84 lines
2.0 KiB
Nix
84 lines
2.0 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
self,
|
|
...
|
|
}:
|
|
with lib; let
|
|
cfg = config.server.infra.headscale;
|
|
srv = config.server.infra;
|
|
in {
|
|
options.server.infra.headscale = {
|
|
enable = mkEnableOption "Enable headscale server configuration";
|
|
url = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "hs.${srv.www.url}";
|
|
};
|
|
port = lib.mkOption {
|
|
type = lib.types.port;
|
|
description = "The local port the service runs on";
|
|
};
|
|
};
|
|
config = mkIf cfg.enable {
|
|
# age.secrets.sobotkaHsAuth.file = "${self}/secrets/sobotkaHsAuth.age";
|
|
|
|
services = {
|
|
headscale = {
|
|
enable = true;
|
|
port = cfg.port;
|
|
settings = {
|
|
server_url = "http://${cfg.url}";
|
|
|
|
prefixes = {
|
|
v4 = "100.64.0.0/10";
|
|
v6 = "fd7a:115c:a1e0::/48";
|
|
allocation = "random";
|
|
};
|
|
|
|
dns = {
|
|
magic_dns = true;
|
|
base_domain = "ts.cnst.dev";
|
|
override_local_dns = true;
|
|
nameservers = {
|
|
global = [
|
|
"192.168.88.1"
|
|
"192.168.88.69"
|
|
];
|
|
split = {
|
|
};
|
|
};
|
|
|
|
# oidc = {
|
|
# issuer = "https://auth.cnst.dev/oauth2/openid/headscale";
|
|
# client_id = "headscale";
|
|
# client_secret_path = config.age.secrets.headscaleSecret.path;
|
|
# };
|
|
};
|
|
};
|
|
};
|
|
traefik = {
|
|
dynamicConfigOptions = {
|
|
http = {
|
|
services = {
|
|
auth.loadBalancer.servers = [
|
|
{
|
|
url = "http://localhost:8581";
|
|
}
|
|
];
|
|
};
|
|
|
|
routers = {
|
|
headscale = {
|
|
entryPoints = ["websecure"];
|
|
rule = "Host(`${cfg.url}`)";
|
|
service = "headscale";
|
|
tls.certResolver = "letsencrypt";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|