nixos-configs/devices/cluster/modules/headscale/default.nix

{
  config,
  headscale,
  lib,
  pkgs,
  ...
}: let
  inherit (builtins) readFile;
  inherit (lib) mkAfter mkForce;
  inherit (pkgs.writers) writeYAML;

  inherit (config.vars) mainUser hostName;
  headscale-flake = headscale.packages.${pkgs.system}.headscale;

  clusterIP = config.services.pcsd.virtualIps.caddy-vip.ip;
in {
  environment.systemPackages = [headscale-flake];
  users.users.${mainUser}.extraGroups = ["headscale"];

  home-manager.users.${mainUser}
    .programs.bash.bashrcExtra = mkAfter (readFile ./completion.bash);

  services.headscale = {
    enable = true;
    package = headscale-flake;
  };

  environment.etc."headscale/config.yaml".source = mkForce (
    writeYAML "headscale.yaml" {
      server_url = "https://headscale.nelim.org";
      listen_addr = "${clusterIP}:8085";
      prefixes = {
        v4 = "100.64.0.0/10";
        v6 = "fd7a:115c:a1e0::/48";
      };
      metrics_listen_addr = "127.0.0.1:9090";
      grpc_listen_addr = "0.0.0.0:50443";
      grpc_allow_insecure = false;
      disable_check_updates = true;
      ephemeral_node_inactivity_timeout = "30m";
      unix_socket = "/run/headscale/headscale.sock";
      unix_socket_permission = "0770";

      database = {
        type = "sqlite";
        sqlite.path = "/var/lib/headscale/db.sqlite";
      };

      private_key_path = "/var/lib/headscale/private.key";
      noise.private_key_path = "/var/lib/headscale/noise_private.key";

      dns_config = let
        caddyIp =
          if hostName == "thingone"
          then "100.64.0.8"
          else "100.64.0.9";
      in {
        magic_dns = false;
        override_local_dns = true;
        nameservers = [caddyIp];
      };

      log = {
        format = "text";
        level = "info";
      };

      derp = {
        auto_update_enable = true;
        update_frequency = "24h";

        server = {
          enabled = true;
          stun_listen_addr = "${clusterIP}:3479";
          private_key_path = "/var/lib/headscale/derp_server_private.key";

          region_id = 995;
          region_code = "mon";
          region_name = "montreal";
        };
      };
    }
  );
}
feat(oksys): prepare headscale 2023-11-28 21:43:26 -05:00			`{`
feat(headscale): add bash auto completion 2024-01-09 14:49:05 -05:00			`config,`
feat(oksys): prepare headscale 2023-11-28 21:43:26 -05:00			`headscale,`
feat(headscale): add bash auto completion 2024-01-09 14:49:05 -05:00			`lib,`
feat(oksys): prepare headscale 2023-11-28 21:43:26 -05:00			`pkgs,`
			`...`
refactor(oksys): move user groups to their relevant module 2023-11-29 22:14:29 -05:00			`}: let`
refactor: limit use of with lib 2024-01-22 11:09:37 -05:00			`inherit (builtins) readFile;`
fix(headscale): build custom config to update it to alpha 2024-04-01 01:50:30 -04:00			`inherit (lib) mkAfter mkForce;`
			`inherit (pkgs.writers) writeYAML;`
fix(headscale): override db_type option to use latest headscale 2024-03-31 23:42:49 -04:00
feat(servers): move oksys services to cluster 2024-01-23 23:42:41 -05:00			`inherit (config.vars) mainUser hostName;`
refactor(oksys): move user groups to their relevant module 2023-11-29 22:14:29 -05:00			`headscale-flake = headscale.packages.${pkgs.system}.headscale;`
feat(servers): move oksys services to cluster 2024-01-23 23:42:41 -05:00
chore: update pacemaker config 2024-02-01 11:48:38 -05:00			`clusterIP = config.services.pcsd.virtualIps.caddy-vip.ip;`
refactor(oksys): move user groups to their relevant module 2023-11-29 22:14:29 -05:00			`in {`
fix(headscale): build custom config to update it to alpha 2024-04-01 01:50:30 -04:00			`environment.systemPackages = [headscale-flake];`
			`users.users.${mainUser}.extraGroups = ["headscale"];`
feat(headscale): add bash auto completion 2024-01-09 14:49:05 -05:00
fix(headscale): build custom config to update it to alpha 2024-04-01 01:50:30 -04:00			`home-manager.users.${mainUser}`
fix(headscale): override db_type option to use latest headscale 2024-03-31 23:42:49 -04:00			`.programs.bash.bashrcExtra = mkAfter (readFile ./completion.bash);`
feat(oksys): prepare headscale 2023-11-28 21:43:26 -05:00
fix(headscale): build custom config to update it to alpha 2024-04-01 01:50:30 -04:00			`services.headscale = {`
			`enable = true;`
			`package = headscale-flake;`
			`};`

			`environment.etc."headscale/config.yaml".source = mkForce (`
			`writeYAML "headscale.yaml" {`
			`server_url = "https://headscale.nelim.org";`
			`listen_addr = "${clusterIP}:8085";`
			`prefixes = {`
			`v4 = "100.64.0.0/10";`
			`v6 = "fd7a:115c:a1e0::/48";`
			`};`
			`metrics_listen_addr = "127.0.0.1:9090";`
			`grpc_listen_addr = "0.0.0.0:50443";`
			`grpc_allow_insecure = false;`
			`disable_check_updates = true;`
			`ephemeral_node_inactivity_timeout = "30m";`
			`unix_socket = "/run/headscale/headscale.sock";`
			`unix_socket_permission = "0770";`
feat(oksys): prepare headscale 2023-11-28 21:43:26 -05:00
fix(headscale): build custom config to update it to alpha 2024-04-01 01:50:30 -04:00			`database = {`
			`type = "sqlite";`
			`sqlite.path = "/var/lib/headscale/db.sqlite";`
			`};`
feat(oksys): prepare headscale 2023-11-28 21:43:26 -05:00
fix(headscale): build custom config to update it to alpha 2024-04-01 01:50:30 -04:00			`private_key_path = "/var/lib/headscale/private.key";`
			`noise.private_key_path = "/var/lib/headscale/noise_private.key";`
feat(oksys): prepare headscale 2023-11-28 21:43:26 -05:00
fix(headscale): build custom config to update it to alpha 2024-04-01 01:50:30 -04:00			`dns_config = let`
			`caddyIp =`
			`if hostName == "thingone"`
			`then "100.64.0.8"`
			`else "100.64.0.9";`
			`in {`
			`magic_dns = false;`
			`override_local_dns = true;`
			`nameservers = [caddyIp];`
			`};`
fix(headscale): override db_type option to use latest headscale 2024-03-31 23:42:49 -04:00
fix(headscale): build custom config to update it to alpha 2024-04-01 01:50:30 -04:00			`log = {`
			`format = "text";`
			`level = "info";`
			`};`
feat(oksys): prepare headscale 2023-11-28 21:43:26 -05:00
fix(headscale): build custom config to update it to alpha 2024-04-01 01:50:30 -04:00			`derp = {`
			`auto_update_enable = true;`
			`update_frequency = "24h";`
feat(oksys): prepare headscale 2023-11-28 21:43:26 -05:00
fix(headscale): build custom config to update it to alpha 2024-04-01 01:50:30 -04:00			`server = {`
			`enabled = true;`
			`stun_listen_addr = "${clusterIP}:3479";`
			`private_key_path = "/var/lib/headscale/derp_server_private.key";`
feat(oksys): prepare headscale 2023-11-28 21:43:26 -05:00
fix(headscale): build custom config to update it to alpha 2024-04-01 01:50:30 -04:00			`region_id = 995;`
			`region_code = "mon";`
			`region_name = "montreal";`
feat(oksys): prepare headscale 2023-11-28 21:43:26 -05:00			`};`
			`};`
fix(headscale): build custom config to update it to alpha 2024-04-01 01:50:30 -04:00			`}`
			`);`
feat(oksys): prepare headscale 2023-11-28 21:43:26 -05:00			`}`