upd
This commit is contained in:
mjallen18
@@ -119,12 +119,12 @@ in
|
||||
enable = true;
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
before = [ "display-manager.service" ];
|
||||
requiredBy = [
|
||||
"plymouth-quit-wait.service"
|
||||
"display-manager.service"
|
||||
];
|
||||
wantedBy = [ "display-manager.service" ];
|
||||
# before = [ "display-manager.service" ];
|
||||
# requiredBy = [
|
||||
# "plymouth-quit-wait.service"
|
||||
# "display-manager.service"
|
||||
# ];
|
||||
# wantedBy = [ "display-manager.service" ];
|
||||
path = [
|
||||
pkgs.bash
|
||||
pkgs.jq
|
||||
|
||||
@@ -25,7 +25,6 @@ in
|
||||
# Common Raspberry Pi packages
|
||||
environment.systemPackages = with pkgs; [
|
||||
i2c-tools
|
||||
libraspberrypi
|
||||
raspberrypi-eeprom
|
||||
raspberrypifw
|
||||
raspberrypiWirelessFirmware
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
"https://cache.nixos.org/"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"nas-cache:5ibTWOXJYlKBaoNtdDEPmvdLPtfnbwf9jvdnfwi5dUs="
|
||||
"nas-cache:Y7PR+XTLr1bLIL85PKb9Tk9/BnE5HndTKvZYWVP1/48="
|
||||
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
];
|
||||
|
||||
63
modules/nixos/services/headscale/default.nix
Normal file
63
modules/nixos/services/headscale/default.nix
Normal file
@@ -0,0 +1,63 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
namespace,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.${namespace}.services.headscale;
|
||||
|
||||
headscaleConfig = {
|
||||
services.headscale = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
address = "0.0.0.0";
|
||||
port = cfg.port;
|
||||
settings = {
|
||||
server_url = "https://headscale.mjallen.dev:443";
|
||||
database.sqlite.path = "${cfg.dataDir}/db.sqlite";
|
||||
dns ={
|
||||
nameservers.global = [
|
||||
"1.1.1.1"
|
||||
"8.8.8.8"
|
||||
];
|
||||
base_domain = "tailnet.mjallen.dev";
|
||||
magic_dns = true;
|
||||
};
|
||||
};
|
||||
# oidc
|
||||
};
|
||||
};
|
||||
|
||||
# Create reverse proxy configuration using mkReverseProxy
|
||||
reverseProxyConfig = lib.${namespace}.mkReverseProxy {
|
||||
name = "headscale";
|
||||
subdomain = cfg.reverseProxy.subdomain;
|
||||
url = "http://${cfg.localAddress}:${toString cfg.port}";
|
||||
middlewares = cfg.reverseProxy.middlewares;
|
||||
};
|
||||
|
||||
fullConfig = {
|
||||
"${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable {
|
||||
reverseProxies = [ reverseProxyConfig ];
|
||||
};
|
||||
}
|
||||
// headscaleConfig;
|
||||
in
|
||||
{
|
||||
options.${namespace}.services.headscale = {
|
||||
enable = mkEnableOption "headscale service";
|
||||
|
||||
port = mkOpt types.int 8080 "Port for headscale to be hosted on";
|
||||
|
||||
localAddress = mkOpt types.str "127.0.0.1" "local address of the service";
|
||||
|
||||
dataDir = mkOpt types.str "" "Path to the data dir";
|
||||
|
||||
reverseProxy = mkReverseProxyOpt;
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable fullConfig;
|
||||
}
|
||||
Reference in New Issue
Block a user