `headscale namespaces create <namespace_name>`
21    # To add a node:
22    #   `headscale --namespace <namespace_name> nodes register --key <machine_key>`
23    services.headscale = {
24      enable = true;
25      # address = "127.0.0.1";
26      port = 10000;
27      settings = {
28        server_url = "https://${cfg.headscale.domain}";
29        logtail.enabled = false;
30        ip_prefixes = [ "100.64.0.0/10" ];
31        dns_config = {
32          # magicDns = true;
33          nameservers = config.networking.nameservers;
34          base_domain = "${cfg.headscale.zone}";
35        };
36      };
37    };
38
39    services.nginx = {
40      enable = true;
41      virtualHosts.${cfg.headscale.domain} = {
42        forceSSL = true;
43        enableACME = true;
44        locations."/" = {
45          proxyPass = with config.services.headscale;
46            "http://${address}:${toString port}";
47          proxyWebsockets = true;
48        };
49      };
50    };
51
52    environment.systemPackages = [ config.services.headscale.package ];
53
54    eilean.dns.enable = true;
55    eilean.services.dns.zones.${cfg.headscale.zone}.records = [
56      {
57        name = "${cfg.headscale.domain}.";
58        type = "CNAME";
59        data = "vps";
60      }
61    ];
62  };
63}