oysteikt/nix-dotfiles
oysteikt
/
nix-dotfiles
2
1
Fork 0
Code Issues Pull Requests Activity

tsuki/headscale: conditional config

This commit is contained in:
Oystein Kristoffer Tveit 2024-01-23 05:40:52 +01:00
parent 4d2875d168
commit b8daea8fc1
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
hosts/tsuki/services/headscale.nix
View File

@ -1,11 +1,12 @@
{ config, pkgs, ... }: { config, pkgs, lib, ... }: let
{ cfg = config.services.headscale;
sops.secrets."headscale/oauth2_secret" = rec { in {
sops.secrets."headscale/oauth2_secret" = lib.mkIf cfg.enable rec {
restartUnits = [ "headscale.service" ]; restartUnits = [ "headscale.service" ];
owner = config.services.headscale.user; owner = config.services.headscale.user;
group = config.users.users.${owner}.group; group = config.users.users.${owner}.group;
}; };
sops.secrets."postgres/headscale" = rec { sops.secrets."postgres/headscale" = lib.mkIf cfg.enable rec {
restartUnits = [ "headscale.service" ]; restartUnits = [ "headscale.service" ];
owner = config.services.headscale.user; owner = config.services.headscale.user;
group = config.users.users.${owner}.group; group = config.users.users.${owner}.group;
@ -44,14 +45,14 @@
}; };
}; };
systemd.services.headscale = { systemd.services.headscale = lib.mkIf cfg.enable {
requires = [ requires = [
"postgresql.service" "postgresql.service"
"kanidm.service" "kanidm.service"
]; ];
}; };
services.postgresql = { services.postgresql = lib.mkIf cfg.enable {
enable = true; enable = true;
ensureDatabases = [ "headscale" ]; ensureDatabases = [ "headscale" ];
ensureUsers = [ ensureUsers = [
@ -64,7 +65,7 @@
]; ];
}; };
environment.systemPackages = with pkgs; [ headscale ]; environment.systemPackages = lib.mkIf cfg.enable [ pkgs.headscale ];
services.tailscale.enable = true; services.tailscale.enable = true;