nixos-configs/devices/cluster/modules/headscale/default.nix

85 lines
2.1 KiB
Nix
Raw Normal View History

2023-11-28 21:43:26 -05:00
{
config,
2023-11-28 21:43:26 -05:00
headscale,
lib,
2023-11-28 21:43:26 -05:00
pkgs,
...
}: let
2024-01-22 11:09:37 -05:00
inherit (builtins) readFile;
inherit (lib) mkAfter mkForce;
inherit (pkgs.writers) writeYAML;
inherit (config.vars) mainUser hostName;
headscale-flake = headscale.packages.${pkgs.system}.headscale;
2024-02-01 11:48:38 -05:00
clusterIP = config.services.pcsd.virtualIps.caddy-vip.ip;
in {
environment.systemPackages = [headscale-flake];
users.users.${mainUser}.extraGroups = ["headscale"];
home-manager.users.${mainUser}
.programs.bash.bashrcExtra = mkAfter (readFile ./completion.bash);
2023-11-28 21:43:26 -05:00
services.headscale = {
enable = true;
package = headscale-flake;
};
environment.etc."headscale/config.yaml".source = mkForce (
writeYAML "headscale.yaml" {
server_url = "https://headscale.nelim.org";
listen_addr = "${clusterIP}:8085";
prefixes = {
v4 = "100.64.0.0/10";
v6 = "fd7a:115c:a1e0::/48";
};
metrics_listen_addr = "127.0.0.1:9090";
grpc_listen_addr = "0.0.0.0:50443";
grpc_allow_insecure = false;
disable_check_updates = true;
ephemeral_node_inactivity_timeout = "30m";
unix_socket = "/run/headscale/headscale.sock";
unix_socket_permission = "0770";
2023-11-28 21:43:26 -05:00
database = {
type = "sqlite";
sqlite.path = "/var/lib/headscale/db.sqlite";
};
2023-11-28 21:43:26 -05:00
private_key_path = "/var/lib/headscale/private.key";
noise.private_key_path = "/var/lib/headscale/noise_private.key";
2023-11-28 21:43:26 -05:00
dns_config = let
caddyIp =
if hostName == "thingone"
then "100.64.0.8"
else "100.64.0.9";
in {
magic_dns = false;
override_local_dns = true;
nameservers = [caddyIp];
};
log = {
format = "text";
level = "info";
};
2023-11-28 21:43:26 -05:00
derp = {
auto_update_enable = true;
update_frequency = "24h";
2023-11-28 21:43:26 -05:00
server = {
enabled = true;
stun_listen_addr = "${clusterIP}:3479";
private_key_path = "/var/lib/headscale/derp_server_private.key";
2023-11-28 21:43:26 -05:00
region_id = 995;
region_code = "mon";
region_name = "montreal";
2023-11-28 21:43:26 -05:00
};
};
}
);
2023-11-28 21:43:26 -05:00
}