diff options
author | Ben Sima <ben@bsima.me> | 2024-11-15 14:55:37 -0500 |
---|---|---|
committer | Ben Sima <ben@bsima.me> | 2024-12-21 10:06:49 -0500 |
commit | 6513755670892983db88a6633b8c1ea6019c03d1 (patch) | |
tree | 44e9eccdb7a3a74ab7e96a8fee7572dd6a78dc73 /Omni/Dev/Vpn.nix | |
parent | ae7b7e0186b5f2e0dcd4d5fac0a71fa264caedc2 (diff) |
Re-namespace some stuff to Omni
I was getting confused about what is a product and what is internal
infrastructure; I think it is good to keep those things separate. So I moved a
bunch of stuff to an Omni namespace, actually most stuff went there. Only things
that are explicitly external products are still in the Biz namespace.
Diffstat (limited to 'Omni/Dev/Vpn.nix')
-rw-r--r-- | Omni/Dev/Vpn.nix | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/Omni/Dev/Vpn.nix b/Omni/Dev/Vpn.nix new file mode 100644 index 0000000..9b791b7 --- /dev/null +++ b/Omni/Dev/Vpn.nix @@ -0,0 +1,33 @@ +{ config, ... }: + +let + ports = import ../Cloud/Ports.nix; + domain = "headscale.simatime.com"; +in { + services.headscale = { + enable = true; + address = "0.0.0.0"; + port = ports.headscale; + settings = { dns.base_domain = "simatime.com"; }; + }; + + services.nginx.virtualHosts.${domain} = { + forceSSL = true; + enableAcme = true; + locations."/" = { + proxyPass = "http://localhost:${toString ports.headscale}"; + proxyWebsockets = true; + }; + }; + + environment.systemPackages = [ config.services.headscale.package ]; + + services.tailscale.enable = true; + + networking.firewall = { + checkReversePath = "loose"; + trustedInterfaces = [ "tailscale0" ]; + allowedUDPPorts = [ config.services.tailscale.port ]; + }; + +} |