cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

feat(headscale): remove for now

Browse Source
This commit is contained in:
cnst
2025-10-25 14:13:30 +02:00
parent 2ffc94161d
commit 59e548f02e
5 changed files with 9 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
flake.lock generated
View File

@@ -110,16 +110,16 @@
"uv2nix": "uv2nix" "uv2nix": "uv2nix"
}, },
"locked": { "locked": {
"lastModified": 1758177015, "lastModified": 1759322529,
"narHash": "sha256-PCUWdbaxayY3YfSjVlyddBMYoGvSaRysd5AmZ8gqSFs=", "narHash": "sha256-yiv/g/tiJI3PI95F7vhTnaf1TDsIkFLrmmFTjWfb6pQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "authentik-nix", "repo": "authentik-nix",
"rev": "4c626ed84cc0f1278bfba0f534efd6cba2788d75", "rev": "69fac057b2e553ee17c9a09b822d735823d65a6c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "version/2025.8.3", "ref": "version/2025.8.4",
"repo": "authentik-nix", "repo": "authentik-nix",
"type": "github" "type": "github"
} }
@@ -127,16 +127,16 @@
"authentik-src": { "authentik-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1758035356, "lastModified": 1759190535,
"narHash": "sha256-DkvxDwHCfSqEpZ9rRXNR8MP0Mz/y1kHAr38exrHQ39c=", "narHash": "sha256-pIzDaoDWc58cY/XhsyweCwc4dfRvkaT/zqsV1gDSnCI=",
"owner": "goauthentik", "owner": "goauthentik",
"repo": "authentik", "repo": "authentik",
"rev": "680feaefa17934471a6b33ebc35caf5b64120404", "rev": "8d3a289d12c7de2f244c76493af7880f70d08af2",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "goauthentik", "owner": "goauthentik",
"ref": "version/2025.8.3", "ref": "version/2025.8.4",
"repo": "authentik", "repo": "authentik",
"type": "github" "type": "github"
} }

2
flake.nix
View File

@@ -53,7 +53,7 @@
}; };
authentik = { authentik = {
url = "github:nix-community/authentik-nix/version/2025.8.3"; url = "github:nix-community/authentik-nix/version/2025.8.4";
}; };
flake-compat.url = "github:edolstra/flake-compat"; flake-compat.url = "github:edolstra/flake-compat";

4
hosts/sobotka/server.nix
View File

@@ -22,10 +22,6 @@
traefik = { traefik = {
enable = true; enable = true;
}; };
headscale = {
enable = true;
port = 8581;
};
tailscale = { tailscale = {
enable = true; enable = true;
}; };

1
modules/server/infra/default.nix
View File

@@ -2,7 +2,6 @@
imports = [ imports = [
./authentik ./authentik
./fail2ban ./fail2ban
./headscale
./keepalived ./keepalived
./podman ./podman
./postgres ./postgres

83
modules/server/infra/headscale/default.nix
View File

@@ -1,83 +0,0 @@
{
config,
lib,
self,
...
}:
with lib; let
cfg = config.server.infra.headscale;
srv = config.server.infra;
in {
options.server.infra.headscale = {
enable = mkEnableOption "Enable headscale server configuration";
url = lib.mkOption {
type = lib.types.str;
default = "hs.${srv.www.url}";
};
port = lib.mkOption {
type = lib.types.port;
description = "The local port the service runs on";
};
};
config = mkIf cfg.enable {
# age.secrets.sobotkaHsAuth.file = "${self}/secrets/sobotkaHsAuth.age";
services = {
headscale = {
enable = true;
port = cfg.port;
settings = {
server_url = "http://${cfg.url}";
prefixes = {
v4 = "100.64.0.0/10";
v6 = "fd7a:115c:a1e0::/48";
allocation = "random";
};
dns = {
magic_dns = true;
base_domain = "ts.cnst.dev";
override_local_dns = true;
nameservers = {
global = [
"192.168.88.1"
"192.168.88.69"
];
split = {
};
};
# oidc = {
# issuer = "https://auth.cnst.dev/oauth2/openid/headscale";
# client_id = "headscale";
# client_secret_path = config.age.secrets.headscaleSecret.path;
# };
};
};
};
traefik = {
dynamicConfigOptions = {
http = {
services = {
auth.loadBalancer.servers = [
{
url = "http://localhost:8581";
}
];
};
routers = {
headscale = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "headscale";
tls.certResolver = "letsencrypt";
};
};
};
};
};
};
};
}