{ config, ... }: let ports = import ../Cloud/Ports.nix; domain = "headscale.simatime.com"; in { services.headscale = { enable = true; address = "0.0.0.0"; port = ports.headscale; settings = { dns.base_domain = "simatime.com"; }; }; services.nginx.virtualHosts.${domain} = { forceSSL = true; enableAcme = true; locations."/" = { proxyPass = "http://localhost:${toString ports.headscale}"; proxyWebsockets = true; }; }; environment.systemPackages = [ config.services.headscale.package ]; services.tailscale.enable = true; networking.firewall = { checkReversePath = "loose"; trustedInterfaces = [ "tailscale0" ]; allowedUDPPorts = [ config.services.tailscale.port ]; }; }