From ff5490194b13ce451916156a1659636a19bf723a Mon Sep 17 00:00:00 2001 From: cnst Date: Sat, 25 Oct 2025 14:03:34 +0200 Subject: [PATCH] feat(headscale): just an initial test --- .webui_secret_key | 1 + flake.lock | 318 ++++++++++++--------- flake.nix | 6 +- hosts/sobotka/server.nix | 4 + modules/server/infra/authentik/default.nix | 4 +- modules/server/infra/default.nix | 1 + modules/server/infra/headscale/default.nix | 83 ++++++ nix/nixpkgs/default.nix | 3 + 8 files changed, 277 insertions(+), 143 deletions(-) create mode 100644 .webui_secret_key create mode 100644 modules/server/infra/headscale/default.nix diff --git a/.webui_secret_key b/.webui_secret_key new file mode 100644 index 00000000..29c165d4 --- /dev/null +++ b/.webui_secret_key @@ -0,0 +1 @@ +dZ1jjVieD+3K9pdm \ No newline at end of file diff --git a/flake.lock b/flake.lock index ccfd9f93..cf95eb9f 100644 --- a/flake.lock +++ b/flake.lock @@ -100,29 +100,26 @@ "inputs": { "authentik-src": "authentik-src", "flake-compat": "flake-compat", - "flake-parts": [ - "flake-parts" - ], + "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", "napalm": "napalm", - "nixpkgs": [ - "nixpkgs" - ], + "nixpkgs": "nixpkgs_3", "pyproject-build-systems": "pyproject-build-systems", "pyproject-nix": "pyproject-nix", "systems": "systems_3", "uv2nix": "uv2nix" }, "locked": { - "lastModified": 1759322529, - "narHash": "sha256-yiv/g/tiJI3PI95F7vhTnaf1TDsIkFLrmmFTjWfb6pQ=", + "lastModified": 1758177015, + "narHash": "sha256-PCUWdbaxayY3YfSjVlyddBMYoGvSaRysd5AmZ8gqSFs=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "69fac057b2e553ee17c9a09b822d735823d65a6c", + "rev": "4c626ed84cc0f1278bfba0f534efd6cba2788d75", "type": "github" }, "original": { "owner": "nix-community", + "ref": "version/2025.8.3", "repo": "authentik-nix", "type": "github" } @@ -130,16 +127,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1759190535, - "narHash": "sha256-pIzDaoDWc58cY/XhsyweCwc4dfRvkaT/zqsV1gDSnCI=", + "lastModified": 1758035356, + "narHash": "sha256-DkvxDwHCfSqEpZ9rRXNR8MP0Mz/y1kHAr38exrHQ39c=", "owner": "goauthentik", "repo": "authentik", - "rev": "8d3a289d12c7de2f244c76493af7880f70d08af2", + "rev": "680feaefa17934471a6b33ebc35caf5b64120404", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2025.8.4", + "ref": "version/2025.8.3", "repo": "authentik", "type": "github" } @@ -149,15 +146,15 @@ "flake-schemas": "flake-schemas", "home-manager": "home-manager_2", "jovian": "jovian", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1760986121, - "narHash": "sha256-ilwuwZDPh0pNPTUYKUQQarAnwJwsggr60lQyae5R1vc=", + "lastModified": 1761326352, + "narHash": "sha256-DoR4mHaStX6Dg2Gilc2Dqr/XaxXmQTOQS5cZ5xKPQJY=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "45286364d2570149037013a4fa098709776bdb41", + "rev": "6492dc810f2f250ef95096910a44f03eea6a594f", "type": "github" }, "original": { @@ -212,11 +209,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1761201787, - "narHash": "sha256-RQG899vzsoRIMQ6ZR5bi1W9HOomUgID7tk3COQf/OaY=", + "lastModified": 1761374215, + "narHash": "sha256-YmnUYXjacFHa8fWCo8gBAHpqlcG8+P5+5YYFhy6hOkg=", "owner": "nix-community", "repo": "fenix", - "rev": "1ab39eca6ce37b1db23b595c2a754c81ebf49507", + "rev": "b0fa429fc946e6e716dff3bfb97ce6383eae9359", "type": "github" }, "original": { @@ -326,6 +323,24 @@ } }, "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "4524271976b625a4a605beefd893f270620fd751", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nixpkgs" @@ -345,9 +360,9 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_4": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { "lastModified": 1753121425, @@ -363,7 +378,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "lanzaboote", @@ -384,7 +399,7 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_6": { "inputs": { "nixpkgs-lib": [ "nvf", @@ -405,7 +420,7 @@ "type": "github" } }, - "flake-parts_6": { + "flake-parts_7": { "inputs": { "nixpkgs-lib": [ "tuirun", @@ -463,8 +478,8 @@ }, "fonts": { "inputs": { - "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_4" + "flake-parts": "flake-parts_4", + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1753431871, @@ -586,7 +601,7 @@ }, "helix-flake": { "inputs": { - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -610,11 +625,11 @@ ] }, "locked": { - "lastModified": 1761235135, - "narHash": "sha256-cux9xeceLIER1lBxUa1gMafkz7gg5ntcUmJBynWdBWI=", + "lastModified": 1761344779, + "narHash": "sha256-6LNSptFYhiAd0M/maJoixJw7V0Kp5BSoMRtIahcfu3M=", "owner": "nix-community", "repo": "home-manager", - "rev": "0adf9ba3f567da2d53af581a857aacf671aaa547", + "rev": "c644cb018f9fdec55f5ac2afb4713a8c7beb757c", "type": "github" }, "original": { @@ -652,11 +667,11 @@ ] }, "locked": { - "lastModified": 1760929667, - "narHash": "sha256-nZh6uvc71nVNaf/y+wesnjwsmJ6IZZUnP2EzpZe48To=", + "lastModified": 1761266473, + "narHash": "sha256-QxCyKWBmuzI+eMhYV1JmbZsiUnBNATRP1EW34OBt5Vg=", "owner": "nix-community", "repo": "home-manager", - "rev": "189c21cf879669008ccf06e78a553f17e88d8ef0", + "rev": "5c71d4a730bd3c972befff343bb074421e345937", "type": "github" }, "original": { @@ -797,17 +812,17 @@ "hyprlang": "hyprlang", "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner_2", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "pre-commit-hooks": "pre-commit-hooks", "systems": "systems_4", "xdph": "xdph" }, "locked": { - "lastModified": 1761129162, - "narHash": "sha256-vJYlThaqdSYRKn1HcaMbkHeB95bXQwgG1ugrlSKQjHg=", + "lastModified": 1761389866, + "narHash": "sha256-RupwqaJ3JF5dF9iuJX+y0EZslmIuRs7+n+wnngtBqak=", "owner": "hyprwm", "repo": "hyprland", - "rev": "057695bc3f7de5e8841c15252fc51029590895e4", + "rev": "b10b9660004b3dfaf9e11a305d78f24955b089a4", "type": "github" }, "original": { @@ -1191,11 +1206,11 @@ ] }, "locked": { - "lastModified": 1760534924, - "narHash": "sha256-OIOCC86DxTxp1VG7xAiM+YABtVqp6vTkYIoAiGQMqso=", + "lastModified": 1761202163, + "narHash": "sha256-6RySf5VQElrm7RYGWxlIkNttemDp4FF0aH+LX435G2Y=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "100b4e000032b865563a9754e5bca189bc544764", + "rev": "47976126007d9658ca4ac4dd933bea8846170fd9", "type": "github" }, "original": { @@ -1208,8 +1223,8 @@ "inputs": { "crane": "crane", "flake-compat": "flake-compat_4", - "flake-parts": "flake-parts_4", - "nixpkgs": "nixpkgs_7", + "flake-parts": "flake-parts_5", + "nixpkgs": "nixpkgs_8", "pre-commit-hooks-nix": "pre-commit-hooks-nix", "rust-overlay": "rust-overlay_3" }, @@ -1278,11 +1293,11 @@ ] }, "locked": { - "lastModified": 1761184286, - "narHash": "sha256-yK/XQSwkOlgljcxNhlu08Zyp96DzF4eIU1leyWjyNZE=", + "lastModified": 1761356901, + "narHash": "sha256-YDySchURSJrS1P8zuzmFqypUS7shY6//0e0JiMZeLSI=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "8ac5469d67b8c197832575db87f6bde38032a947", + "rev": "a8635e459ff96acbd156a8de613b99d9d6b3676a", "type": "github" }, "original": { @@ -1331,6 +1346,21 @@ } }, "nixpkgs-lib": { + "locked": { + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_2": { "locked": { "lastModified": 1751159883, "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", @@ -1345,6 +1375,22 @@ "type": "github" } }, + "nixpkgs_10": { + "locked": { + "lastModified": 1759386674, + "narHash": "sha256-wg1Lz/1FC5Q13R+mM5a2oTV9TA9L/CHHTm3/PiLayfA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "625ad6366178f03acd79f9e3822606dd7985b657", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1758690382, @@ -1363,11 +1409,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1757745802, + "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", "type": "github" }, "original": { @@ -1378,70 +1424,6 @@ } }, "nixpkgs_4": { - "locked": { - "lastModified": 1753250450, - "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1759381078, - "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { - "locked": { - "lastModified": 1754243818, - "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { "locked": { "lastModified": 1761114652, "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", @@ -1457,18 +1439,82 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_5": { "locked": { - "lastModified": 1759386674, - "narHash": "sha256-wg1Lz/1FC5Q13R+mM5a2oTV9TA9L/CHHTm3/PiLayfA=", + "lastModified": 1753250450, + "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1759381078, + "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "625ad6366178f03acd79f9e3822606dd7985b657", + "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1761114652, + "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1754243818, + "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1761114652, + "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -1476,9 +1522,9 @@ "nvf": { "inputs": { "flake-compat": "flake-compat_5", - "flake-parts": "flake-parts_5", + "flake-parts": "flake-parts_6", "mnw": "mnw", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "systems": "systems_5" }, "locked": { @@ -1602,7 +1648,7 @@ "chaotic": "chaotic", "fenix": "fenix", "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "fonts": "fonts", "git-hooks": "git-hooks", "hardware": "hardware", @@ -1615,7 +1661,7 @@ "hyprpaper": "hyprpaper", "lanzaboote": "lanzaboote", "nix-gaming": "nix-gaming", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "nvf": "nvf", "systems": "systems_6", "treefmt-nix": "treefmt-nix", @@ -1626,11 +1672,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1761178311, - "narHash": "sha256-M5VeAtfip2zdqHKG9Su+5vlDG8AhtTk1ktxUGXdARc8=", + "lastModified": 1761322849, + "narHash": "sha256-KzRamhMnHTBEbYM0lZqozwc9BEYOTBMxVyAtDyiRq3s=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "f362735f822fe66ed2e357db53717b3db69dc6c9", + "rev": "51236f731456f305bac2b48682f8e1fa3032c989", "type": "github" }, "original": { @@ -1648,11 +1694,11 @@ ] }, "locked": { - "lastModified": 1760927964, - "narHash": "sha256-+TjujgwBpeN0aaQ/lZQ8UPsWl9oEaihgbt6FvxTlpZk=", + "lastModified": 1761273263, + "narHash": "sha256-6d6ojnu6A6sVxIjig8OL6E1T8Ge9st3YGgVwg5MOY+Q=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "6b1e691089a62d0852f9d3fd6693ee027bc98ac3", + "rev": "28405834d4fdd458d28e123fae4db148daecec6f", "type": "github" }, "original": { @@ -1815,11 +1861,11 @@ ] }, "locked": { - "lastModified": 1760945191, - "narHash": "sha256-ZRVs8UqikBa4Ki3X4KCnMBtBW0ux1DaT35tgsnB1jM4=", + "lastModified": 1761311587, + "narHash": "sha256-Msq86cR5SjozQGCnC6H8C+0cD4rnx91BPltZ9KK613Y=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "f56b1934f5f8fcab8deb5d38d42fd692632b47c2", + "rev": "2eddae033e4e74bf581c2d1dfa101f9033dbd2dc", "type": "github" }, "original": { @@ -1830,7 +1876,7 @@ }, "tuirun": { "inputs": { - "flake-parts": "flake-parts_6", + "flake-parts": "flake-parts_7", "nixpkgs": [ "nixpkgs" ], @@ -1923,11 +1969,11 @@ ] }, "locked": { - "lastModified": 1761179366, - "narHash": "sha256-uH/qjlISL4oXjuFTMvOScsPBQPZG1wVEQCFyY3pNZNE=", + "lastModified": 1761276110, + "narHash": "sha256-k9HfFWBxM7DNGrahC+IZtB8DcZyBW2uUW0HktffX640=", "ref": "refs/heads/main", - "rev": "772796d1e5d05e9f2f443f61eb0da70391788053", - "revCount": 139, + "rev": "f0b40ea6601bf74bdfb4bfeb2e969122b0115ea7", + "revCount": 140, "type": "git", "url": "https://git.sr.ht/~canasta/zen-browser-flake" }, diff --git a/flake.nix b/flake.nix index 724aad41..ae83c1f4 100644 --- a/flake.nix +++ b/flake.nix @@ -53,11 +53,7 @@ }; authentik = { - url = "github:nix-community/authentik-nix"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-parts.follows = "flake-parts"; - }; + url = "github:nix-community/authentik-nix/version/2025.8.3"; }; flake-compat.url = "github:edolstra/flake-compat"; diff --git a/hosts/sobotka/server.nix b/hosts/sobotka/server.nix index 3a430012..37c7c3dc 100644 --- a/hosts/sobotka/server.nix +++ b/hosts/sobotka/server.nix @@ -22,6 +22,10 @@ traefik = { enable = true; }; + headscale = { + enable = true; + port = 8581; + }; tailscale = { enable = true; }; diff --git a/modules/server/infra/authentik/default.nix b/modules/server/infra/authentik/default.nix index f5a463fc..1c7257f1 100644 --- a/modules/server/infra/authentik/default.nix +++ b/modules/server/infra/authentik/default.nix @@ -6,7 +6,7 @@ }: let unit = "authentik"; cfg = config.server.infra.${unit}; - srv = config.server.infra.www.domain; + srv = config.server.infra; in { options.server.infra.${unit} = { enable = lib.mkEnableOption { @@ -14,7 +14,7 @@ in { }; url = lib.mkOption { type = lib.types.str; - default = "auth.${srv.www.domain}"; + default = "auth.${srv.www.url}"; }; port = lib.mkOption { type = lib.types.port; diff --git a/modules/server/infra/default.nix b/modules/server/infra/default.nix index 797096f4..12574580 100644 --- a/modules/server/infra/default.nix +++ b/modules/server/infra/default.nix @@ -2,6 +2,7 @@ imports = [ ./authentik ./fail2ban + ./headscale ./keepalived ./podman ./postgres diff --git a/modules/server/infra/headscale/default.nix b/modules/server/infra/headscale/default.nix new file mode 100644 index 00000000..84d26ca2 --- /dev/null +++ b/modules/server/infra/headscale/default.nix @@ -0,0 +1,83 @@ +{ + config, + lib, + self, + ... +}: +with lib; let + cfg = config.server.infra.headscale; + srv = config.server.infra; +in { + options.server.infra.headscale = { + enable = mkEnableOption "Enable headscale server configuration"; + url = lib.mkOption { + type = lib.types.str; + default = "hs.${srv.www.url}"; + }; + port = lib.mkOption { + type = lib.types.port; + description = "The local port the service runs on"; + }; + }; + config = mkIf cfg.enable { + # age.secrets.sobotkaHsAuth.file = "${self}/secrets/sobotkaHsAuth.age"; + + services = { + headscale = { + enable = true; + port = cfg.port; + settings = { + server_url = "http://${cfg.url}"; + + prefixes = { + v4 = "100.64.0.0/10"; + v6 = "fd7a:115c:a1e0::/48"; + allocation = "random"; + }; + + dns = { + magic_dns = true; + base_domain = "ts.cnst.dev"; + override_local_dns = true; + nameservers = { + global = [ + "192.168.88.1" + "192.168.88.69" + ]; + split = { + }; + }; + + # oidc = { + # issuer = "https://auth.cnst.dev/oauth2/openid/headscale"; + # client_id = "headscale"; + # client_secret_path = config.age.secrets.headscaleSecret.path; + # }; + }; + }; + }; + traefik = { + dynamicConfigOptions = { + http = { + services = { + auth.loadBalancer.servers = [ + { + url = "http://localhost:8581"; + } + ]; + }; + + routers = { + headscale = { + entryPoints = ["websecure"]; + rule = "Host(`${cfg.url}`)"; + service = "headscale"; + tls.certResolver = "letsencrypt"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/nix/nixpkgs/default.nix b/nix/nixpkgs/default.nix index 9b554edd..194e10b0 100644 --- a/nix/nixpkgs/default.nix +++ b/nix/nixpkgs/default.nix @@ -4,5 +4,8 @@ allowUnfree = true; input-fonts.acceptLicense = true; }; + + overlays = [ + ]; }; }