···

       
62
       
62
       
 
       
  thelounge-hostname = "lounge.wiro.world";

     

       
63
       
63
       
 
       


     

       
64
       
64
       
 
       
  headscale-port = 3006;

     

       
65
       
65
       
+
       
  headscale-derp-port = 3478;

     

       
65
       
66
       
 
       
  headscale-hostname = "headscale.wiro.world";

     

       
66
       
67
       
 
       


     

       
67
       
68
       
 
       
  lldap-port = 3007;

     
···

       
120
       
121
       
 
       


     

       
121
       
122
       
 
       
      # Reflect firewall configuration on Hetzner

     

       
122
       
123
       
 
       
      firewall.allowedTCPPorts = [ 22 80 443 ];

     

       
124
       
124
       
+
       
      firewall.allowedUDPPorts = [ headscale-derp-port ];

     

       
123
       
125
       
 
       
    };

     

       
124
       
126
       
 
       


     

       
125
       
127
       
 
       
    services.qemuGuest.enable = true;

     
···

       
404
       
406
       
 
       
          client_secret_path = config.age.secrets.headscale-oidc-secret.path;

     

       
405
       
407
       
 
       
          scope = [ "openid" "profile" "email" "groups" ];

     

       
406
       
408
       
 
       
          pkce.enabled = true;

     

       
409
       
409
       
+
       
        };

     

       
410
       
410
       
+
       


     

       
411
       
411
       
+
       
        derp.server = {

     

       
412
       
412
       
+
       
          enable = true;

     

       
413
       
413
       
+
       
          stun_listen_addr = "0.0.0.0:${toString headscale-derp-port}";

     

       
407
       
414
       
 
       
        };

     

       
408
       
415
       
 
       
      };

     

       
409
       
416
       
 
       
    };