From aa2f5b2906ae0f2ba8571a3f33322726c3901abf Mon Sep 17 00:00:00 2001 From: matt1432 Date: Mon, 1 Apr 2024 01:50:30 -0400 Subject: [PATCH] fix(headscale): build custom config to update it to alpha --- devices/cluster/modules/headscale/default.nix | 106 ++++++++++-------- 1 file changed, 57 insertions(+), 49 deletions(-) diff --git a/devices/cluster/modules/headscale/default.nix b/devices/cluster/modules/headscale/default.nix index 525d57e..ec46967 100644 --- a/devices/cluster/modules/headscale/default.nix +++ b/devices/cluster/modules/headscale/default.nix @@ -6,71 +6,79 @@ ... }: let inherit (builtins) readFile; - inherit (lib) mkAfter mkOption; + inherit (lib) mkAfter mkForce; + inherit (pkgs.writers) writeYAML; inherit (config.vars) mainUser hostName; headscale-flake = headscale.packages.${pkgs.system}.headscale; clusterIP = config.services.pcsd.virtualIps.caddy-vip.ip; in { - # FIXME: wait for nixpkgs to reach this : https://github.com/juanfont/headscale/commit/94b30abf56ae09d82a1541bbc3d19557914f9b27 - options.services.headscale.settings.db_type = mkOption { - type = lib.types.enum ["sqlite" "postgres"]; - }; + environment.systemPackages = [headscale-flake]; + users.users.${mainUser}.extraGroups = ["headscale"]; - config = { - environment.systemPackages = [headscale-flake]; - users.users.${mainUser}.extraGroups = ["headscale"]; - - home-manager.users.${mainUser} + home-manager.users.${mainUser} .programs.bash.bashrcExtra = mkAfter (readFile ./completion.bash); - services.headscale = { - enable = true; - package = headscale-flake; + services.headscale = { + enable = true; + package = headscale-flake; + }; - address = clusterIP; - port = 8085; + environment.etc."headscale/config.yaml".source = mkForce ( + writeYAML "headscale.yaml" { + server_url = "https://headscale.nelim.org"; + listen_addr = "${clusterIP}:8085"; + prefixes = { + v4 = "100.64.0.0/10"; + v6 = "fd7a:115c:a1e0::/48"; + }; + metrics_listen_addr = "127.0.0.1:9090"; + grpc_listen_addr = "0.0.0.0:50443"; + grpc_allow_insecure = false; + disable_check_updates = true; + ephemeral_node_inactivity_timeout = "30m"; + unix_socket = "/run/headscale/headscale.sock"; + unix_socket_permission = "0770"; - settings = { - server_url = "https://headscale.nelim.org"; - ip_prefixes = ["100.64.0.0/10"]; - metrics_listen_addr = "127.0.0.1:9090"; - grpc_listen_addr = "0.0.0.0:50443"; - grpc_allow_insecure = false; - disable_check_updates = true; - unix_socket_permission = "0770"; + database = { + type = "sqlite"; + sqlite.path = "/var/lib/headscale/db.sqlite"; + }; - db_type = "sqlite"; - db_path = "/var/lib/headscale/db.sqlite"; - private_key_path = "/var/lib/headscale/private.key"; - noise.private_key_path = "/var/lib/headscale/noise_private.key"; + private_key_path = "/var/lib/headscale/private.key"; + noise.private_key_path = "/var/lib/headscale/noise_private.key"; - dns_config = let - caddyIp = - if hostName == "thingone" - then "100.64.0.8" - else "100.64.0.9"; - in { - magic_dns = false; - override_local_dns = true; - nameservers = [caddyIp]; - }; + dns_config = let + caddyIp = + if hostName == "thingone" + then "100.64.0.8" + else "100.64.0.9"; + in { + magic_dns = false; + override_local_dns = true; + nameservers = [caddyIp]; + }; - derp = { - urls = []; + log = { + format = "text"; + level = "info"; + }; - server = { - enabled = true; - stun_listen_addr = "${clusterIP}:3479"; - private_key_path = "/var/lib/headscale/derp_server_private.key"; + derp = { + auto_update_enable = true; + update_frequency = "24h"; - region_id = 995; - region_code = "mon"; - region_name = "montreal"; - }; + server = { + enabled = true; + stun_listen_addr = "${clusterIP}:3479"; + private_key_path = "/var/lib/headscale/derp_server_private.key"; + + region_id = 995; + region_code = "mon"; + region_name = "montreal"; }; }; - }; - }; + } + ); }