summaryrefslogtreecommitdiff
path: root/Biz/Dev/Vpn.nix
blob: 47f9c6e25bf58c2a26d7249271ba769a451fb740 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{ config, ... }:

let
  ports = import ../Cloud/Ports.nix;
  domain = "headscale.simatime.com";
in {
  services.headscale = {
    enable = true;
    address = "0.0.0.0";
    port = ports.headscale;
    settings = { };
  };

  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    enableAcme = true;
    locations."/" = {
      proxyPass = "http://localhost:${toString ports.headscale}";
      proxyWebsockets = true;
    };
  };

  environment.systemPackages = [ config.services.headscale.package ];

  services.tailscale.enable = true;

  networking.firewall = {
    checkReversePath = "loose";
    trustedInterfaces = [ "tailscale0" ];
    allowedUDPPorts = [ config.services.tailscale.port ];
  };

}