nixos-configs/configurations/cluster/modules/headscale/default.nix

71 lines
1.7 KiB
Nix
Raw Normal View History

{
config,
mainUser,
...
}: let
inherit (config.networking) hostName;
2024-02-01 11:48:38 -05:00
clusterIP = config.services.pcsd.virtualIps.caddy-vip.ip;
in {
users.users.${mainUser}.extraGroups = ["headscale"];
services.headscale = {
enable = true;
chore: update flake.lock Flake Inputs: • Updated input 'agsV2': 'github:Aylur/ags/1341310' (2024-09-30) → 'github:Aylur/ags/35e40fd' (2024-10-09) • Updated input 'astal': 'github:Aylur/astal/2a3bb3a' (2024-10-07) → 'github:Aylur/astal/921272a' (2024-10-10) • Updated input 'gpu-screen-recorder-src': 'git+https://repo.dec05eba.com/gpu-screen-recorder?ref=refs/heads/master&rev=0a8d176' (2024-10-07) → 'git+https://repo.dec05eba.com/gpu-screen-recorder?ref=refs/heads/master&rev=935a7b8' (2024-10-09) • Updated input 'home-manager': 'github:nix-community/home-manager/0386303' (2024-10-07) → 'github:nix-community/home-manager/d47d332' (2024-10-10) • Updated input 'hyprgrass': 'github:horriblename/hyprgrass/427690a' (2024-08-25) → 'github:horriblename/hyprgrass/1535962' (2024-10-09) • Updated input 'hyprland': 'github:hyprwm/Hyprland/613eac4' (2024-10-08) → 'github:hyprwm/Hyprland/b65773b' (2024-10-10) • Updated input 'material-rounded-theme-src': 'github:Nerwyn/material-rounded-theme/d78298f' (2024-09-17) → 'github:Nerwyn/material-rounded-theme/40f93bd' (2024-10-10) • Updated input 'nix-gaming': 'github:fufexan/nix-gaming/d5e4fb8' (2024-10-08) → 'github:fufexan/nix-gaming/86a897d' (2024-10-10) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c31898a' (2024-10-06) → 'github:NixOS/nixpkgs/5633bcf' (2024-10-09) • Updated input 'nixpkgs-wayland': 'github:nix-community/nixpkgs-wayland/0a5e8f7' (2024-10-08) → 'github:nix-community/nixpkgs-wayland/2a1ef3c' (2024-10-10) • Updated input 'piper-src': 'github:libratbag/piper/0f72869' (2024-09-24) → 'github:libratbag/piper/c6e54f6' (2024-10-09) • Updated input 'spotifywebapi-src': 'github:thlucas1/SpotifyWebApiPython/c1e2f4b' (2024-10-05) → 'github:thlucas1/SpotifyWebApiPython/e885769' (2024-10-10) • Updated input 'tuya-local-src': 'github:make-all/tuya-local/df26ea0' (2024-10-08) → 'github:make-all/tuya-local/20c1224' (2024-10-10) Docker Images: • hrfee/jfa-go unstable: sha256:958d926bd245b6a6a11155f02f04b3d3e05130cc1da98290a68fa5d911fe2f0f → sha256:f78c5b727b6c94942803f6a3bc47aa60fe197b97417d869448aa6e7fd4bba55c • vegardit/gitea-act-runner dind-latest: sha256:5686ce9464839df7333098a61a802d16645d92fa4175b02684a536656d17a28f → sha256:06ab3f910c5015792942d8c338fd865d3dff1163cea2e8c3efd32330c7775802 • rssbridge/rss-bridge latest: sha256:fada58f35c97d4e50ae045176339722b69397a6803a46c00799a96160db84092 → sha256:c4fd6ad6e395310cc5d49665bfca638d09ba6cf9d03ad60a5c36361cb7c05251 • ghcr.io/linuxserver/bazarr latest: sha256:137f55b12859e7f6905c513d403ba80dfe3b2afe7fa892c891c1982996a114ba → sha256:d7d431c29d1c94e7009b6b8b1eb5078689416278b5e6664cad864b28b9ead345 • 21hsmw/flaresolverr nodriver: sha256:14447de91cff69e78059864e6540d42a5b94a8ec1b1856485cd015afbab91b9c → sha256:a85e675e7b4e980e142d58e440dd3e1b6fa6bc10aabcc612727f81e34c28db80 • ghcr.io/linuxserver/sabnzbd latest: sha256:a33738b946bee3bd2a754b2e576643d069ac2913d88290ef13d8e00f0c0e1224 → sha256:f87f9d4fa0e19f8e7b292638b3fa89cafc4a96d858fbda8106e3cea6343432c1 Firefox Addons: floccus: 5.3.0.2 -> 5.3.1 sponsorblock: 5.9.3 -> 5.9.4 Misc Sources: Vuetorrent: 2.14.0 -> 2.14.1
2024-10-10 14:59:38 -04:00
settings = {
server_url = "https://headscale.nelim.org";
listen_addr = "${clusterIP}:8085";
prefixes = {
v4 = "100.64.0.0/10";
v6 = "fd7a:115c:a1e0::/48";
};
metrics_listen_addr = "127.0.0.1:9090";
grpc_listen_addr = "0.0.0.0:50443";
grpc_allow_insecure = false;
disable_check_updates = true;
ephemeral_node_inactivity_timeout = "30m";
unix_socket = "/run/headscale/headscale.sock";
unix_socket_permission = "0770";
2023-11-28 21:43:26 -05:00
database = {
type = "sqlite";
sqlite.path = "/var/lib/headscale/db.sqlite";
};
2023-11-28 21:43:26 -05:00
private_key_path = "/var/lib/headscale/private.key";
noise.private_key_path = "/var/lib/headscale/noise_private.key";
2023-11-28 21:43:26 -05:00
dns = let
caddyIp =
if hostName == "thingone"
then "100.64.0.8"
else "100.64.0.9";
in {
magic_dns = false;
override_local_dns = true;
nameservers.global = [caddyIp];
};
log = {
format = "text";
level = "info";
};
2023-11-28 21:43:26 -05:00
derp = {
auto_update_enable = true;
update_frequency = "24h";
2023-11-28 21:43:26 -05:00
server = {
enabled = true;
stun_listen_addr = "${clusterIP}:3479";
private_key_path = "/var/lib/headscale/derp_server_private.key";
2023-11-28 21:43:26 -05:00
region_id = 995;
region_code = "mon";
region_name = "montreal";
2023-11-28 21:43:26 -05:00
};
};
chore: update flake.lock Flake Inputs: • Updated input 'agsV2': 'github:Aylur/ags/1341310' (2024-09-30) → 'github:Aylur/ags/35e40fd' (2024-10-09) • Updated input 'astal': 'github:Aylur/astal/2a3bb3a' (2024-10-07) → 'github:Aylur/astal/921272a' (2024-10-10) • Updated input 'gpu-screen-recorder-src': 'git+https://repo.dec05eba.com/gpu-screen-recorder?ref=refs/heads/master&rev=0a8d176' (2024-10-07) → 'git+https://repo.dec05eba.com/gpu-screen-recorder?ref=refs/heads/master&rev=935a7b8' (2024-10-09) • Updated input 'home-manager': 'github:nix-community/home-manager/0386303' (2024-10-07) → 'github:nix-community/home-manager/d47d332' (2024-10-10) • Updated input 'hyprgrass': 'github:horriblename/hyprgrass/427690a' (2024-08-25) → 'github:horriblename/hyprgrass/1535962' (2024-10-09) • Updated input 'hyprland': 'github:hyprwm/Hyprland/613eac4' (2024-10-08) → 'github:hyprwm/Hyprland/b65773b' (2024-10-10) • Updated input 'material-rounded-theme-src': 'github:Nerwyn/material-rounded-theme/d78298f' (2024-09-17) → 'github:Nerwyn/material-rounded-theme/40f93bd' (2024-10-10) • Updated input 'nix-gaming': 'github:fufexan/nix-gaming/d5e4fb8' (2024-10-08) → 'github:fufexan/nix-gaming/86a897d' (2024-10-10) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c31898a' (2024-10-06) → 'github:NixOS/nixpkgs/5633bcf' (2024-10-09) • Updated input 'nixpkgs-wayland': 'github:nix-community/nixpkgs-wayland/0a5e8f7' (2024-10-08) → 'github:nix-community/nixpkgs-wayland/2a1ef3c' (2024-10-10) • Updated input 'piper-src': 'github:libratbag/piper/0f72869' (2024-09-24) → 'github:libratbag/piper/c6e54f6' (2024-10-09) • Updated input 'spotifywebapi-src': 'github:thlucas1/SpotifyWebApiPython/c1e2f4b' (2024-10-05) → 'github:thlucas1/SpotifyWebApiPython/e885769' (2024-10-10) • Updated input 'tuya-local-src': 'github:make-all/tuya-local/df26ea0' (2024-10-08) → 'github:make-all/tuya-local/20c1224' (2024-10-10) Docker Images: • hrfee/jfa-go unstable: sha256:958d926bd245b6a6a11155f02f04b3d3e05130cc1da98290a68fa5d911fe2f0f → sha256:f78c5b727b6c94942803f6a3bc47aa60fe197b97417d869448aa6e7fd4bba55c • vegardit/gitea-act-runner dind-latest: sha256:5686ce9464839df7333098a61a802d16645d92fa4175b02684a536656d17a28f → sha256:06ab3f910c5015792942d8c338fd865d3dff1163cea2e8c3efd32330c7775802 • rssbridge/rss-bridge latest: sha256:fada58f35c97d4e50ae045176339722b69397a6803a46c00799a96160db84092 → sha256:c4fd6ad6e395310cc5d49665bfca638d09ba6cf9d03ad60a5c36361cb7c05251 • ghcr.io/linuxserver/bazarr latest: sha256:137f55b12859e7f6905c513d403ba80dfe3b2afe7fa892c891c1982996a114ba → sha256:d7d431c29d1c94e7009b6b8b1eb5078689416278b5e6664cad864b28b9ead345 • 21hsmw/flaresolverr nodriver: sha256:14447de91cff69e78059864e6540d42a5b94a8ec1b1856485cd015afbab91b9c → sha256:a85e675e7b4e980e142d58e440dd3e1b6fa6bc10aabcc612727f81e34c28db80 • ghcr.io/linuxserver/sabnzbd latest: sha256:a33738b946bee3bd2a754b2e576643d069ac2913d88290ef13d8e00f0c0e1224 → sha256:f87f9d4fa0e19f8e7b292638b3fa89cafc4a96d858fbda8106e3cea6343432c1 Firefox Addons: floccus: 5.3.0.2 -> 5.3.1 sponsorblock: 5.9.3 -> 5.9.4 Misc Sources: Vuetorrent: 2.14.0 -> 2.14.1
2024-10-10 14:59:38 -04:00
};
};
2023-11-28 21:43:26 -05:00
}