nix-dotfiles/hosts/tsuki/services/headscale.nix

53 lines
1.1 KiB
Nix

{ pkgs, secrets, config, ... }:
{
services.headscale = {
enable = true;
# TODO: make PR
# dataDir = "${config.machineVars.dataDrives.default}/var/headscale";
serverUrl = "https://vpn.nani.wtf";
port = secrets.ports.headscale;
database = {
type = "postgres";
user = "headscale";
name = "headscale";
host = "localhost";
port = secrets.ports.postgres;
passwordFile = "${config.machineVars.dataDrives.default}/keys/postgres/headscale";
};
dns = {
magicDns = true;
nameservers = [
"1.1.1.1"
];
};
settings = {
log.level = "warn";
ip_prefixes = [ "10.8.0.0/24" ];
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ "headscale" ];
ensureUsers = [
(rec {
name = "headscale";
ensurePermissions = {
"DATABASE \"${name}\"" = "ALL PRIVILEGES";
};
})
];
};
environment.systemPackages = with pkgs; [ headscale ];
services.tailscale.enable = true;
networking.firewall.checkReversePath = "loose";
}