feat(network): adding options for dns and search

2025-10-05 15:40:52 +02:00
parent 9d20eff7f9
commit 93f227ba7e
10 changed files with 81 additions and 19 deletions
--- a/modules/server/jellyfin/default.nix
+++ b/modules/server/jellyfin/default.nix
@@ -18,7 +18,7 @@ in {
    };
    url = lib.mkOption {
      type = lib.types.str;
-      default = "jellyfin.${srv.domain}";
+      default = "sobotka.taila7448a.ts.net";
    };
    homepage.name = lib.mkOption {
      type = lib.types.str;
@@ -53,9 +53,9 @@ in {
          routers = {
            jellyfinRouter = {
              entryPoints = ["websecure"];
-              rule = "Host(`fin.${srv.www.url}`)";
+              rule = "Host(`${cfg.url}`)";
              service = "${unit}";
-              tls.certResolver = "tailscale";
+              tls.certResolver = "vpn";
            };
          };
        };
--- a/modules/server/tailscale/default.nix
+++ b/modules/server/tailscale/default.nix
@@ -0,0 +1,28 @@
+{
+  config,
+  lib,
+  self,
+  ...
+}:
+with lib; let
+  cfg = config.server.tailscale;
+in {
+  options.server.tailscale = {
+    enable = mkEnableOption "Enable tailscale server configuration";
+  };
+
+  config = mkIf cfg.enable {
+    age.secrets.sobotkaTsAuth.file = "${self}/secrets/sobotkaTsAuth.age";
+
+    services.tailscale = {
+      enable = true;
+      openFirewall = true;
+      useRoutingFeatures = "server";
+      authKeyFile = config.age.secrets.sobotkaTsAuth.path;
+      extraSetFlags = [
+        "--advertise-exit-node"
+        "--advertise-routes=192.168.88.0/24"
+      ];
+    };
+  };
+}
--- a/modules/server/traefik/default.nix
+++ b/modules/server/traefik/default.nix
@@ -49,7 +49,7 @@ in {
            dashboard = true;
          };
          certificatesResolvers = {
-            tailscale.tailscale = {};
+            vpn.tailscale = {};
            letsencrypt = {
              acme = {
                email = "adam@cnst.dev";